-
Notifications
You must be signed in to change notification settings - Fork 10
Fixes #10879: Adapt inventory processor so it can read agent certificate #110
Conversation
Commit modified |
99e8f5c
to
044615a
Compare
Commit modified |
044615a
to
6502565
Compare
@@ -720,7 +711,7 @@ class InventoryMapper( | |||
root.setOpt(server.inventoryDate, A_INVENTORY_DATE, { x: DateTime => GeneralizedTime(x).toString }) | |||
root.setOpt(server.receiveDate, A_RECEIVE_DATE, { x: DateTime => GeneralizedTime(x).toString }) | |||
root +=! (A_AGENTS_NAME, server.agents.map(x => x.toJsonString):_*) | |||
root +=! (A_PKEYS, server.publicKeys.map(x => x.key):_*) | |||
root +=! (A_PKEYS, server.agents.map(_.securityToken).collect{case p: PublicKey => p.key}:_*) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we should remove that since we store in in agent now
Commit modified |
6502565
to
8025c49
Compare
Commit modified |
8025c49
to
18f2749
Compare
override def toRulesPath() = "/dsc" | ||
final case object Dsc extends AgentType with HashcodeCaching { | ||
override def toString = A_DSC_AGENT | ||
override def toRulesPath = "/dsc" | ||
override val inventorySoftwareName = "Rudder agent" | ||
override def toAgentVersionName(softwareVersionName: String) = softwareVersionName+" (dsc)" | ||
} | ||
|
||
object AgentType { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you want to change the name of agent type as above, please put the declaration inside object AgentType so that the common way to address them is AgentType.Name.
Also, please use: CfeCommunity vs Community, and CfeEnterprise vs Nova.
override def toString() = A_NOVA_AGENT | ||
override def toRulesPath() = "/cfengine-nova" | ||
final case object Nova extends AgentType with HashcodeCaching { | ||
override def toString = A_NOVA_AGENT |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure is it valid to override toString() with toString. Is it?
value | ||
} else { | ||
s"""-----BEGIN CERTIFICATE----- | ||
|${value.grouped(80).mkString("\n")} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we really in PEM serialisation format? I think x509 is "-----BEGIN x509 CERTIFICATE-----" but that must be validated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that the format of the certificate we generate is PEM which is "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" for a x509 certificate
(https://en.wikipedia.org/wiki/X.509#Certificate_filename_extensions and read from Boundy Castle PEMParser )
or a SO answer here : https://stackoverflow.com/questions/3313020/write-x509-certificate-into-pem-formatted-string-in-java
} | ||
} | ||
|
||
/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK to remove that, but now that security token are really mandatory, we should check for them, no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's checked with AgentsName now!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, does AgentName also check for the (now mandatory) security token ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, you can look a few line below ! (Just added an error case on DSC which cannot be managed with it)
Commit modified |
18f2749
to
46619ec
Compare
Commit modified |
46619ec
to
70d954b
Compare
Commit modified |
70d954b
to
12965b6
Compare
Commit modified |
12965b6
to
0f40d6a
Compare
OK, merging this PR |
case invalidJson => | ||
tokenDefault match { | ||
case Some(default) => Full(PublicKey(default)) | ||
case None => Failure(s"Invalid value for security token, ${compactRender(invalidJson)}, and no public key were stored") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you cannot compactRender an invalid json
} | ||
token <- json \ "securityToken" match { | ||
case JObject(json) => parseSecurityToken(agentType, json, optToken) | ||
case _ => parseSecurityToken(agentType, JNothing, optToken) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since tokenJson \ "type" will be invalid in this case, this will always return Failure. And fail
https://www.rudder-project.org/redmine/issues/10879