@@ -19,7 +19,6 @@ package tlscertificate
1919import (
2020 "context"
2121 "crypto/x509"
22- "encoding/json"
2322 "errors"
2423 "fmt"
2524 "slices"
@@ -101,11 +100,18 @@ type GenSelfSignedTLSHookConf struct {
101100 // CommonCAValuesPath
102101 // Example: CommonCAValuesPath = 'commonCaPath'
103102 // Values to store:
104- // commonCaPath.key
105- // commonCaPath.crt
103+ // commonCaPath.<CommonCACertField> (default: commonCaPath.crt)
104+ // commonCaPath.<CommonCAKeyField> (default: commonCaPath.key)
106105 // Data in values store as plain text
107106 // In helm templates you need use `b64enc` function to encode
108107 CommonCAValuesPath string
108+ // CommonCACertField - field name for the cert within CommonCAValuesPath object.
109+ // Defaults to "crt" if empty.
110+ // Example: set to "cert" if the CA is stored as commonCaPath.cert instead of commonCaPath.crt
111+ CommonCACertField string
112+ // CommonCAKeyField - field name for the key within CommonCAValuesPath object.
113+ // Defaults to "key" if empty.
114+ CommonCAKeyField string
109115 // Canonical name (CN) of common CA certificate.
110116 // If not specified (empty), then (if no CA cert already generated) using CN property of this struct
111117 CommonCACanonicalName string
@@ -134,6 +140,20 @@ func (gss GenSelfSignedTLSHookConf) CommonCAPath() string {
134140 return strings .TrimSuffix (gss .CommonCAValuesPath , "." )
135141}
136142
143+ func (gss GenSelfSignedTLSHookConf ) CACertField () string {
144+ if gss .CommonCACertField == "" {
145+ return "crt"
146+ }
147+ return gss .CommonCACertField
148+ }
149+
150+ func (gss GenSelfSignedTLSHookConf ) CAKeyField () string {
151+ if gss .CommonCAKeyField == "" {
152+ return "key"
153+ }
154+ return gss .CommonCAKeyField
155+ }
156+
137157// SANsGenerator function for generating sans
138158type SANsGenerator func (input * pkg.HookInput ) []string
139159
@@ -281,7 +301,7 @@ func GenSelfSignedTLS(conf GenSelfSignedTLSHookConf) func(ctx context.Context, i
281301 // 2.2) save new common ca in values
282302 // 2.3) mark certificates to regenerate
283303 if useCommonCA {
284- auth , err = getCommonCA (input , conf .CommonCAPath (), caExpiryDuration , caOutdatedDuration )
304+ auth , err = getCommonCA (input , conf .CommonCAPath (), conf . CACertField (), conf . CAKeyField (), caExpiryDuration , caOutdatedDuration )
285305 if err != nil {
286306 commonCACanonicalName := conf .CommonCACanonicalName
287307
@@ -298,7 +318,8 @@ func GenSelfSignedTLS(conf GenSelfSignedTLSHookConf) func(ctx context.Context, i
298318 return fmt .Errorf ("generate ca: %w" , err )
299319 }
300320
301- input .Values .Set (conf .CommonCAPath (), auth )
321+ input .Values .Set (conf .CommonCAPath ()+ "." + conf .CACertField (), string (auth .Cert ))
322+ input .Values .Set (conf .CommonCAPath ()+ "." + conf .CAKeyField (), string (auth .Key ))
302323
303324 mustGenerate = true
304325 }
@@ -384,17 +405,20 @@ func convCertToValues(cert *certificate.Certificate) CertValues {
384405var ErrCertificateIsNotFound = errors .New ("certificate is not found" )
385406var ErrCAIsInvalidOrOutdated = errors .New ("ca is invalid or outdated" )
386407
387- func getCommonCA (input * pkg.HookInput , valKey string , caExpiryDuration , caOutdatedDuration time.Duration ) (* certificate.Authority , error ) {
388- auth := new (certificate.Authority )
408+ func getCommonCA (input * pkg.HookInput , valKey , certField , keyField string , caExpiryDuration , caOutdatedDuration time.Duration ) (* certificate.Authority , error ) {
409+ certVal , ok := input .Values .GetOk (valKey + "." + certField )
410+ if ! ok {
411+ return nil , ErrCertificateIsNotFound
412+ }
389413
390- ca , ok := input .Values .GetOk (valKey )
414+ keyVal , ok := input .Values .GetOk (valKey + "." + keyField )
391415 if ! ok {
392416 return nil , ErrCertificateIsNotFound
393417 }
394418
395- err := json . Unmarshal ([] byte ( ca . String ()), auth )
396- if err != nil {
397- return nil , err
419+ auth := & certificate. Authority {
420+ Cert : [] byte ( certVal . String ()),
421+ Key : [] byte ( keyVal . String ()),
398422 }
399423
400424 outdated , err := isOutdatedCA (auth .Cert , caExpiryDuration , caOutdatedDuration )
0 commit comments