openstack/openstack-helm-infra
Code Issues Proposed changes

TLS: Ensure CN is included in list of DNS alt names

Browse Source 
This PS udpates the TLS cert gen function to ensure the CN is
included in the list of DNS alt names within the cert.

Change-Id: Iaec9207e61884972d49dee84af24d4827d914afb
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Pete Birley 2018-09-04 14:44:48 -05:00 committed by Tin Lam
parent 201c0a6d21
commit cb20c317ae
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helm-toolkit/templates/tls/_tls_generate_certs.tpl
View File

@ -64,7 +64,7 @@ return: |
{{- $ca := buildCustomCert ($params.ca.crt | b64enc ) ($params.ca.key | b64enc ) }}
{{- $expDate := date_in_zone "2006-01-02T15:04:05Z07:00" ( date_modify (printf "+%sh" (mul $params.life 24 |toString)) now ) "UTC" }}
{{- $rawCert := genSignedCert (first $local.certHosts) ($local.certIps) (rest $local.certHosts) (int $params.life) $ca }}
{{- $rawCert := genSignedCert (first $local.certHosts) ($local.certIps) $local.certHosts (int $params.life) $ca }}
{{- $certificate := dict "crt" $rawCert.Cert "key" $rawCert.Key "ca" $params.ca.crt "exp" $expDate "" }}
{{- $certificate | toYaml }}
{{- end -}}