diff --git a/authority/ssh.go b/authority/ssh.go index c34bcd65b..e29e1c318 100644 --- a/authority/ssh.go +++ b/authority/ssh.go @@ -699,6 +699,7 @@ func (a *Authority) callEnrichingWebhooksSSH(ctx context.Context, prov provision var whEnrichReq *webhook.RequestBody if whEnrichReq, err = webhook.NewRequestBody( webhook.WithSSHCertificateRequest(cr), + webhook.WithProvisionerName(prov), ); err == nil { err = webhookCtl.Enrich(ctx, whEnrichReq) } @@ -715,6 +716,7 @@ func (a *Authority) callAuthorizingWebhooksSSH(ctx context.Context, prov provisi var whAuthBody *webhook.RequestBody if whAuthBody, err = webhook.NewRequestBody( webhook.WithSSHCertificate(cert, certTpl), + webhook.WithProvisionerName(prov), ); err == nil { err = webhookCtl.Authorize(ctx, whAuthBody) } diff --git a/authority/tls.go b/authority/tls.go index d794ad73e..3900c446c 100644 --- a/authority/tls.go +++ b/authority/tls.go @@ -1052,6 +1052,7 @@ func (a *Authority) callEnrichingWebhooksX509(ctx context.Context, prov provisio if whEnrichReq, err = webhook.NewRequestBody( webhook.WithX509CertificateRequest(csr), webhook.WithAttestationData(attested), + webhook.WithProvisionerName(prov), ); err == nil { err = webhookCtl.Enrich(ctx, whEnrichReq) } @@ -1076,6 +1077,7 @@ func (a *Authority) callAuthorizingWebhooksX509(ctx context.Context, prov provis if whAuthBody, err = webhook.NewRequestBody( webhook.WithX509Certificate(cert, leaf), webhook.WithAttestationData(attested), + webhook.WithProvisionerName(prov), ); err == nil { err = webhookCtl.Authorize(ctx, whAuthBody) } diff --git a/webhook/options.go b/webhook/options.go index 869237097..62f0170ae 100644 --- a/webhook/options.go +++ b/webhook/options.go @@ -10,6 +10,10 @@ import ( type RequestBodyOption func(*RequestBody) error +type Provisioner interface { + GetName() string +} + func NewRequestBody(options ...RequestBodyOption) (*RequestBody, error) { rb := &RequestBody{} @@ -22,6 +26,18 @@ func NewRequestBody(options ...RequestBodyOption) (*RequestBody, error) { return rb, nil } +// WithProvisionerName sets the provisioner name in the webhook request body +// using the name from the given provisioner. If p is nil, the provisioner name +// is left unchanged. +func WithProvisionerName(p Provisioner) RequestBodyOption { + return func(rb *RequestBody) error { + if p != nil { + rb.ProvisionerName = p.GetName() + } + return nil + } +} + func WithX509CertificateRequest(cr *x509.CertificateRequest) RequestBodyOption { return func(rb *RequestBody) error { rb.X509CertificateRequest = &X509CertificateRequest{ diff --git a/webhook/options_test.go b/webhook/options_test.go index 9bcc59bca..764e1c6c1 100644 --- a/webhook/options_test.go +++ b/webhook/options_test.go @@ -13,6 +13,12 @@ import ( "golang.org/x/crypto/ssh" ) +type fakeProvisioner string + +func (f fakeProvisioner) GetName() string { + return string(f) +} + func TestNewRequestBody(t *testing.T) { t1 := time.Now() t2 := t1.Add(time.Hour) @@ -43,6 +49,7 @@ func TestNewRequestBody(t *testing.T) { }, "X509 Certificate Request": { options: []RequestBodyOption{ + WithProvisionerName(fakeProvisioner("test@example.com")), WithX509CertificateRequest(&x509.CertificateRequest{ PublicKeyAlgorithm: x509.ECDSA, Subject: pkix.Name{CommonName: "foo"}, @@ -50,6 +57,7 @@ func TestNewRequestBody(t *testing.T) { }), }, want: &RequestBody{ + ProvisionerName: "test@example.com", X509CertificateRequest: &X509CertificateRequest{ CertificateRequest: &x509util.CertificateRequest{ PublicKeyAlgorithm: x509.ECDSA, @@ -63,6 +71,7 @@ func TestNewRequestBody(t *testing.T) { }, "X509 Certificate": { options: []RequestBodyOption{ + WithProvisionerName(nil), WithX509Certificate(&x509util.Certificate{}, &x509.Certificate{ NotBefore: t1, NotAfter: t2,