github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

construct a common name for each CSR

pull/6413/head
tradel 2019-08-27 14:12:56 -07:00
parent 672e181399
commit 7f36a5b676
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
agent/cache-types/connect_ca_leaf.go
View File

@ -503,6 +503,7 @@ func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest,
// Build the cert uri // Build the cert uri
var id connect.CertURI var id connect.CertURI
var commonName string
if req.Service != "" { if req.Service != "" {
id = &connect.SpiffeIDService{ id = &connect.SpiffeIDService{
Host: roots.TrustDomain, Host: roots.TrustDomain,
@ -510,12 +511,14 @@ func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest,
Namespace: "default", Namespace: "default",
Service: req.Service, Service: req.Service,
} }
commonName = fmt.Sprintf("%s.%s.service.%s.%s.%s", req.NodeName, req.ServiceID, roots.TrustDomain[:8], req.Datacenter, req.Domain)
} else if req.Agent != "" { } else if req.Agent != "" {
id = &connect.SpiffeIDAgent{ id = &connect.SpiffeIDAgent{
Host: roots.TrustDomain, Host: roots.TrustDomain,
Datacenter: req.Datacenter, Datacenter: req.Datacenter,
Agent: req.Agent, Agent: req.Agent,
} }
commonName = fmt.Sprintf("%s.agent.%s.%s.%s", req.NodeName, roots.TrustDomain[:8], req.Datacenter, req.Domain)
} else { } else {
return result, errors.New("URI must be either service or agent") return result, errors.New("URI must be either service or agent")
} }
@ -527,7 +530,7 @@ func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest,
} }
// Create a CSR. // Create a CSR.
csr, err := connect.CreateCSR(id, pk) csr, err := connect.CreateCSR(id, commonName, pk)
if err != nil { if err != nil {
return result, err return result, err
} }
@ -616,8 +619,11 @@ func (c *ConnectCALeaf) SupportsBlocking() bool {
type ConnectCALeafRequest struct { type ConnectCALeafRequest struct {
Token string Token string
Datacenter string Datacenter string
Domain string
Service string // Service name, not ID Service string // Service name, not ID
ServiceID string
Agent string // Agent name, not ID Agent string // Agent name, not ID
NodeName string
MinQueryIndex uint64 MinQueryIndex uint64
MaxQueryTime time.Duration MaxQueryTime time.Duration
} }