implement a no_store option for pki roles, refs #2511 #2565
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It's not -- please add it! |
jefferai
requested changes
Apr 4, 2017
| Key: "certs/" + cb.SerialNumber, | ||
| Value: parsedBundle.CertificateBytes, | ||
| }) | ||
| if !*role.NoStore { |
There was a problem hiding this comment.
No need to dereference the role here.
builtin/logical/pki/path_roles.go
Outdated
| @@ -504,6 +529,7 @@ type roleEntry struct { | |||
| OU string `json:"ou" structs:"ou" mapstructure:"ou"` | |||
| Organization string `json:"organization" structs:"organization" mapstructure:"organization"` | |||
| GenerateLease *bool `json:"generate_lease,omitempty" structs:"generate_lease,omitempty"` | |||
| NoStore *bool `json:"no_store,omitempty" structs:"no_store,omitempty"` | |||
There was a problem hiding this comment.
This doesn't need to be a *bool, just bool is fine, with associated updates elsewhere.
|
Need anything else from me on this? (Sorry, I'm new to this CR UI.) |
jefferai
approved these changes
Apr 6, 2017
chrishoffman
suggested changes
Apr 6, 2017
| Key: "certs/" + cb.SerialNumber, | ||
| Value: parsedBundle.CertificateBytes, | ||
| }) | ||
| } | ||
| if err != nil { |
There was a problem hiding this comment.
Can you move this error handling into the previous block?
|
LGTM, thanks! |
chrishoffman
pushed a commit
that referenced
this pull request
Apr 17, 2017
* oss/master: (43 commits) Bump deps Update SSH docs to indicate deprecation of dynamic key type Bump Go version in Travis changelog++ Bump go version to 1.8.1 Consider new bounds as a criteria to allow role creation (#2600) Update 404.html.md (#2594) Add some extra documentation around ssh-keygen -L to see signed cert info. changelog++ Respect the configured address's path in the client (#2588) changelog++ Verify that a CSR specifies IP SANs before checking whether it's allowed (#2574) minor docs update changelog++ Update AES-GCM verification text changelog++ implement a no_store option for pki roles (#2565) Remove superfluous/misleading comments around some listener options Update SSH CA documentation Add press-kit ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements option 1 from #2511. The implementation (including the test) is mostly cargo-culted from the implementation of
generate_lease. I didn't updatewebsite/source/apibecause that looked like it might be autogenerated?Thanks for your time.