Merge pull request #827 from smallstep/x5c-template

Make the X5C leaf certificate available to the templates.
This commit is contained in:
Mariano Cano 2022-02-18 10:19:00 -08:00 committed by GitHub
commit 28af606526
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 2 deletions

View file

@ -139,8 +139,9 @@ func (p *Nebula) AuthorizeSign(ctx context.Context, token string) ([]SignOption,
data.SetToken(v) data.SetToken(v)
} }
// The Nebula certificate will be available using the template variable Crt. // The Nebula certificate will be available using the template variable
// For example {{ .Crt.Details.Groups }} can be used to get all the groups. // AuthorizationCrt. For example {{ .AuthorizationCrt.Details.Groups }} can
// be used to get all the groups.
data.SetAuthorizationCertificate(crt) data.SetAuthorizationCertificate(crt)
templateOptions, err := TemplateOptions(p.Options, data) templateOptions, err := TemplateOptions(p.Options, data)

View file

@ -213,6 +213,11 @@ func (p *X5C) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
data.SetToken(v) data.SetToken(v)
} }
// The X509 certificate will be available using the template variable
// AuthorizationCrt. For example {{ .AuthorizationCrt.DNSNames }} can be
// used to get all the domains.
data.SetAuthorizationCertificate(claims.chains[0][0])
templateOptions, err := TemplateOptions(p.Options, data) templateOptions, err := TemplateOptions(p.Options, data)
if err != nil { if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, "jwk.AuthorizeSign") return nil, errs.Wrap(http.StatusInternalServerError, err, "jwk.AuthorizeSign")
@ -287,6 +292,11 @@ func (p *X5C) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
data.SetToken(v) data.SetToken(v)
} }
// The X509 certificate will be available using the template variable
// AuthorizationCrt. For example {{ .AuthorizationCrt.DNSNames }} can be
// used to get all the domains.
data.SetAuthorizationCertificate(claims.chains[0][0])
templateOptions, err := TemplateSSHOptions(p.Options, data) templateOptions, err := TemplateSSHOptions(p.Options, data)
if err != nil { if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, "x5c.AuthorizeSSHSign") return nil, errs.Wrap(http.StatusInternalServerError, err, "x5c.AuthorizeSSHSign")