Add support of ssh host certinficates in AWS provisioner.

This commit is contained in:
Mariano Cano 2019-07-29 17:54:38 -07:00
parent 7583f1c739
commit 7d670b20ea

View file

@ -441,5 +441,27 @@ func (p *AWS) authorizeToken(token string) (*awsPayload, error) {
// authorizeSSHSign returns the list of SignOption for a SignSSH request. // authorizeSSHSign returns the list of SignOption for a SignSSH request.
func (p *AWS) authorizeSSHSign(claims *awsPayload) ([]SignOption, error) { func (p *AWS) authorizeSSHSign(claims *awsPayload) ([]SignOption, error) {
return nil, nil doc := claims.document
signOptions := []SignOption{
// set the key id to the token subject
sshCertificateKeyIDModifier(claims.Subject),
}
signOptions = append(signOptions, &sshCertificateOptionsValidator{&SSHOptions{
CertType: SSHHostCert,
Principals: []string{
doc.PrivateIP,
fmt.Sprintf("ip-%s.%s.compute.internal", strings.Replace(doc.PrivateIP, ".", "-", -1), doc.Region),
},
}})
return append(signOptions,
// set the default extensions
&sshDefaultExtensionModifier{},
// checks the validity bounds, and set the validity if has not been set
&sshCertificateValidityModifier{p.claimer},
// require all the fields in the SSH certificate
&sshCertificateDefaultValidator{},
), nil
} }