diff --git a/backend/src/server/routes/v1/certificate-profiles-router.ts b/backend/src/server/routes/v1/certificate-profiles-router.ts index 8a58814792..ec99e2f4f4 100644 --- a/backend/src/server/routes/v1/certificate-profiles-router.ts +++ b/backend/src/server/routes/v1/certificate-profiles-router.ts @@ -249,7 +249,8 @@ export const registerCertificateProfilesRouter = async (server: FastifyZodProvid acmeConfig: z .object({ id: z.string(), - directoryUrl: z.string() + directoryUrl: z.string(), + skipDnsOwnershipVerification: z.boolean().optional() }) .optional(), externalConfigs: ExternalConfigUnionSchema diff --git a/backend/src/services/certificate-profile/certificate-profile-dal.ts b/backend/src/services/certificate-profile/certificate-profile-dal.ts index cc926ce5b8..1572746830 100644 --- a/backend/src/services/certificate-profile/certificate-profile-dal.ts +++ b/backend/src/services/certificate-profile/certificate-profile-dal.ts @@ -361,7 +361,11 @@ export const certificateProfileDALFactory = (db: TDbClient) => { db.ref("id").withSchema(TableName.PkiApiEnrollmentConfig).as("apiId"), db.ref("autoRenew").withSchema(TableName.PkiApiEnrollmentConfig).as("apiAutoRenew"), db.ref("renewBeforeDays").withSchema(TableName.PkiApiEnrollmentConfig).as("apiRenewBeforeDays"), - db.ref("id").withSchema(TableName.PkiAcmeEnrollmentConfig).as("acmeId") + db.ref("id").withSchema(TableName.PkiAcmeEnrollmentConfig).as("acmeId"), + db + .ref("skipDnsOwnershipVerification") + .withSchema(TableName.PkiAcmeEnrollmentConfig) + .as("acmeSkipDnsOwnershipVerification") ); if (processedRules) { @@ -398,7 +402,8 @@ export const certificateProfileDALFactory = (db: TDbClient) => { const acmeConfig = result.acmeId ? { - id: result.acmeId as string + id: result.acmeId as string, + skipDnsOwnershipVerification: !!result.acmeSkipDnsOwnershipVerification } : undefined; diff --git a/frontend/src/hooks/api/certificateProfiles/types.ts b/frontend/src/hooks/api/certificateProfiles/types.ts index a4f6236595..e79c384d31 100644 --- a/frontend/src/hooks/api/certificateProfiles/types.ts +++ b/frontend/src/hooks/api/certificateProfiles/types.ts @@ -62,6 +62,7 @@ export type TCertificateProfileWithDetails = TCertificateProfile & { acmeConfig?: { id: string; directoryUrl: string; + skipDnsOwnershipVerification?: boolean; }; }; diff --git a/frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CreateProfileModal.tsx b/frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CreateProfileModal.tsx index 138e60de3a..43de8c6b23 100644 --- a/frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CreateProfileModal.tsx +++ b/frontend/src/pages/cert-manager/PoliciesPage/components/CertificateProfilesTab/CreateProfileModal.tsx @@ -79,7 +79,11 @@ const createSchema = z renewBeforeDays: z.number().min(1).max(365).optional() }) .optional(), - acmeConfig: z.object({}).optional(), + acmeConfig: z + .object({ + skipDnsOwnershipVerification: z.boolean().optional() + }) + .optional(), externalConfigs: z .object({ template: z.string().min(1, "Azure ADCS template is required") @@ -219,7 +223,11 @@ const editSchema = z renewBeforeDays: z.number().min(1).max(365).optional() }) .optional(), - acmeConfig: z.object({}).optional(), + acmeConfig: z + .object({ + skipDnsOwnershipVerification: z.boolean().optional() + }) + .optional(), externalConfigs: z .object({ template: z.string().optional() @@ -406,7 +414,13 @@ export const CreateProfileModal = ({ renewBeforeDays: profile.apiConfig?.renewBeforeDays || 30 } : undefined, - acmeConfig: profile.enrollmentType === EnrollmentType.ACME ? {} : undefined, + acmeConfig: + profile.enrollmentType === EnrollmentType.ACME + ? { + skipDnsOwnershipVerification: + profile.acmeConfig?.skipDnsOwnershipVerification || false + } + : undefined, externalConfigs: profile.externalConfigs ? { template: @@ -429,7 +443,9 @@ export const CreateProfileModal = ({ autoRenew: false, renewBeforeDays: 30 }, - acmeConfig: {}, + acmeConfig: { + skipDnsOwnershipVerification: false + }, externalConfigs: undefined } }); @@ -476,7 +492,13 @@ export const CreateProfileModal = ({ renewBeforeDays: profile.apiConfig?.renewBeforeDays || 30 } : undefined, - acmeConfig: profile.enrollmentType === EnrollmentType.ACME ? {} : undefined, + acmeConfig: + profile.enrollmentType === EnrollmentType.ACME + ? { + skipDnsOwnershipVerification: + profile.acmeConfig?.skipDnsOwnershipVerification || false + } + : undefined, externalConfigs: profile.externalConfigs ? { template: @@ -667,7 +689,9 @@ export const CreateProfileModal = ({ renewBeforeDays: 30 }); setValue("estConfig", undefined); - setValue("acmeConfig", undefined); + setValue("acmeConfig", { + skipDnsOwnershipVerification: false + }); } onChange(value); }} @@ -797,7 +821,9 @@ export const CreateProfileModal = ({ } else if (watchedEnrollmentType === "acme") { setValue("estConfig", undefined); setValue("apiConfig", undefined); - setValue("acmeConfig", {}); + setValue("acmeConfig", { + skipDnsOwnershipVerification: false + }); } onChange(value); }} @@ -846,7 +872,9 @@ export const CreateProfileModal = ({ } else if (value === "acme") { setValue("apiConfig", undefined); setValue("estConfig", undefined); - setValue("acmeConfig", {}); + setValue("acmeConfig", { + skipDnsOwnershipVerification: false + }); } onChange(value); }} @@ -975,10 +1003,24 @@ export const CreateProfileModal = ({
( + name="acmeConfig.skipDnsOwnershipVerification" + render={({ field: { value, onChange }, fieldState: { error } }) => ( -
{/* FIXME: ACME configuration */}
+
+ +
+ + Skip DNS Ownership Validation + +

+ Skip DNS ownership verification during ACME certificate issuance. +

+
+
)} />