Make the X5C leaf certificate available to the templates.
X509 and SSH templates of the X5C provisioner will have now access to the leaf certificate used to sign the token using the template variable .AuthorizationCrt Fixes #433
This commit is contained in:
parent
1d09d14b40
commit
a0cf808393
2 changed files with 12 additions and 1 deletions
|
@ -140,7 +140,8 @@ func (p *Nebula) AuthorizeSign(ctx context.Context, token string) ([]SignOption,
|
||||||
}
|
}
|
||||||
|
|
||||||
// The Nebula certificate will be available using the template variable Crt.
|
// The Nebula certificate will be available using the template variable Crt.
|
||||||
// For example {{ .Crt.Details.Groups }} can be used to get all the groups.
|
// For example {{ .AuthorizationCrt.Details.Groups }} can be used to get all
|
||||||
|
// the groups.
|
||||||
data.SetAuthorizationCertificate(crt)
|
data.SetAuthorizationCertificate(crt)
|
||||||
|
|
||||||
templateOptions, err := TemplateOptions(p.Options, data)
|
templateOptions, err := TemplateOptions(p.Options, data)
|
||||||
|
|
|
@ -213,6 +213,11 @@ func (p *X5C) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
|
||||||
data.SetToken(v)
|
data.SetToken(v)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// The X509 certificate will be available using the template variable Crt.
|
||||||
|
// For example {{ .AuthorizationCrt.DNSNames }} can be used to get all the
|
||||||
|
// domains.
|
||||||
|
data.SetAuthorizationCertificate(claims.chains[0][0])
|
||||||
|
|
||||||
templateOptions, err := TemplateOptions(p.Options, data)
|
templateOptions, err := TemplateOptions(p.Options, data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "jwk.AuthorizeSign")
|
return nil, errs.Wrap(http.StatusInternalServerError, err, "jwk.AuthorizeSign")
|
||||||
|
@ -287,6 +292,11 @@ func (p *X5C) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
||||||
data.SetToken(v)
|
data.SetToken(v)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// The X509 certificate will be available using the template variable Crt.
|
||||||
|
// For example {{ .AuthorizationCrt.DNSNames }} can be used to get all the
|
||||||
|
// domains.
|
||||||
|
data.SetAuthorizationCertificate(claims.chains[0][0])
|
||||||
|
|
||||||
templateOptions, err := TemplateSSHOptions(p.Options, data)
|
templateOptions, err := TemplateSSHOptions(p.Options, data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "x5c.AuthorizeSSHSign")
|
return nil, errs.Wrap(http.StatusInternalServerError, err, "x5c.AuthorizeSSHSign")
|
||||||
|
|
Loading…
Reference in a new issue