This commit is contained in:
parent
e3fcb4c5b9
commit
301ea4c0f0
|
@ -2797,7 +2797,8 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
|
|||
|
||||
// Write role PKI.
|
||||
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
|
||||
"allowed_domains": []string{"foobar.com", "zipzap.com", "{{identity.entity.aliases." + userpassAccessor + ".name}}"},
|
||||
"allowed_domains": []string{"foobar.com", "zipzap.com", "{{identity.entity.aliases." + userpassAccessor + ".name}}",
|
||||
"foo.{{identity.entity.aliases." + userpassAccessor + ".name}}.example.com"},
|
||||
"allowed_domains_template": true,
|
||||
"allow_bare_domains": true,
|
||||
})
|
||||
|
@ -2824,6 +2825,12 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
|
|||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
// Issue certificate for foo.userpassname.domain.
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "foo.userpassname.example.com"})
|
||||
if err != nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
// Set allowed_domains_template to false.
|
||||
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
|
||||
"allowed_domains_template": false,
|
||||
|
|
|
@ -315,8 +315,8 @@ func validateNames(b *backend, data *inputBundle, names []string) string {
|
|||
}
|
||||
|
||||
if data.role.AllowedDomainsTemplate {
|
||||
matched, _ := regexp.MatchString(`^{{.+?}}$`, currDomain)
|
||||
if matched && data.req.EntityID != "" {
|
||||
isTemplate, _ := framework.ValidateIdentityTemplate(currDomain)
|
||||
if isTemplate && data.req.EntityID != "" {
|
||||
tmpCurrDomain, err := framework.PopulateIdentityTemplate(currDomain, data.req.EntityID, b.System())
|
||||
if err != nil {
|
||||
continue
|
||||
|
|
Loading…
Reference in a new issue