added ip_san for external IP in to be able to define ip addresses in vault (issue with consul pointing to cname when resolving dns)
This commit is contained in:
parent
8d4e546e3b
commit
b8e974fb9f
@ -62,6 +62,7 @@ This variable defines where to copy the private keys upon renewal. Default to `/
|
||||
renew_vault_certificates_info: # by default, set to:
|
||||
issuer_path: pki/issue/your-issuer
|
||||
common_name: vault01.example.com
|
||||
ip_addr: "192.168.1.1"
|
||||
ttl: 90d
|
||||
include_consul_service: false
|
||||
```
|
||||
|
@ -12,6 +12,7 @@ renew_vault_certificates_key_dest: /opt/vault/tls/key.pem
|
||||
renew_vault_certificates_info:
|
||||
issuer_path: pki/issue/your-issuer
|
||||
common_name: vault01.example.com
|
||||
ip_addr: "192.168.1.1"
|
||||
ttl: 90d
|
||||
include_consul_service: false
|
||||
renew_vault_certificates_consul_service_name: vault.service.consul
|
||||
|
@ -25,8 +25,8 @@ def test_template_files(host):
|
||||
assert file.user == "vault"
|
||||
assert file.group == "vault"
|
||||
assert file.mode == 0o600
|
||||
assert vault_cert_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1" }}\n{{ .Data.certificate }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
|
||||
assert vault_key_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1" }}\n{{ .Data.private_key }}\n{{ end }}\n'
|
||||
assert vault_cert_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1,192.168.1.1" }}\n{{ .Data.certificate }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
|
||||
assert vault_key_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1,192.168.1.1" }}\n{{ .Data.private_key }}\n{{ end }}\n'
|
||||
|
||||
def test_vault_certs_service_file(host):
|
||||
"""Validate vault-certs service file."""
|
||||
|
@ -25,8 +25,8 @@ def test_template_files(host):
|
||||
assert file.user == "vault"
|
||||
assert file.group == "vault"
|
||||
assert file.mode == 0o600
|
||||
assert vault_cert_pem_tpl.content_string == '{{ with secret "pki/issue/vault-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost,vault.service.consul,active.vault.service.consul,standby.vault.service.consul" "ip_sans=127.0.0.1" }}\n{{ .Data.certificate }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
|
||||
assert vault_key_pem_tpl.content_string == '{{ with secret "pki/issue/vault-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost,vault.service.consul,active.vault.service.consul,standby.vault.service.consul" "ip_sans=127.0.0.1" }}\n{{ .Data.private_key }}\n{{ end }}\n'
|
||||
assert vault_cert_pem_tpl.content_string == '{{ with secret "pki/issue/vault-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost,vault.service.consul,active.vault.service.consul,standby.vault.service.consul" "ip_sans=127.0.0.1,192.168.1.1" }}\n{{ .Data.certificate }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
|
||||
assert vault_key_pem_tpl.content_string == '{{ with secret "pki/issue/vault-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost,vault.service.consul,active.vault.service.consul,standby.vault.service.consul" "ip_sans=127.0.0.1,192.168.1.1" }}\n{{ .Data.private_key }}\n{{ end }}\n'
|
||||
|
||||
def test_vault_certs_service_file(host):
|
||||
"""Validate vault-certs service file."""
|
||||
|
@ -1,4 +1,4 @@
|
||||
{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}" "alt_names=localhost{% if renew_vault_certificates_info['include_consul_service'] %},{{ renew_vault_certificates_consul_service_name }},active.{{ renew_vault_certificates_consul_service_name }},standby.{{ renew_vault_certificates_consul_service_name }}{% endif %}" "ip_sans=127.0.0.1"{% raw %} }}{% endraw %}
|
||||
{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}" "alt_names=localhost{% if renew_vault_certificates_info['include_consul_service'] %},{{ renew_vault_certificates_consul_service_name }},active.{{ renew_vault_certificates_consul_service_name }},standby.{{ renew_vault_certificates_consul_service_name }}{% endif %}" "ip_sans=127.0.0.1,{{ renew_vault_certificates_info['ip_addr']}}"{% raw %} }}{% endraw %}
|
||||
|
||||
{% raw %}{{ .Data.certificate }}{% endraw %}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}" "alt_names=localhost{% if renew_vault_certificates_info['include_consul_service'] %},{{ renew_vault_certificates_consul_service_name }},active.{{ renew_vault_certificates_consul_service_name }},standby.{{ renew_vault_certificates_consul_service_name }}{% endif %}" "ip_sans=127.0.0.1"{% raw %} }}{% endraw %}
|
||||
{% raw %}{{ with secret {% endraw %}"{{ renew_vault_certificates_info['issuer_path'] }}" "common_name={{ renew_vault_certificates_info['common_name'] }}" "ttl={{ renew_vault_certificates_info['ttl'] }}" "alt_names=localhost{% if renew_vault_certificates_info['include_consul_service'] %},{{ renew_vault_certificates_consul_service_name }},active.{{ renew_vault_certificates_consul_service_name }},standby.{{ renew_vault_certificates_consul_service_name }}{% endif %}" "ip_sans=127.0.0.1,{{ renew_vault_certificates_info['ip_addr']}}"{% raw %} }}{% endraw %}
|
||||
|
||||
{% raw %}{{ .Data.private_key }}{% endraw %}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user