Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Certificates management #1086

Merged
merged 15 commits into from
Mar 1, 2022
Merged

feat: Certificates management #1086

merged 15 commits into from
Mar 1, 2022

Conversation

ssoroka
Copy link
Contributor

@ssoroka ssoroka commented Feb 26, 2022
edited
Loading

start of certificates management

jmorganca
jmorganca reviewed Mar 1, 2022
View reviewed changes
pki/native.go Outdated Show resolved Hide resolved
ssoroka
ssoroka commented Mar 1, 2022
View reviewed changes
internal/server/server.go
Comment on lines +164 to +166
if err := server.importConfig(); err != nil {
logging.S.Error(fmt.Errorf("import config: %w", err))
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unrelated change here. I think this is functionally equivalent to what the TODO comment says it should have done

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think Mike is changing this in #1068 too

jmorganca
jmorganca reviewed Mar 1, 2022
View reviewed changes
internal/server/server.go Outdated
@@ -60,14 +70,23 @@ type Options struct {
Secrets []SecretProvider `mapstructure:"secrets"`

Import *config.Config `mapstructure:"import"`

NetworkEncryption string `yaml:"networkEncryption"` // mtls (default), e2ee, none.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--experimental-enable-mtls or similar is a better flag for this

Also use mapstructure so flags work

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I imagine in the future this will also support e2ee, so the options would be mtls, e2ee, or none. If I go with boolean flags there will be two flags, and I'm not sure if it makes sense to do both mtls and e2ee.

jmorganca
jmorganca reviewed Mar 1, 2022
View reviewed changes
internal/server/server.go Outdated Show resolved Hide resolved
BruceMacD
BruceMacD reviewed Mar 1, 2022
View reviewed changes
Copy link
Collaborator

@BruceMacD BruceMacD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a big lift, thanks for putting the work in on this

internal/cmd/certificates.go Outdated Show resolved Hide resolved
internal/cmd/certificates.go Outdated Show resolved Hide resolved
internal/cmd/certificates.go Outdated Show resolved Hide resolved
internal/cmd/certificates.go Outdated Show resolved Hide resolved
internal/cmd/certificates.go Outdated Show resolved Hide resolved
pki/certificates.go Outdated Show resolved Hide resolved
pki/native.go Show resolved Hide resolved
pki/native.go Show resolved Hide resolved
pki/native.go Outdated Show resolved Hide resolved
pki/native.go Outdated Show resolved Hide resolved
@ssoroka
Copy link
Contributor Author

ssoroka commented Mar 1, 2022

had to rebase with latest main

@ssoroka ssoroka changed the title Certificates WIP feat: Certificates management Mar 1, 2022
mxyng
mxyng reviewed Mar 1, 2022
View reviewed changes
internal/cmd/login.go Outdated Show resolved Hide resolved
mxyng
mxyng reviewed Mar 1, 2022
View reviewed changes
internal/cmd/login.go Outdated Show resolved Hide resolved
BruceMacD
BruceMacD approved these changes Mar 1, 2022
View reviewed changes
Copy link
Collaborator

@BruceMacD BruceMacD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing my questions, this is good to go for me.

mxyng
mxyng reviewed Mar 1, 2022
View reviewed changes
pki/certificates.go
// type Signer interface {
// SignCert()
// }
func MakeUserCert(commonName string, lifetime time.Duration) (*KeyPair, error) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: would prefer without abbreviations, MakeUserCertificate

mxyng
mxyng approved these changes Mar 1, 2022
View reviewed changes
Copy link
Collaborator

@mxyng mxyng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

jmorganca
jmorganca reviewed Mar 1, 2022
View reviewed changes
.gitignore Outdated Show resolved Hide resolved
jmorganca
jmorganca reviewed Mar 1, 2022
View reviewed changes
internal/server/server.go Outdated Show resolved Hide resolved
@ssoroka ssoroka merged commit 09802a3 into main Mar 1, 2022
@ssoroka ssoroka deleted the cert-lib branch March 1, 2022 22:37
@infrahq-ci infrahq-ci mentioned this pull request Mar 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mxyng mxyng mxyng approved these changes

@jmorganca jmorganca jmorganca left review comments

@BruceMacD BruceMacD BruceMacD approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ssoroka @jmorganca @mxyng @BruceMacD