Created
May 12, 2022 20:01
-
-
Save WhatsARanjit/fef9a9c0f0985f4a65b304bbf12b5ead to your computer and use it in GitHub Desktop.
CSR common_name sentinel
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sentinel test -verbose csr_common_name.sentinel | |
| Installing test modules for test/csr_common_name/fail.json | |
| Installing test modules for test/csr_common_name/success.json | |
| PASS - csr_common_name.sentinel | |
| PASS - test/csr_common_name/fail.json | |
| logs: | |
| common_name: fail.acme-app-fail.com | |
| trace: | |
| csr_common_name.sentinel:28:1 - Rule "main" | |
| Description: | |
| Main rule | |
| Value: | |
| false | |
| PASS - test/csr_common_name/success.json | |
| logs: | |
| common_name: pass.acme-app.com | |
| trace: | |
| csr_common_name.sentinel:28:1 - Rule "main" | |
| Description: | |
| Main rule | |
| Value: | |
| true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "strings" | |
| # Check common_name suffix | |
| suffix_match = func() { | |
| # Make sure there is request data | |
| if length(request.data else 0) is 0 { | |
| print("No request data") | |
| return false | |
| } | |
| # Make sure there is a common_name | |
| if "common_name" not in keys(request.data) { | |
| print("No common_name specified") | |
| return false | |
| } | |
| print("common_name:", request.data.common_name) | |
| # Check suffix | |
| if strings.has_suffix(request.data.common_name, ".acme-app.com") { | |
| return true | |
| } else { | |
| return false | |
| } | |
| } | |
| # Main rule | |
| main = rule { | |
| suffix_match() | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "global": { | |
| "request": { | |
| "operation": "create", | |
| "path": "pki/issue/testing", | |
| "data": {"common_name": "fail.acme-app-fail.com"} | |
| } | |
| }, | |
| "test": { | |
| "main": false | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "global": { | |
| "request": { | |
| "operation": "create", | |
| "path": "pki/issue/testing", | |
| "data": {"common_name": "pass.acme-app.com"} | |
| } | |
| }, | |
| "test": { | |
| "main": true | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment