New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cli: consul tls: create private keys with mode 0600 #11781
Conversation
This applies to consul tls ca create consul tls cert create -client consul tls cert create -server Closes: hashicorp#11741
Friendly ping @Amier3 :-) |
Thanks for the contribution @marco-m , it's much appreciated! We'll try to get this reviewed and merged as soon as we can, i'll note that their may be a bit of a delay due to the holidays. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! This looks great.
I've pushed one commit which adds a changelog entry. That should re-run some of the flaky tests as well. If CI is still happy I will merge.
if want, have := fs.FileMode(0600), fi.Mode().Perm(); want != have { | ||
t.Fatalf("private key file %s: permissions: want: %o; have: %o", keyPath, want, have) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I generally we try to use require.Equal
to match the other assertions, but this is ok too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @dnephin, I had noticed that consul uses testify; I went with this style is because I am used to it and thought that I could not express the same with testify, but now that I think about it, I could have passed the two integers to require.Assert; on the other hand I wanted to put in the error message also the file path... I should have searched before if there was a way to do so with testify.
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/535488. |
🍒✅ Cherry pick of commit 1eb3178 onto |
cli: consul tls: create private keys with mode 0600
🍒✅ Cherry pick of commit 1eb3178 onto |
cli: consul tls: create private keys with mode 0600
🍒✅ Cherry pick of commit 1eb3178 onto |
cli: consul tls: create private keys with mode 0600
This applies to
consul tls ca create
consul tls cert create -client
consul tls cert create -server
Closes: #11741