Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add trusted CA certificate support #783

Merged
merged 1 commit into from
Apr 14, 2022
Merged

Add trusted CA certificate support #783

merged 1 commit into from
Apr 14, 2022

Conversation

nickpetrovic
Copy link
Contributor

resolves #594

jandubois
jandubois requested changes Apr 8, 2022
View reviewed changes
Copy link
Member

@jandubois jandubois left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR is missing the default.yaml and override.yaml handling in limayaml.FillDefault(), and then should get corresponding test data filled in for default_test.go as well.

examples/default.yaml Outdated Show resolved Hide resolved
examples/default.yaml Outdated Show resolved Hide resolved
pkg/cidata/template.go Show resolved Hide resolved
@jandubois
Copy link
Member

Also please add DCO signature to your commit: https://github.com/lima-vm/lima/pull/783/checks?check_run_id=5879125698

AkihiroSuda
AkihiroSuda reviewed Apr 8, 2022
View reviewed changes
examples/default.yaml Outdated Show resolved Hide resolved
jandubois
jandubois reviewed Apr 8, 2022
View reviewed changes
pkg/cidata/template.go Outdated Show resolved Hide resolved
@nickpetrovic
Copy link
Contributor Author

Also please add DCO signature to your commit: #783 (checks)

Added.

@nickpetrovic
Copy link
Contributor Author

This PR is missing the default.yaml and override.yaml handling in limayaml.FillDefault(), and then should get corresponding test data filled in for default_test.go as well.

@jandubois I think I did this correctly. The tests were a little confusing to me. Let me know if its sufficient.

@jandubois jandubois added this to the v0.10.0 milestone Apr 8, 2022
@nickpetrovic
add trusted ca certificate support
97024fb 
Signed-off-by: Nick Petrovic <4001122+nickpetrovic@users.noreply.github.com>
jandubois
jandubois reviewed Apr 14, 2022
View reviewed changes
pkg/limayaml/defaults.go
Comment on lines +465 to +469
caFiles := unique(append(append(d.CACertificates.Files, y.CACertificates.Files...), o.CACertificates.Files...))
y.CACertificates.Files = caFiles

caCerts := unique(append(append(d.CACertificates.Certs, y.CACertificates.Certs...), o.CACertificates.Certs...))
y.CACertificates.Certs = caCerts
Copy link
Member

@jandubois jandubois Apr 14, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would probably be better to check for duplicates once all the files have been read and combined with the literal certs. You might have multiple files containing the same cert, or having a file and a literal entry be the same. Or you might have ~/ca.pem and /Users/jan/ca.pem, which would be the same file, but not recognized as duplicates.

On the other hand I don't think having duplicate certs is a problem, so not marking this as a blocker.

jandubois
jandubois approved these changes Apr 14, 2022
View reviewed changes
Copy link
Member

@jandubois jandubois left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@jandubois jandubois merged commit 5e499fa into lima-vm:master Apr 14, 2022
@jandubois jandubois mentioned this pull request Apr 14, 2022
Closed
@jandubois
Copy link
Member

Note that this feature will not work with alpine-lima until lima-vm/alpine-lima#54 is implemented!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda left review comments

@jandubois jandubois jandubois approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.10.0
Development

Successfully merging this pull request may close these issues.

Provisioning should allow files and directories to be copied
3 participants
@nickpetrovic @jandubois @AkihiroSuda