Skip to content

Commit

Permalink
Extracting ip_sans and alt_names code intohelper functions.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jmurret
jmurret committed Feb 8, 2022
1 parent 81352ee commit ce5486a
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 7 deletions.
14 changes: 11 additions & 3 deletions charts/consul/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,23 +32,31 @@ as well as the global.name setting.
{{- define "consul.serverTLSCertTemplate" -}}
|
{{ "{{" }}- with secret "{{ .Values.server.serverCert.secretName }}" "{{ printf "common_name=server.%s.%s" .Values.global.datacenter .Values.global.domain }}"
"ttl=1h" "alt_names={{ include "consul.serverTLSAltNames" . }}{{- if .Values.server.tls -}}{{- if .Values.server.tls.serverAdditionalDNSSANs -}}{{- range $san := .Values.server.tls.serverAdditionalDNSSANs }},{{ $san }} {{- end -}}{{- end -}}{{- end -}}" "ip_sans=127.0.0.1{{- if .Values.server.tls -}}{{- if .Values.server.tls.serverAdditionalIPSANs -}}{{- range $ipsan := .Values.server.tls.serverAdditionalIPSANs }},{{ $ipsan }} {{- end -}}{{- end -}}{{- end -}}" -{{ "}}" }}
"ttl=1h" "alt_names={{ include "consul.serverTLSAltNames" . }}" "ip_sans=127.0.0.1{{ include "consul.serverAdditionalIPSANs" . }}" -{{ "}}" }}
{{ "{{" }}- .Data.certificate -{{ "}}" }}
{{ "{{" }}- end -{{ "}}" }}
{{- end -}}

{{- define "consul.serverTLSKeyTemplate" -}}
|
{{ "{{" }}- with secret "{{ .Values.server.serverCert.secretName }}" "{{ printf "common_name=server.%s.%s" .Values.global.datacenter .Values.global.domain }}"
"ttl=1h" "alt_names={{ include "consul.serverTLSAltNames" . }}{{- if .Values.server.tls -}}{{- if .Values.server.tls.serverAdditionalDNSSANs -}}{{- range $san := .Values.server.tls.serverAdditionalDNSSANs }},{{ $san }} {{- end -}}{{- end -}}{{- end -}}" "ip_sans=127.0.0.1{{- if .Values.server.tls -}}{{- if .Values.server.tls.serverAdditionalIPSANs -}}{{- range $ipsan := .Values.server.tls.serverAdditionalIPSANs }},{{ $ipsan }} {{- end -}}{{- end -}}{{- end -}}" -{{ "}}" }}
"ttl=1h" "alt_names={{ include "consul.serverTLSAltNames" . }}" "ip_sans=127.0.0.1{{ include "consul.serverAdditionalIPSANs" . }}" -{{ "}}" }}
{{ "{{" }}- .Data.private_key -{{ "}}" }}
{{ "{{" }}- end -{{ "}}" }}
{{- end -}}

{{- define "consul.serverTLSAltNames" -}}
{{- $name := include "consul.fullname" . -}}
{{- $ns := .Release.Namespace -}}
{{ printf "localhost,%s-server,*.%s-server,*.%s-server.%s,*.%s-server.%s.svc,*.server.%s.%s" $name $name $name $ns $name $ns (.Values.global.datacenter ) (.Values.global.domain) }}
{{ printf "localhost,%s-server,*.%s-server,*.%s-server.%s,*.%s-server.%s.svc,*.server.%s.%s" $name $name $name $ns $name $ns (.Values.global.datacenter ) (.Values.global.domain) }}{{ include "consul.serverAdditionalDNSSANs" . }}
{{- end -}}

{{- define "consul.serverAdditionalDNSSANs" -}}
{{- if .Values.global.tls -}}{{- if .Values.global.tls.serverAdditionalDNSSANs -}}{{- range $san := .Values.global.tls.serverAdditionalDNSSANs }},{{ $san }} {{- end -}}{{- end -}}{{- end -}}
{{- end -}}

{{- define "consul.serverAdditionalIPSANs" -}}
{{- if .Values.global.tls -}}{{- if .Values.global.tls.serverAdditionalIPSANs -}}{{- range $ipsan := .Values.global.tls.serverAdditionalIPSANs }},{{ $ipsan }} {{- end -}}{{- end -}}{{- end -}}
{{- end -}}

{{/*
Expand Down
8 changes: 4 additions & 4 deletions charts/consul/test/unit/server-statefulset.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1799,8 +1799,8 @@ load _helpers
--set 'global.secretsBackend.vault.consulCARole=test' \
--set 'global.tls.caCert.secretName=pki_int/cert/ca' \
--set 'server.serverCert.secretName=pki_int/issue/test' \
--set 'server.tls.serverAdditionalDNSSANs[0]=*.foo.com' \
--set 'server.tls.serverAdditionalDNSSANs[1]=*.bar.com' \
--set 'global.tls.serverAdditionalDNSSANs[0]=*.foo.com' \
--set 'global.tls.serverAdditionalDNSSANs[1]=*.bar.com' \
. | tee /dev/stderr |
yq -r '.spec.template' | tee /dev/stderr)

Expand Down Expand Up @@ -1828,8 +1828,8 @@ load _helpers
--set 'global.secretsBackend.vault.consulCARole=test' \
--set 'global.tls.caCert.secretName=pki_int/cert/ca' \
--set 'server.serverCert.secretName=pki_int/issue/test' \
--set 'server.tls.serverAdditionalIPSANs[0]=1.1.1.1' \
--set 'server.tls.serverAdditionalIPSANs[1]=2.2.2.2' \
--set 'global.tls.serverAdditionalIPSANs[0]=1.1.1.1' \
--set 'global.tls.serverAdditionalIPSANs[1]=2.2.2.2' \
. | tee /dev/stderr |
yq -r '.spec.template' | tee /dev/stderr)

Expand Down

0 comments on commit ce5486a

Please sign in to comment.