X509 Templates - support of extKeyUsage based on input CSR #2260
Description
I had been trying all the options for template based extKeyUsage mapped from CSR with the help of smallstep's link for template variables.
Could not find a way to map CSR based extKeyUsage property mapping
It works in case of user supplied attributes based on .Insecure.User
Any way to support that using .Insecure.CR?
Or if it is missing in the docs?
{
"subject": {
"country": {{ if .Insecure.CR.Subject.Country }}{{ toJson .Insecure.CR.Subject.Country }}{{ else }}{{ toJson .Subject.Country }}{{ end }},
"province": {{ if .Insecure.CR.Subject.Province }}{{ toJson .Insecure.CR.Subject.Province }}{{ else }}{{ toJson .Subject.Province }}{{ end }},
"locality": {{ if .Insecure.CR.Subject.Locality }}{{ toJson .Insecure.CR.Subject.Locality }}{{ else }}{{ toJson .Subject.Locality }}{{ end }},
"organization": {{ if .Insecure.CR.Subject.Organization }}{{ toJson .Insecure.CR.Subject.Organization }}{{ else }}{{ toJson .Subject.Organization }}{{ end }},
"organizationalUnit": {{ if .Insecure.CR.Subject.OrganizationalUnit }}{{ toJson .Insecure.CR.Subject.OrganizationalUnit }}{{ else }}{{ toJson .Subject.OrganizationalUnit }}{{ end }},
"commonName": {{ if .Insecure.CR.Subject.CommonName }}{{ toJson .Insecure.CR.Subject.CommonName }}{{ else }}{{ toJson .Subject.CommonName }}{{ end }}
},
"sans": {{ toJson .Insecure.CR.DNSNames }},
{{- if typeIs "*rsa.PublicKey" .Insecure.CR.PublicKey }}
"keyUsage": ["keyEncipherment", "digitalSignature"],
{{- else }}
"keyUsage": ["digitalSignature"],
{{- end }}
"extKeyUsage": {{ if .Insecure.User.extKeyUsage }}{{ toJson .Insecure.User.extKeyUsage }}{{ else }}["serverAuth", "clientAuth"]{{ end }}
}
Metadata
Metadata
Assignees
Labels
No labels