Merge pull request #682 from smallstep/helm-ssh

Fix ssh in helm chart values
2021-08-26 11:22:49 -07:00 · 2021-08-26 11:22:49 -07:00 · 8acce7b092
commit 8acce7b092
parent c43d0362a4 8cb62b6d67
2 changed files with 17 additions and 8 deletions
--- a/pki/helm.go
+++ b/pki/helm.go
@ -16,9 +16,7 @@ type helmVariables struct {
 	*linkedca.Configuration
 	Defaults     *linkedca.Defaults
 	Password     string
-	SSH      struct {
-		Enabled bool
-	}
+	EnableSSH    bool
 	TLS          authconfig.TLSOptions
 	Provisioners []provisioner.Interface
 }
@ -48,6 +46,7 @@ func (p *PKI) WriteHelmTemplate(w io.Writer) error {
 		Configuration: &p.Configuration,
 		Defaults:      &p.Defaults,
 		Password:      "",
+		EnableSSH:     p.options.enableSSH,
 		TLS:           authconfig.DefaultTLSOptions,
 		Provisioners:  provisioners,
 	}); err != nil {
@ -67,7 +66,7 @@ inject:
        federateRoots: []
        crt: {{ .Intermediate }}
        key: {{ .IntermediateKey }}
-        {{- if .SSH.Enabled }}
+        {{- if .EnableSSH }}
        ssh:
          hostKey: {{ .Ssh.HostKey }}
          userKey: {{ .Ssh.UserKey }}
--- a/pki/pki.go
+++ b/pki/pki.go
@ -408,6 +408,15 @@ func (p *PKI) GenerateKeyPairs(pass []byte) error {
 		return err
 	}

+	var claims *linkedca.Claims
+	if p.options.enableSSH {
+		claims = &linkedca.Claims{
+			Ssh: &linkedca.SSHClaims{
+				Enabled: true,
+			},
+		}
+	}
+
 	// Add JWK provisioner to the configuration.
 	publicKey, err := json.Marshal(p.ottPublicKey)
 	if err != nil {
@ -420,6 +429,7 @@ func (p *PKI) GenerateKeyPairs(pass []byte) error {
 	p.Authority.Provisioners = append(p.Authority.Provisioners, &linkedca.Provisioner{
 		Type:   linkedca.Provisioner_JWK,
 		Name:   p.options.provisioner,
+		Claims: claims,
 		Details: &linkedca.ProvisionerDetails{
 			Data: &linkedca.ProvisionerDetails_JWK{
 				JWK: &linkedca.JWKProvisioner{