Add support for SAN types on VaaS #100
Description
now Vaas Support SAN types: ip, uri, email.
the CIT request now could inlcude:
"sanRegexes": [ ".*\\.vfidev\\.(com|net)" ], "sanIpAddressRegexes": [ "^(172\\.(1[6-9]\\.|2[0-9]\\.|3[0-1]\\.)|192\\.168\\.|10\\.).*" ], "sanRfc822NameRegexes": [ ".*@vfidev\\.(com|net)" ], "sanUniformResourceIdentifierRegexes": [ "(https|ldaps|spiffe)://.*\\.vfidev\\.(com|net)" ],
and on the request for a CIT:
{ "isVaaSGenerated": true, "csrAttributes": { "subjectAlternativeNamesByType": { "dnsNames": [ "uno.vfidev.com", "dos.vfidev.com", "tres.vfidev.com" ], "ipAddresses": [ "10.20.30.40", "192.168.192.168" ], "rfc822Names": [ "dirk@vfidev.com", "carla@vfidev.com" ], "uniformResourceIdentifiers": [ "https://www.vfidev.com/", "ldaps://directory.vfidev.com", "spiffe://workload.vfidev.com" ] } } }
modification on policy specification is required, on subjectAltNames the following properties should be added:
"uriProtocols": [""],
"ipConstraints": [ ""]
uriProtocols is an array that will hold all the accepted protocols.
ipConstraints contains the following values: ipv4, ipv6, v4private, v6private
if ipv4 is specified then a regex for validating ipv4 should be set sanIpAddressRegexes, this applies to the another values with respective regex validation, default is ipv4, ipv6 if ipAllowed is true.