From 3d45d3eee907bf676c35b7f34bfdb4b67c5d111b Mon Sep 17 00:00:00 2001
From: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Date: Wed, 3 May 2023 09:13:44 -0700
Subject: [PATCH] fix cert.URIs (#1144)

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 pkg/identity/gitlabcom/principal.go | 2 +-
 pkg/server/grpc_server_test.go      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/identity/gitlabcom/principal.go b/pkg/identity/gitlabcom/principal.go
index 5e58d8188..9455f9b21 100644
--- a/pkg/identity/gitlabcom/principal.go
+++ b/pkg/identity/gitlabcom/principal.go
@@ -179,7 +179,7 @@ func (p jobPrincipal) Embed(_ context.Context, cert *x509.Certificate) error {
 	}
 
 	// Set workflow ref URL to SubjectAlternativeName on certificate
-	cert.URIs = []*url.URL{baseURL.JoinPath(p.repository, "@", p.ref)}
+	cert.URIs = []*url.URL{baseURL.JoinPath(fmt.Sprintf("%s@%s", p.repository, p.ref))}
 
 	// Embed additional information into custom extensions
 	cert.ExtraExtensions, err = certificate.Extensions{
diff --git a/pkg/server/grpc_server_test.go b/pkg/server/grpc_server_test.go
index da7130d11..820172a54 100644
--- a/pkg/server/grpc_server_test.go
+++ b/pkg/server/grpc_server_test.go
@@ -1051,7 +1051,7 @@ func TestAPIWithGitLab(t *testing.T) {
 		t.Fatalf("unexpected length of leaf certificate URIs, expected 1, got %d", len(leafCert.URIs))
 	}
 
-	gitLabURL := fmt.Sprintf("https://gitlab.com/%s/@/refs/heads/%s", claims.ProjectPath, claims.Ref)
+	gitLabURL := fmt.Sprintf("https://gitlab.com/%s@refs/heads/%s", claims.ProjectPath, claims.Ref)
 	gitLabURI, err := url.Parse(gitLabURL)
 	if err != nil {
 		t.Fatalf("failed to parse expected url")