Added ip_sans and alt_names to pki integration #223

Caiyeon · Feb 1, 2018 · 143f6f3 · 143f6f3
1 parent ca3f48b
commit 143f6f3
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 18 deletions.
diff --git a/server/server.go b/server/server.go
@@ -184,12 +184,19 @@ func StartListener(listener config.ListenerConfig, assets *rice.Box) {
 
 	// if loading certificate from vault pki
 	if listener.Pki_cert != nil {
-		c, err := vault.FetchCertificate(
-			listener.Pki_cert.Pki_path,
-			listener.Pki_cert.Common_name,
-			// listener.Pki_cert.Alt_names,
-			// listener.Pki_cert.Ip_sans,
-		)
+		// construct body for pki generation
+		body := map[string]interface{}{
+			"common_name": listener.Pki_cert.Common_name,
+			"format": "pem",
+		}
+		if len(listener.Pki_cert.Alt_names) > 0 {
+			body["alt_names"] = strings.Join(listener.Pki_cert.Alt_names, ",")
+		}
+		if len(listener.Pki_cert.Ip_sans) > 0 {
+			body["ip_sans"] = strings.Join(listener.Pki_cert.Ip_sans, ",")
+		}
+
+		c, err := vault.FetchCertificate(listener.Pki_cert.Pki_path, body)
 		if err != nil {
 			log.Fatalln(err.Error())
 			return
@@ -199,12 +206,7 @@ func StartListener(listener config.ListenerConfig, assets *rice.Box) {
 		certLock.Unlock()
 
 		// start background job to monitor certificate expiry and periodically renew
-		go maintainCertificate(
-			listener.Pki_cert.Pki_path,
-			listener.Pki_cert.Common_name,
-			// listener.Pki_cert.Alt_names,
-			// listener.Pki_cert.Ip_sans,
-		)
+		go maintainCertificate(listener.Pki_cert.Pki_path, body)
 	}
 
 	// configure certificate load function and listen on https

diff --git a/vault/pki.go b/vault/pki.go
@@ -5,19 +5,15 @@ import (
     "errors"
 )
 
-func FetchCertificate(path, url string) (*tls.Certificate, error) {
+func FetchCertificate(path string, body map[string]interface{}) (*tls.Certificate, error) {
     // initialize a client with goldfish's token
     client, err := NewGoldfishVaultClient()
     if err != nil {
         return nil, err
     }
 
     // write to pki role path
-    resp, err := client.Logical().Write(path,
-        map[string]interface{}{
-            "common_name": url,
-            "format":      "pem",
-        })
+    resp, err := client.Logical().Write(path, body)
     if err != nil {
         return nil, err
     }