Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(authsign): store additional metadata/fields in certdb #1126

Merged
merged 3 commits into from Sep 25, 2020
Merged

feat(authsign): store additional metadata/fields in certdb #1126

merged 3 commits into from Sep 25, 2020

Conversation

nickysemenza
Copy link
Member

This is a major change in that the included DB migrations must be run before the new version of cfssl is deployed.
This allows for clients (i.e. https://github.com/cloudflare/certmgr) to send some additional optional fields to /api/v1/cfssl/authsign to be stored in certdb. It also starts saving SANs, common name, and NotBefore from the issued certificates so that they can be queried without having to parse the PEM.

@codecov-commenter
Copy link

codecov-commenter commented Sep 10, 2020
edited

Codecov Report

Merging #1126 into master will decrease coverage by 1.39%.
The diff coverage is 44.82%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1126      +/-   ##
==========================================
- Coverage   56.27%   54.87%   -1.40%     
==========================================
  Files          77       77              
  Lines        7309     6620     -689     
==========================================
- Hits         4113     3633     -480     
+ Misses       2727     2532     -195     
+ Partials      469      455      -14
Impacted Files Coverage Δ
signer/local/local.go 67.71% <0.00%> (-2.00%) ⬇️
signer/signer.go 20.10% <0.00%> (-2.94%) ⬇️
certdb/sql/database_accessor.go 58.21% <100.00%> (-1.66%) ⬇️
log/log.go 52.94% <0.00%> (-7.06%) ⬇️
auth/auth.go 56.00% <0.00%> (-4.72%) ⬇️
ubiquity/ubiquity_platform.go 77.01% <0.00%> (-4.13%) ⬇️
cli/ocsprefresh/ocsprefresh.go 39.53% <0.00%> (-3.95%) ⬇️
ubiquity/performance.go 76.66% <0.00%> (-3.89%) ⬇️
helpers/derhelpers/ed25519.go 50.00% <0.00%> (-3.85%) ⬇️
certdb/dbconf/db_config.go 65.00% <0.00%> (-3.19%) ⬇️
... and 70 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2916a1f...5c528a8. Read the comment docs.

@nickysemenza nickysemenza marked this pull request as ready for review September 10, 2020 23:35
eiginn
eiginn reviewed Sep 14, 2020
View reviewed changes
certdb/pg/migrations/002_AddMetadataToCertificates.sql Outdated
ADD COLUMN tags bytea,
ADD COLUMN common_name bytea,
ADD COLUMN filename bytea,
ADD COLUMN application_name bytea;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should start the process of not using bytea type where it doesn't make sense, starting with these new columns.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'll update the pg + mysql migrations to be TEXT

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@nickysemenza
feat(authsign): store additional metadata/fields in certdb
35f9d5c 
This is a major change in that the included DB migrations *must* be run before the new version of `cfssl` is deployed.
This allows for clients (i.e. https://github.com/cloudflare/certmgr) to send some additional optional fields to `/api/v1/cfssl/authsign` to be stored in `certdb`. It also starts saving SANs, common name, and NotBefore from the issued certificates so that they can be queried without having to parse the PEM.
@nickysemenza
Copy link
Member Author

updated to move these arbitrary fields into a json column

szechuen
szechuen approved these changes Sep 25, 2020
View reviewed changes
Copy link

@szechuen szechuen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@nickysemenza nickysemenza merged commit 8090bce into cloudflare:master Sep 25, 2020
1 check passed
@nickysemenza nickysemenza deleted the store-metadata-in-certdb branch September 25, 2020 17:25
@nickysemenza nickysemenza mentioned this pull request Oct 13, 2020
Merged
nickysemenza added a commit to nickysemenza/cfssl that referenced this pull request Oct 13, 2020
@nickysemenza
fix(certdb): use sql.NullString for CertificateRecord.CommonName
c7426df 
Rows inserted before the migration in cloudflare#1126 will have the `common_name` set to NULL. This fixes selects for those rows.
nickysemenza added a commit that referenced this pull request Oct 13, 2020
@nickysemenza
Merge pull request #1135 from nickysemenza/fix-null-commonname
d1be3c2 
fix selecting rows created before migration introduced in #1126
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmunson jmunson jmunson approved these changes

@szechuen szechuen szechuen approved these changes

@mihirjham mihirjham mihirjham approved these changes

@lgarofalo lgarofalo

@maxnystrom maxnystrom

@eiginn eiginn

@mitalirawat mitalirawat

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@nickysemenza @codecov-commenter @jmunson @szechuen @mihirjham @eiginn @maxnystrom @lgarofalo