From da9f0b09af2c54cf18a7bb6220c63d868261011a Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 8 Sep 2020 13:59:22 -0700 Subject: [PATCH] Ignore `null` string for x509 and ssh templateData. --- authority/provisioner/options.go | 2 +- authority/provisioner/options_test.go | 7 +++++++ authority/provisioner/ssh_options.go | 6 +++--- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/authority/provisioner/options.go b/authority/provisioner/options.go index 593a38d9..100aa588 100644 --- a/authority/provisioner/options.go +++ b/authority/provisioner/options.go @@ -83,7 +83,7 @@ func CustomTemplateOptions(o *Options, data x509util.TemplateData, defaultTempla if opts != nil { // Add template data if any. - if len(opts.TemplateData) > 0 { + if len(opts.TemplateData) > 0 && string(opts.TemplateData) != "null" { if err := json.Unmarshal(opts.TemplateData, &data); err != nil { return nil, errors.Wrap(err, "error unmarshaling template data") } diff --git a/authority/provisioner/options_test.go b/authority/provisioner/options_test.go index c922801c..ced9626f 100644 --- a/authority/provisioner/options_test.go +++ b/authority/provisioner/options_test.go @@ -220,6 +220,13 @@ func TestCustomTemplateOptions(t *testing.T) { {"okBadUserOptions", args{&Options{X509: &X509Options{Template: `{"foo": "{{.Insecure.User.foo}}"}`}}, data, x509util.DefaultLeafTemplate, SignOptions{TemplateData: []byte(`{"badJSON"}`)}}, x509util.Options{ CertBuffer: bytes.NewBufferString(`{"foo": ""}`), }, false}, + {"okNullTemplateData", args{&Options{X509: &X509Options{TemplateData: []byte(`null`)}}, data, x509util.DefaultLeafTemplate, SignOptions{}}, x509util.Options{ + CertBuffer: bytes.NewBufferString(`{ + "subject": {"commonName":"foobar"}, + "sans": [{"type":"dns","value":"foo.com"}], + "keyUsage": ["digitalSignature"], + "extKeyUsage": ["serverAuth", "clientAuth"] +}`)}, false}, {"fail", args{&Options{X509: &X509Options{TemplateData: []byte(`{"badJSON`)}}, data, x509util.DefaultLeafTemplate, SignOptions{}}, x509util.Options{}, true}, {"failTemplateData", args{&Options{X509: &X509Options{TemplateData: []byte(`{"badJSON}`)}}, data, x509util.DefaultLeafTemplate, SignOptions{}}, x509util.Options{}, true}, } diff --git a/authority/provisioner/ssh_options.go b/authority/provisioner/ssh_options.go index 8ec21942..7ee236d1 100644 --- a/authority/provisioner/ssh_options.go +++ b/authority/provisioner/ssh_options.go @@ -40,7 +40,7 @@ func (o *SSHOptions) HasTemplate() bool { return o != nil && (o.Template != "" || o.TemplateFile != "") } -// SSHTemplateOptions generates a SSHCertificateOptions with the template and +// TemplateSSHOptions generates a SSHCertificateOptions with the template and // data defined in the ProvisionerOptions, the provisioner generated data, and // the user data provided in the request. If no template has been provided, // x509util.DefaultLeafTemplate will be used. @@ -48,7 +48,7 @@ func TemplateSSHOptions(o *Options, data sshutil.TemplateData) (SSHCertificateOp return CustomSSHTemplateOptions(o, data, sshutil.DefaultTemplate) } -// CustomTemplateOptions generates a CertificateOptions with the template, data +// CustomSSHTemplateOptions generates a CertificateOptions with the template, data // defined in the ProvisionerOptions, the provisioner generated data and the // user data provided in the request. If no template has been provided in the // ProvisionerOptions, the given template will be used. @@ -60,7 +60,7 @@ func CustomSSHTemplateOptions(o *Options, data sshutil.TemplateData, defaultTemp if opts != nil { // Add template data if any. - if len(opts.TemplateData) > 0 { + if len(opts.TemplateData) > 0 && string(opts.TemplateData) != "null" { if err := json.Unmarshal(opts.TemplateData, &data); err != nil { return nil, errors.Wrap(err, "error unmarshaling template data") }