Add CR subject as iid default subject.

Add a minimal subject with just a common name to iid provisioners
in case we want to use it.
This commit is contained in:
Mariano Cano 2020-07-13 16:09:40 -07:00
parent e60ea419cc
commit eb8886d828
3 changed files with 5 additions and 3 deletions

View file

@ -290,14 +290,15 @@ func (p *AWS) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
var so []SignOption
if p.DisableCustomSANs {
dnsName := fmt.Sprintf("ip-%s.%s.compute.internal", strings.Replace(doc.PrivateIP, ".", "-", -1), doc.Region)
data.SetSANs([]string{dnsName, doc.PrivateIP})
so = append(so, dnsNamesValidator([]string{dnsName}))
so = append(so, ipAddressesValidator([]net.IP{
net.ParseIP(doc.PrivateIP),
}))
so = append(so, emailAddressesValidator(nil))
so = append(so, urisValidator(nil))
// Template options
data.SetSANs([]string{dnsName, doc.PrivateIP})
}
templateOptions, err := CustomTemplateOptions(p.Options, data, x509util.DefaultIIDLeafTemplate)

View file

@ -221,6 +221,7 @@ func (p *GCP) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
// Template options
data := x509util.NewTemplateData()
data.SetToken(claims)
data.SetCommonName(ce.InstanceName)
// Enforce known common name and default DNS if configured.
// By default we we'll accept the CN and SANs in the CSR.

View file

@ -78,7 +78,7 @@ const DefaultLeafTemplate = `{
// The keyUsage "keyEncipherment" is special and it will be only used for RSA
// keys.
const DefaultIIDLeafTemplate = `{
"subject": {{ toJson .Subject }},
"subject": {{ toJson .CR.Subject }},
{{- if .SANs }}
"sans": {{ toJson .SANs }},
{{- else }}