Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement support for x509 extra extensions #76

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Implement support for x509 extra extensions #76

wants to merge 3 commits into from

Conversation

AbdulRahmanAlHamali
Copy link

This PR provides the ability to add arbitrary extensions to certificates and certificate requests, by providing their OID, whether they are critical or not, and their value.

The value of the extension is serialized into Abstract Syntax Notation One (ASN.1)

The PR only implements a few of the possible types for value, but makes it very easy to add more types upon demand.

Please let me know what you think, looking forward to the review.

Regards,

julienduchesne
julienduchesne reviewed Apr 10, 2020
View reviewed changes
tls/provider.go
Type: schema.TypeInt,
Description: "Fill this field if the extension value should be encoded as an ASN.1 INTEGER",
Optional: true,
ForceNew: true,
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can use the ConflictsWith attribute to make sure that only one is set:

ConflictsWith: []string{"boolean_value", "printable_string_value", "utf8_string_value"},

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Didn't know about this

tls/provider.go
Optional: true,
ForceNew: true,
},
"type": {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you have all the ConflictsValue set right, you no longer need this since only one of the values above will be set. The GetOk method should give you the result and ok (whether or not the value has been set by the user)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't work unfortunately. ConflictsWith does not work on nested resources:
hashicorp/terraform-plugin-sdk#71

And I can't call GetOk on a nested resource, because it is returned to me as a map instead of as ResourceData

tls/resource_cert_request_test.go
@@ -43,7 +45,25 @@ func TestCertRequest(t *testing.T) {
uris = [
"spiffe://example-trust-domain/workload",
"spiffe://example-trust-domain/workload2",
]
]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

formatting seems weird here

@hashicorp-cla
Copy link

hashicorp-cla commented Nov 22, 2020
edited by hashicorp-cla-app bot
Loading

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

AbdulRahman AlHamali seems not to be a GitHub user.
You need a GitHub account to be able to sign the CLA.
If you have already a GitHub account, please add the email address used for this commit to your account.

Have you signed the CLA already but the status is still pending? Recheck it.

@Karthikeyanraman94
Copy link

HI Team, can we have this merged, we literally need this feature for one of our client certificate

@Karthikeyanraman94
Copy link

@julienduchesne : Could you please help this feature go live... We actually require OID feature for few of our client certs.. And this will be more helpfull

Base automatically changed from master to main February 1, 2021 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@julienduchesne julienduchesne julienduchesne left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AbdulRahmanAlHamali @hashicorp-cla @Karthikeyanraman94 @julienduchesne