Merge pull request #827 from smallstep/x5c-template

Make the X5C leaf certificate available to the templates.
2 years ago · 28af606526
parent 1d09d14b40 abe951d416
commit 28af606526
2 changed files with 13 additions and 2 deletions
--- a/authority/provisioner/nebula.go
+++ b/authority/provisioner/nebula.go
@ -139,8 +139,9 @@ func (p *Nebula) AuthorizeSign(ctx context.Context, token string) ([]SignOption,
 		data.SetToken(v)
 	}

-	// The Nebula certificate will be available using the template variable Crt.
-	// For example {{ .Crt.Details.Groups }} can be used to get all the groups.
+	// The Nebula certificate will be available using the template variable
+	// AuthorizationCrt. For example {{ .AuthorizationCrt.Details.Groups }} can
+	// be used to get all the groups.
 	data.SetAuthorizationCertificate(crt)

 	templateOptions, err := TemplateOptions(p.Options, data)
--- a/authority/provisioner/x5c.go
+++ b/authority/provisioner/x5c.go
@ -213,6 +213,11 @@ func (p *X5C) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
 		data.SetToken(v)
 	}

+	// The X509 certificate will be available using the template variable
+	// AuthorizationCrt. For example {{ .AuthorizationCrt.DNSNames }} can be
+	// used to get all the domains.
+	data.SetAuthorizationCertificate(claims.chains[0][0])
+
 	templateOptions, err := TemplateOptions(p.Options, data)
 	if err != nil {
 		return nil, errs.Wrap(http.StatusInternalServerError, err, "jwk.AuthorizeSign")
@ -287,6 +292,11 @@ func (p *X5C) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
 		data.SetToken(v)
 	}

+	// The X509 certificate will be available using the template variable
+	// AuthorizationCrt. For example {{ .AuthorizationCrt.DNSNames }} can be
+	// used to get all the domains.
+	data.SetAuthorizationCertificate(claims.chains[0][0])
+
 	templateOptions, err := TemplateSSHOptions(p.Options, data)
 	if err != nil {
 		return nil, errs.Wrap(http.StatusInternalServerError, err, "x5c.AuthorizeSSHSign")