weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Manually generate pem from cachain field since the vault api does not expose it

Browse Source 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
This commit is contained in:
Max Ehrlich 2018-09-15 17:06:41 -04:00
parent d63fbbab49
commit 06fb0cefc7
No known key found for this signature in database
GPG Key ID: 439AC62D3C8A495A
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/issuer/vault/issue.go
View File

@ -192,10 +192,10 @@ func (v *Vault) requestVaultCert(commonName string, altNames []string, csr []byt
glog.V(4).Infof("Vault certificate request for commonName %s altNames: %q", commonName, altNames)
parameters := map[string]string{
"common_name": commonName,
"alt_names": strings.Join(altNames, ","),
"ttl": defaultCertificateDuration.String(),
"csr": string(csr),
"common_name": commonName,
"alt_names": strings.Join(altNames, ","),
"ttl": defaultCertificateDuration.String(),
"csr": string(csr),
"exclude_cn_from_sans": "true",
}
@ -231,7 +231,17 @@ func (v *Vault) requestVaultCert(commonName string, altNames []string, csr []byt
return nil, nil, fmt.Errorf("unable to convert certificate bundle to PEM bundle: %s", err.Error())
}
return []byte(bundle.ToPEMBundle()), []byte(bundle.IssuingCA), nil
var caPem []byte = nil
if len(parsedBundle.CAChain) > 0 {
block := pem.Block{
Type: "CERTIFICATE",
}
block.Bytes = parsedBundle.CAChain[0].Bytes
caString := strings.TrimSpace(string(pem.EncodeToMemory(&block)))
caPem = []byte(caString)
}
return []byte(bundle.ToPEMBundle()), caPem, nil
}
func (v *Vault) appRoleRef(appRole *v1alpha1.VaultAppRole) (roleId, secretId string, err error) {