mirror of https://github.com/hashicorp/consul
agent/consul: set more fields on the issued cert
parent
c2588262b7
commit
1c72639d60
|
@ -172,6 +172,10 @@ func (s *ConnectCA) Sign(
|
||||||
*reply = structs.IssuedCert{
|
*reply = structs.IssuedCert{
|
||||||
SerialNumber: template.SerialNumber,
|
SerialNumber: template.SerialNumber,
|
||||||
CertPEM: buf.String(),
|
CertPEM: buf.String(),
|
||||||
|
Service: serviceId.Service,
|
||||||
|
ServiceURI: template.URIs[0].String(),
|
||||||
|
ValidAfter: template.NotBefore,
|
||||||
|
ValidBefore: template.NotAfter,
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -76,9 +76,11 @@ func TestConnectCASign(t *testing.T) {
|
||||||
assert.Nil(err)
|
assert.Nil(err)
|
||||||
|
|
||||||
// Generate a CSR and request signing
|
// Generate a CSR and request signing
|
||||||
|
spiffeId := connect.TestSpiffeIDService(t, "web")
|
||||||
|
csr, _ := connect.TestCSR(t, spiffeId)
|
||||||
args := &structs.CASignRequest{
|
args := &structs.CASignRequest{
|
||||||
Datacenter: "dc01",
|
Datacenter: "dc01",
|
||||||
CSR: connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")),
|
CSR: csr,
|
||||||
}
|
}
|
||||||
var reply structs.IssuedCert
|
var reply structs.IssuedCert
|
||||||
assert.Nil(msgpackrpc.CallWithCodec(codec, "ConnectCA.Sign", args, &reply))
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "ConnectCA.Sign", args, &reply))
|
||||||
|
@ -86,10 +88,14 @@ func TestConnectCASign(t *testing.T) {
|
||||||
// Verify that the cert is signed by the CA
|
// Verify that the cert is signed by the CA
|
||||||
roots := x509.NewCertPool()
|
roots := x509.NewCertPool()
|
||||||
assert.True(roots.AppendCertsFromPEM([]byte(ca.RootCert)))
|
assert.True(roots.AppendCertsFromPEM([]byte(ca.RootCert)))
|
||||||
leaf, err := connect.ParseCert(reply.Cert)
|
leaf, err := connect.ParseCert(reply.CertPEM)
|
||||||
assert.Nil(err)
|
assert.Nil(err)
|
||||||
_, err = leaf.Verify(x509.VerifyOptions{
|
_, err = leaf.Verify(x509.VerifyOptions{
|
||||||
Roots: roots,
|
Roots: roots,
|
||||||
})
|
})
|
||||||
assert.Nil(err)
|
assert.Nil(err)
|
||||||
|
|
||||||
|
// Verify other fields
|
||||||
|
assert.Equal("web", reply.Service)
|
||||||
|
assert.Equal(spiffeId.URI().String(), reply.ServiceURI)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue