From 06fb0cefc74256d3ebcacb98bd0a83ac45e083c0 Mon Sep 17 00:00:00 2001 From: Max Ehrlich Date: Sat, 15 Sep 2018 17:06:41 -0400 Subject: [PATCH] Manually generate pem from cachain field since the vault api does not expose it Signed-off-by: Max Ehrlich --- pkg/issuer/vault/issue.go | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/pkg/issuer/vault/issue.go b/pkg/issuer/vault/issue.go index 2c2f11002..e8d3448fb 100644 --- a/pkg/issuer/vault/issue.go +++ b/pkg/issuer/vault/issue.go @@ -192,10 +192,10 @@ func (v *Vault) requestVaultCert(commonName string, altNames []string, csr []byt glog.V(4).Infof("Vault certificate request for commonName %s altNames: %q", commonName, altNames) parameters := map[string]string{ - "common_name": commonName, - "alt_names": strings.Join(altNames, ","), - "ttl": defaultCertificateDuration.String(), - "csr": string(csr), + "common_name": commonName, + "alt_names": strings.Join(altNames, ","), + "ttl": defaultCertificateDuration.String(), + "csr": string(csr), "exclude_cn_from_sans": "true", } @@ -231,7 +231,17 @@ func (v *Vault) requestVaultCert(commonName string, altNames []string, csr []byt return nil, nil, fmt.Errorf("unable to convert certificate bundle to PEM bundle: %s", err.Error()) } - return []byte(bundle.ToPEMBundle()), []byte(bundle.IssuingCA), nil + var caPem []byte = nil + if len(parsedBundle.CAChain) > 0 { + block := pem.Block{ + Type: "CERTIFICATE", + } + block.Bytes = parsedBundle.CAChain[0].Bytes + caString := strings.TrimSpace(string(pem.EncodeToMemory(&block))) + caPem = []byte(caString) + } + + return []byte(bundle.ToPEMBundle()), caPem, nil } func (v *Vault) appRoleRef(appRole *v1alpha1.VaultAppRole) (roleId, secretId string, err error) {