TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Add token and subject to K8sSA provisioner to be used in custom

Browse source 
templates.
This commit is contained in:
Mariano Cano 2020-07-14 18:39:31 -07:00
parent 71be83b25e
commit cf2989a848
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
authority/provisioner/k8sSA.go
View file

@ -206,13 +206,19 @@ func (p *K8sSA) AuthorizeRevoke(ctx context.Context, token string) error {
// AuthorizeSign validates the given token.
func (p *K8sSA) AuthorizeSign(ctx context.Context, token string) ([]SignOption, error) {
if _, err := p.authorizeToken(token, p.audiences.Sign); err != nil {
claims, err := p.authorizeToken(token, p.audiences.Sign)
if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, "k8ssa.AuthorizeSign")
}
// Add some values to use in custom templates.
data := x509util.NewTemplateData()
data.SetToken(claims)
data.SetCommonName(claims.ServiceAccountName)
// Certificate templates: on K8sSA the default template is the certificate
// request.
templateOptions, err := CustomTemplateOptions(p.Options, x509util.NewTemplateData(), x509util.CertificateRequestTemplate)
templateOptions, err := CustomTemplateOptions(p.Options, data, x509util.CertificateRequestTemplate)
if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, "k8ssa.AuthorizeSign")
}