fix: minus d on Ed
This commit is contained in:
Ahmet DEMIR
parent
d957a57e24
commit
8ef3abf6d9
2 changed files with 8 additions and 8 deletions
|
|
@ -29,7 +29,7 @@ type VaultOptions struct {
|
||||||
PKIRole string `json:"pkiRole,omitempty"`
|
PKIRole string `json:"pkiRole,omitempty"`
|
||||||
PKIRoleRSA string `json:"pkiRoleRSA,omitempty"`
|
PKIRoleRSA string `json:"pkiRoleRSA,omitempty"`
|
||||||
PKIRoleEC string `json:"pkiRoleEC,omitempty"`
|
PKIRoleEC string `json:"pkiRoleEC,omitempty"`
|
||||||
PKIRoleED25519 string `json:"PKIRoleED25519,omitempty"`
|
PKIRoleEd25519 string `json:"PKIRoleEd25519,omitempty"`
|
||||||
RoleID string `json:"roleID,omitempty"`
|
RoleID string `json:"roleID,omitempty"`
|
||||||
SecretID auth.SecretID `json:"secretID,omitempty"`
|
SecretID auth.SecretID `json:"secretID,omitempty"`
|
||||||
AppRole string `json:"appRole,omitempty"`
|
AppRole string `json:"appRole,omitempty"`
|
||||||
|
|
@ -54,13 +54,13 @@ func loadOptions(config json.RawMessage) (vc VaultOptions, err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// pkirole or per key type must be defined
|
// pkirole or per key type must be defined
|
||||||
if vc.PKIRole == "" && vc.PKIRoleRSA == "" && vc.PKIRoleEC == "" && vc.PKIRoleED25519 == "" {
|
if vc.PKIRole == "" && vc.PKIRoleRSA == "" && vc.PKIRoleEC == "" && vc.PKIRoleEd25519 == "" {
|
||||||
return vc, errors.New("vaultCAS config options must define `pkiRole`")
|
return vc, errors.New("vaultCAS config options must define `pkiRole`")
|
||||||
}
|
}
|
||||||
|
|
||||||
// if pkirole is empty all others keys must be set
|
// if pkirole is empty all others keys must be set
|
||||||
if vc.PKIRole == "" && (vc.PKIRoleRSA == "" || vc.PKIRoleEC == "" || vc.PKIRoleED25519 == "") {
|
if vc.PKIRole == "" && (vc.PKIRoleRSA == "" || vc.PKIRoleEC == "" || vc.PKIRoleEd25519 == "") {
|
||||||
return vc, errors.New("vaultCAS config options must include a `pkiRole` or `pkiRoleRSA`, `pkiRoleEC` and `pkiRoleEd25519`")
|
return vc, errors.New("vaultCAS config options must include a `pkiRole` or `pkiRoleRSA`, `pkiRoleEC` and `PKIRoleEd25519`")
|
||||||
}
|
}
|
||||||
|
|
||||||
// if pkirole is not empty, use it as default for unset keys
|
// if pkirole is not empty, use it as default for unset keys
|
||||||
|
|
@ -71,8 +71,8 @@ func loadOptions(config json.RawMessage) (vc VaultOptions, err error) {
|
||||||
if vc.PKIRoleEC == "" {
|
if vc.PKIRoleEC == "" {
|
||||||
vc.PKIRoleEC = vc.PKIRole
|
vc.PKIRoleEC = vc.PKIRole
|
||||||
}
|
}
|
||||||
if vc.PKIRoleED25519 == "" {
|
if vc.PKIRoleEd25519 == "" {
|
||||||
vc.PKIRoleED25519 = vc.PKIRole
|
vc.PKIRoleEd25519 = vc.PKIRole
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -144,7 +144,7 @@ func (v *VaultCAS) createCertificate(cr *x509.CertificateRequest, lifetime time.
|
||||||
case csr.PublicKeyAlgorithm == x509.ECDSA:
|
case csr.PublicKeyAlgorithm == x509.ECDSA:
|
||||||
vaultPKIRole = v.config.PKIRoleEC
|
vaultPKIRole = v.config.PKIRoleEC
|
||||||
case csr.PublicKeyAlgorithm == x509.Ed25519:
|
case csr.PublicKeyAlgorithm == x509.Ed25519:
|
||||||
vaultPKIRole = v.config.PKIRoleED25519
|
vaultPKIRole = v.config.PKIRoleEd25519
|
||||||
default:
|
default:
|
||||||
return nil, nil, errors.Errorf("createCertificate: Unsupported public key algorithm '%v'", csr.PublicKeyAlgorithm)
|
return nil, nil, errors.Errorf("createCertificate: Unsupported public key algorithm '%v'", csr.PublicKeyAlgorithm)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -172,7 +172,7 @@ func TestVaultCAS_CreateCertificate(t *testing.T) {
|
||||||
PKIRole: "role",
|
PKIRole: "role",
|
||||||
PKIRoleRSA: "rsa",
|
PKIRoleRSA: "rsa",
|
||||||
PKIRoleEC: "ec",
|
PKIRoleEC: "ec",
|
||||||
PKIRoleED25519: "ed25519",
|
PKIRoleEd25519: "ed25519",
|
||||||
RoleID: "roleID",
|
RoleID: "roleID",
|
||||||
SecretID: auth.SecretID{FromString: "secretID"},
|
SecretID: auth.SecretID{FromString: "secretID"},
|
||||||
AppRole: "approle",
|
AppRole: "approle",
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue