From bb646b6c34166951a0657dbc6fb0df5220f5f9a7 Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Date: Jun 08 2025 14:10:27 +0000
Subject: Support wildcard certificate SANs


For web services with dynamic instance subdomains.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

---

diff --git a/pillar/infra/schemas/certificate.json b/pillar/infra/schemas/certificate.json
index d3b75e3..b8d3403 100644
--- a/pillar/infra/schemas/certificate.json
+++ b/pillar/infra/schemas/certificate.json
@@ -10,7 +10,7 @@
 			"type": "array",
 			"items": {
 				"type": "string",
-				"pattern": "^[a-z0-9-]+\\.[a-z0-9.-]+$"
+				"pattern": "^[a-z0-9-*]+\\.[a-z0-9.-]+$"
 			},
 			"maxItems": 99
 		},
diff --git a/pillar/role/dehydrated/central.sls b/pillar/role/dehydrated/central.sls
index c1a9287..a0a7377 100644
--- a/pillar/role/dehydrated/central.sls
+++ b/pillar/role/dehydrated/central.sls
@@ -23,7 +23,7 @@ profile:
             {%- if 'sans' in certificate_config %}
             sans:
               {%- for san in certificate_config['sans'] %}
-              - {{ san }}
+              - '{{ san }}'
               {%- endfor %}
             {%- endif %}