mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 21:35:52 +00:00
a2876453a5
As part of this change, we ensure that the SAN extensions are marked as critical when the subject is empty so that AWS PCA tolerates the loss of common names well and continues to function as a Connect CA provider. Parts of this currently hack around a bug in crypto/x509 and can be removed after https://go-review.googlesource.com/c/go/+/329129 lands in a Go release. Note: the AWS PCA tests do not run automatically, but the following passed locally for me: ENABLE_AWS_PCA_TESTS=1 go test ./agent/connect/ca -run TestAWS
25 lines
506 B
Go
25 lines
506 B
Go
package connect
|
|
|
|
import (
|
|
"fmt"
|
|
"net/url"
|
|
)
|
|
|
|
// SpiffeIDService is the structure to represent the SPIFFE ID for a service.
|
|
type SpiffeIDService struct {
|
|
Host string
|
|
Namespace string
|
|
Datacenter string
|
|
Service string
|
|
}
|
|
|
|
// URI returns the *url.URL for this SPIFFE ID.
|
|
func (id *SpiffeIDService) URI() *url.URL {
|
|
var result url.URL
|
|
result.Scheme = "spiffe"
|
|
result.Host = id.Host
|
|
result.Path = fmt.Sprintf("/ns/%s/dc/%s/svc/%s",
|
|
id.Namespace, id.Datacenter, id.Service)
|
|
return &result
|
|
}
|