Skip to content

6 every deployment replaces the bridge certificate #112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Jul 19, 2023
Merged

6 every deployment replaces the bridge certificate #112

merged 12 commits into from
Jul 19, 2023

Conversation

pudkrong
Copy link
Contributor

@pudkrong pudkrong commented Jul 14, 2023
edited
Loading

In development environment, the generated certificates are saved into certificates folder and will be reused if they are existing. Therefore, there are no change in CDK.

However, in deployment workflow, the certificates folder never exists. So, the certificates are created every time and cause changes in CDK.

In this PR, I have backup the certificates in SSM and restore them if exists.

@pudkrong pudkrong linked an issue Jul 14, 2023 that may be closed by this pull request
Every deployment replaces the Bridge certificate #6
Closed
@pudkrong pudkrong temporarily deployed to ci July 16, 2023 15:37 — with GitHub Actions Inactive
@pudkrong pudkrong marked this pull request as ready for review July 17, 2023 09:07
@pudkrong pudkrong requested a review from coderbyheart as a code owner July 17, 2023 09:07
coderbyheart
coderbyheart requested changes Jul 17, 2023
View reviewed changes
@coderbyheart
Copy link
Member

I've changed the Settings API in 34e04b9 ... so that only used scope/system combinations are documented which also makes it easier to introduce new scopes.

@pudkrong pudkrong force-pushed the 6-every-deployment-replaces-the-bridge-certificate branch from 26b1db1 to a43bdf5 Compare July 17, 2023 12:52
@coderbyheart
Copy link
Member

New scope:

export enum Scope {
...
	NRFCLOUD_BRIDGE_CONFIG = 'nrfcloud/bridge'
...
}

@pudkrong pudkrong force-pushed the 6-every-deployment-replaces-the-bridge-certificate branch from a43bdf5 to 54bc3d6 Compare July 18, 2023 09:49
@pudkrong pudkrong temporarily deployed to ci July 18, 2023 10:21 — with GitHub Actions Inactive
@pudkrong pudkrong requested a review from coderbyheart July 18, 2023 12:00
coderbyheart
coderbyheart requested changes Jul 18, 2023
View reviewed changes
@pudkrong pudkrong temporarily deployed to ci July 18, 2023 22:35 — with GitHub Actions Inactive
@pudkrong pudkrong requested a review from coderbyheart July 18, 2023 22:50
@coderbyheart
refactor: remove backupCertificatesToSSM
5d27516 
Use the existing settings API instead
and extract the reading of a map of files
to a separate function
@coderbyheart coderbyheart temporarily deployed to ci July 19, 2023 08:40 — with GitHub Actions Inactive
coderbyheart
coderbyheart reviewed Jul 19, 2023
View reviewed changes
bridge/certificatesSSM.ts Outdated
if (parameterNamePrefix in parameters) {
const certificatesInSSM = parameters[parameterNamePrefix]
for (const key in certificates) {
if (typeof certificatesInSSM === 'object' && key in certificatesInSSM) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: this is a hack, it does not match the type of parameters.

@coderbyheart
refactor: remove restoreCertificatesFromSSM
55a4536 
Use the existing settings API instead
and extract the reading of a map of files
to a separate function

This also fixes the issue with the proposed implementation
that goes around the settings API types
@coderbyheart coderbyheart temporarily deployed to ci July 19, 2023 09:01 — with GitHub Actions Inactive
@coderbyheart
fix: map from keys to path names and validate restored object
9488f7d 
Previously the certificate map was not validated
whether it is complete
@coderbyheart coderbyheart temporarily deployed to ci July 19, 2023 09:36 — with GitHub Actions Inactive
@coderbyheart coderbyheart merged commit 51cb827 into saga Jul 19, 2023
@coderbyheart coderbyheart deleted the 6-every-deployment-replaces-the-bridge-certificate branch July 19, 2023 09:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderbyheart coderbyheart coderbyheart requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Every deployment replaces the Bridge certificate
2 participants
@pudkrong @coderbyheart