Include spiffe uri

author: Morten Tokle <mortent@yahooinc.com> 2023-01-05 10:34:47 +0100
committer: Morten Tokle <mortent@yahooinc.com> 2023-01-05 10:34:47 +0100
commit: c35c8c461683510dec6bd64566cc574df1023a3d (patch)
tree: 41fe9eafde8008c72c46276807567de34b59ac49 /vespa-athenz
parent: cc221907ff68fbf78a24c7cda2161fa33912e3ce (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/utils/IdentityCsrGenerator.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/utils/IdentityCsrGenerator.java
index 26fb7819bfd..b1a3dc6dc03 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/utils/IdentityCsrGenerator.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/utils/IdentityCsrGenerator.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.athenz.client.zts.utils;
 
+import com.yahoo.security.SubjectAlternativeName;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
 import com.yahoo.vespa.athenz.api.AthenzService;
 import com.yahoo.vespa.athenz.client.zts.ZtsClient;
@@ -32,6 +33,9 @@ public class IdentityCsrGenerator {
                         identity.getName(),
                         identity.getDomainName().replace(".", "-"),
                         dnsSuffix))
+                .addSubjectAlternativeName(
+                        SubjectAlternativeName.Type.URI,
+                        "spiffe://%s/sa/%s".formatted(identity.getDomainName(), identity.getName()))
                 .build();
     }
author	Morten Tokle <mortent@yahooinc.com>	2023-01-05 10:34:47 +0100
committer	Morten Tokle <mortent@yahooinc.com>	2023-01-05 10:34:47 +0100
commit	c35c8c461683510dec6bd64566cc574df1023a3d (patch)
tree	41fe9eafde8008c72c46276807567de34b59ac49 /vespa-athenz
parent	cc221907ff68fbf78a24c7cda2161fa33912e3ce (diff)