Add support for SAN types on VaaS #100
Assignees
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
now Vaas Support SAN types: ip, uri, email.
the CIT request now could inlcude:
"sanRegexes": [ ".*\\.vfidev\\.(com|net)" ], "sanIpAddressRegexes": [ "^(172\\.(1[6-9]\\.|2[0-9]\\.|3[0-1]\\.)|192\\.168\\.|10\\.).*" ], "sanRfc822NameRegexes": [ ".*@vfidev\\.(com|net)" ], "sanUniformResourceIdentifierRegexes": [ "(https|ldaps|spiffe)://.*\\.vfidev\\.(com|net)" ],and on the request for a CIT:
{ "isVaaSGenerated": true, "csrAttributes": { "subjectAlternativeNamesByType": { "dnsNames": [ "uno.vfidev.com", "dos.vfidev.com", "tres.vfidev.com" ], "ipAddresses": [ "10.20.30.40", "192.168.192.168" ], "rfc822Names": [ "[email protected]", "[email protected]" ], "uniformResourceIdentifiers": [ "https://www.vfidev.com/", "ldaps://directory.vfidev.com", "spiffe://workload.vfidev.com" ] } } }modification on policy specification is required, on subjectAltNames the following properties should be added:
"uriProtocols": [""],
"ipConstraints": [ ""]
uriProtocols is an array that will hold all the accepted protocols.
ipConstraints contains the following values: ipv4, ipv6, v4private, v6private
if ipv4 is specified then a regex for validating ipv4 should be set sanIpAddressRegexes, this applies to the another values with respective regex validation, default is ipv4, ipv6 if ipAllowed is true.
The text was updated successfully, but these errors were encountered: