Ignore `null` string for x509 and ssh templateData.

4 years ago · da9f0b09af
parent 81c6e01269
commit da9f0b09af
3 changed files with 11 additions and 4 deletions
--- a/authority/provisioner/options.go
+++ b/authority/provisioner/options.go
@ -83,7 +83,7 @@ func CustomTemplateOptions(o *Options, data x509util.TemplateData, defaultTempla

 	if opts != nil {
 		// Add template data if any.
-		if len(opts.TemplateData) > 0 {
+		if len(opts.TemplateData) > 0 && string(opts.TemplateData) != "null" {
 			if err := json.Unmarshal(opts.TemplateData, &data); err != nil {
 				return nil, errors.Wrap(err, "error unmarshaling template data")
 			}
--- a/authority/provisioner/options_test.go
+++ b/authority/provisioner/options_test.go
@ -220,6 +220,13 @@ func TestCustomTemplateOptions(t *testing.T) {
 		{"okBadUserOptions", args{&Options{X509: &X509Options{Template: `{"foo": "{{.Insecure.User.foo}}"}`}}, data, x509util.DefaultLeafTemplate, SignOptions{TemplateData: []byte(`{"badJSON"}`)}}, x509util.Options{
 			CertBuffer: bytes.NewBufferString(`{"foo": "<no value>"}`),
 		}, false},
+		{"okNullTemplateData", args{&Options{X509: &X509Options{TemplateData: []byte(`null`)}}, data, x509util.DefaultLeafTemplate, SignOptions{}}, x509util.Options{
+			CertBuffer: bytes.NewBufferString(`{
+	"subject": {"commonName":"foobar"},
+	"sans": [{"type":"dns","value":"foo.com"}],
+	"keyUsage": ["digitalSignature"],
+	"extKeyUsage": ["serverAuth", "clientAuth"]
+}`)}, false},
 		{"fail", args{&Options{X509: &X509Options{TemplateData: []byte(`{"badJSON`)}}, data, x509util.DefaultLeafTemplate, SignOptions{}}, x509util.Options{}, true},
 		{"failTemplateData", args{&Options{X509: &X509Options{TemplateData: []byte(`{"badJSON}`)}}, data, x509util.DefaultLeafTemplate, SignOptions{}}, x509util.Options{}, true},
 	}
--- a/authority/provisioner/ssh_options.go
+++ b/authority/provisioner/ssh_options.go
@ -40,7 +40,7 @@ func (o *SSHOptions) HasTemplate() bool {
 	return o != nil && (o.Template != "" || o.TemplateFile != "")
 }

-// SSHTemplateOptions generates a SSHCertificateOptions with the template and
+// TemplateSSHOptions generates a SSHCertificateOptions with the template and
 // data defined in the ProvisionerOptions, the provisioner generated data, and
 // the user data provided in the request. If no template has been provided,
 // x509util.DefaultLeafTemplate will be used.
@ -48,7 +48,7 @@ func TemplateSSHOptions(o *Options, data sshutil.TemplateData) (SSHCertificateOp
 	return CustomSSHTemplateOptions(o, data, sshutil.DefaultTemplate)
 }

-// CustomTemplateOptions generates a CertificateOptions with the template, data
+// CustomSSHTemplateOptions generates a CertificateOptions with the template, data
 // defined in the ProvisionerOptions, the provisioner generated data and the
 // user data provided in the request. If no template has been provided in the
 // ProvisionerOptions, the given template will be used.
@ -60,7 +60,7 @@ func CustomSSHTemplateOptions(o *Options, data sshutil.TemplateData, defaultTemp

 	if opts != nil {
 		// Add template data if any.
-		if len(opts.TemplateData) > 0 {
+		if len(opts.TemplateData) > 0 && string(opts.TemplateData) != "null" {
 			if err := json.Unmarshal(opts.TemplateData, &data); err != nil {
 				return nil, errors.Wrap(err, "error unmarshaling template data")
 			}