diff --git a/authority/provisioner/nebula.go b/authority/provisioner/nebula.go index a77f4281..71c57590 100644 --- a/authority/provisioner/nebula.go +++ b/authority/provisioner/nebula.go @@ -140,7 +140,8 @@ func (p *Nebula) AuthorizeSign(ctx context.Context, token string) ([]SignOption, } // The Nebula certificate will be available using the template variable Crt. - // For example {{ .Crt.Details.Groups }} can be used to get all the groups. + // For example {{ .AuthorizationCrt.Details.Groups }} can be used to get all + // the groups. data.SetAuthorizationCertificate(crt) templateOptions, err := TemplateOptions(p.Options, data) diff --git a/authority/provisioner/x5c.go b/authority/provisioner/x5c.go index 8710acb5..342ccd73 100644 --- a/authority/provisioner/x5c.go +++ b/authority/provisioner/x5c.go @@ -213,6 +213,11 @@ func (p *X5C) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er data.SetToken(v) } + // The X509 certificate will be available using the template variable Crt. + // For example {{ .AuthorizationCrt.DNSNames }} can be used to get all the + // domains. + data.SetAuthorizationCertificate(claims.chains[0][0]) + templateOptions, err := TemplateOptions(p.Options, data) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, "jwk.AuthorizeSign") @@ -287,6 +292,11 @@ func (p *X5C) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption, data.SetToken(v) } + // The X509 certificate will be available using the template variable Crt. + // For example {{ .AuthorizationCrt.DNSNames }} can be used to get all the + // domains. + data.SetAuthorizationCertificate(claims.chains[0][0]) + templateOptions, err := TemplateSSHOptions(p.Options, data) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, "x5c.AuthorizeSSHSign")