Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First version of the tls-requirer operator #1

Merged
merged 13 commits into from
May 16, 2023
Merged

First version of the tls-requirer operator #1

merged 13 commits into from
May 16, 2023

Conversation

gruyaume
Copy link
Collaborator

Overview

First version of the tls-requirer operator. Charm that requests X.509 certificates using the tls-certificates interface.

It uses the user-provided subject configuration to generate a certificate signing request
(CSR) that will be inserted into its unit relation data as soon as the tls-certificates relation
is created. In return, the certificate provider should use this CSR, generate a certificate,
and provide it back into their application relation data.

This charm is useful when developing and testing certificate providers.

Usage

Deploy the charm and relate it to a certificate provider:

juju deploy tls-requirer-operator
juju relate tls-requirer-operator <TLS Certificates Provider>

Access the generated certificate:

juju run tls-requirer-operator/leader get-certificate

Limitations

This charm doesn't scale up.

Relations

  • tls-certificates: Used for charms that require/provide TLS certificates.

github-advanced-security[bot]
github-advanced-security bot found potential problems May 14, 2023
View reviewed changes
src/charm.py Fixed Show fixed Hide fixed
src/charm.py Fixed Show fixed Hide fixed
src/charm.py Fixed Show fixed Hide fixed
lib/charms/tls_certificates_interface/v2/tls_certificates.py
provider_relation_data = _load_relation_data(event.relation.data[self.charm.app])
if not self._relation_data_is_valid(requirer_relation_data):
logger.warning(
f"Relation data did not pass JSON Schema validation: {requirer_relation_data}"

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (certificate)](1) as clear text.
github-advanced-security[bot]
github-advanced-security bot found potential problems May 15, 2023
View reviewed changes
src/charm.py
content=certificate_secret_content,
label=CERTIFICATE_SECRET_LABEL,
)
logger.info(f"New certificate is stored: {event.certificate}")

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (certificate)](1) as clear text.
@gruyaume gruyaume requested a review from a team May 15, 2023 17:38
ghislainbourgeois
ghislainbourgeois requested changes May 15, 2023
View reviewed changes
.github/workflows/publish-charm.yaml Outdated Show resolved Hide resolved
config.yaml Outdated Show resolved Hide resolved
src/charm.py Outdated Show resolved Hide resolved
src/charm.py Outdated Show resolved Hide resolved
gruyaume and others added 4 commits May 16, 2023 09:16
@gruyaume @ghislainbourgeois
Update config.yaml
2d3bd8a 
Co-authored-by: Ghislain Bourgeois <ghislain.bourgeois@gmail.com>
@gruyaume @ghislainbourgeois
Update src/charm.py
b5b4a8d 
Co-authored-by: Ghislain Bourgeois <ghislain.bourgeois@gmail.com>
@gruyaume
Improves password generation
00c21a3
@gruyaume
Removes upload of charmcraft logs
41dc61b
@gruyaume gruyaume merged commit 6a1f52c into main May 16, 2023
@gruyaume gruyaume deleted the dev-init branch May 16, 2023 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ghislainbourgeois ghislainbourgeois ghislainbourgeois approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gruyaume @ghislainbourgeois