agent/consul: set more fields on the issued cert

This commit is contained in:
Mitchell Hashimoto 2018-03-21 11:00:46 -07:00
parent c2588262b7
commit 1c72639d60
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A
2 changed files with 12 additions and 2 deletions

View File

@ -172,6 +172,10 @@ func (s *ConnectCA) Sign(
*reply = structs.IssuedCert{ *reply = structs.IssuedCert{
SerialNumber: template.SerialNumber, SerialNumber: template.SerialNumber,
CertPEM: buf.String(), CertPEM: buf.String(),
Service: serviceId.Service,
ServiceURI: template.URIs[0].String(),
ValidAfter: template.NotBefore,
ValidBefore: template.NotAfter,
} }
return nil return nil

View File

@ -76,9 +76,11 @@ func TestConnectCASign(t *testing.T) {
assert.Nil(err) assert.Nil(err)
// Generate a CSR and request signing // Generate a CSR and request signing
spiffeId := connect.TestSpiffeIDService(t, "web")
csr, _ := connect.TestCSR(t, spiffeId)
args := &structs.CASignRequest{ args := &structs.CASignRequest{
Datacenter: "dc01", Datacenter: "dc01",
CSR: connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")), CSR: csr,
} }
var reply structs.IssuedCert var reply structs.IssuedCert
assert.Nil(msgpackrpc.CallWithCodec(codec, "ConnectCA.Sign", args, &reply)) assert.Nil(msgpackrpc.CallWithCodec(codec, "ConnectCA.Sign", args, &reply))
@ -86,10 +88,14 @@ func TestConnectCASign(t *testing.T) {
// Verify that the cert is signed by the CA // Verify that the cert is signed by the CA
roots := x509.NewCertPool() roots := x509.NewCertPool()
assert.True(roots.AppendCertsFromPEM([]byte(ca.RootCert))) assert.True(roots.AppendCertsFromPEM([]byte(ca.RootCert)))
leaf, err := connect.ParseCert(reply.Cert) leaf, err := connect.ParseCert(reply.CertPEM)
assert.Nil(err) assert.Nil(err)
_, err = leaf.Verify(x509.VerifyOptions{ _, err = leaf.Verify(x509.VerifyOptions{
Roots: roots, Roots: roots,
}) })
assert.Nil(err) assert.Nil(err)
// Verify other fields
assert.Equal("web", reply.Service)
assert.Equal(spiffeId.URI().String(), reply.ServiceURI)
} }