feat: ca extra certs
This commit is contained in:
Mikaël Cluseau
@ -117,7 +117,12 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
s = string(ca.Cert)
|
extra, err := caExtraCerts(cluster, name)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
s = string(ca.Cert) + extra
|
||||||
return
|
return
|
||||||
},
|
},
|
||||||
|
|
||||||
@ -127,13 +132,18 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
extra, err := caExtraCerts(cluster, name)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
dir := "/etc/tls-ca/" + name
|
dir := "/etc/tls-ca/" + name
|
||||||
|
|
||||||
return asYaml([]config.FileDef{
|
return asYaml([]config.FileDef{
|
||||||
{
|
{
|
||||||
Path: path.Join(dir, "ca.crt"),
|
Path: path.Join(dir, "ca.crt"),
|
||||||
Mode: 0644,
|
Mode: 0644,
|
||||||
Content: string(ca.Cert),
|
Content: string(ca.Cert) + extra,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Path: path.Join(dir, "ca.key"),
|
Path: path.Join(dir, "ca.key"),
|
||||||
|
|||||||
@ -79,6 +79,17 @@ func getUsableClusterCA(cluster, name string) (ca CA, err error) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func caExtraCerts(cluster, name string) (extra string, err error) {
|
||||||
|
cfg, err := readConfig()
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if cfg.ExtraCaCerts != nil {
|
||||||
|
extra = cfg.ExtraCaCerts[cluster+"/"+name]
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
var clusterCASignedKeys = newClusterSecretKV[KeyCert]("CA-signed-keys")
|
var clusterCASignedKeys = newClusterSecretKV[KeyCert]("CA-signed-keys")
|
||||||
|
|
||||||
func wsClusterCASignedKeys(req *restful.Request, resp *restful.Response) {
|
func wsClusterCASignedKeys(req *restful.Request, resp *restful.Response) {
|
||||||
|
|||||||
2
go.mod
2
go.mod
@ -25,7 +25,7 @@ require (
|
|||||||
gopkg.in/yaml.v2 v2.4.0
|
gopkg.in/yaml.v2 v2.4.0
|
||||||
k8s.io/apimachinery v0.33.2
|
k8s.io/apimachinery v0.33.2
|
||||||
m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766
|
m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766
|
||||||
novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd
|
novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51
|
||||||
)
|
)
|
||||||
|
|
||||||
replace github.com/zmap/zlint/v3 => github.com/zmap/zlint/v3 v3.3.1
|
replace github.com/zmap/zlint/v3 => github.com/zmap/zlint/v3 v3.3.1
|
||||||
|
|||||||
2
go.sum
2
go.sum
@ -348,3 +348,5 @@ m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766 h1:JRzMBDbUwrTTGDJaJSH0ap4vRL
|
|||||||
m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766/go.mod h1:BMv3aOSYpupuiiG3Ch3ND88aB5CfAks3YZuRLE8j1ls=
|
m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766/go.mod h1:BMv3aOSYpupuiiG3Ch3ND88aB5CfAks3YZuRLE8j1ls=
|
||||||
novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd h1:proGf8Cid9tzJzoRbqQHGGpZZKTpUDFwOREbjYrCbkM=
|
novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd h1:proGf8Cid9tzJzoRbqQHGGpZZKTpUDFwOREbjYrCbkM=
|
||||||
novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
|
novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
|
||||||
|
novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51 h1:NBcpvWcTBMzFos0pkuLsbVCQ+mHf8KqNOdVywMX6FFk=
|
||||||
|
novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
|
||||||
|
|||||||
Reference in New Issue
Block a user