Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Added] account name checks for leaf nodes in operator mode #1739

Merged
merged 4 commits into from Nov 24, 2020
Merged

[Added] account name checks for leaf nodes in operator mode #1739

merged 4 commits into from Nov 24, 2020

Conversation

matthiashanel
Copy link
Contributor

Rules out implausible ones

Signed-off-by: Matthias Hanel mh@synadia.com

@matthiashanel
[Added] account name checks for leaf nodes in operator mode
e2e69b6 
Rules out implausible ones.

Signed-off-by: Matthias Hanel <mh@synadia.com>
kozlovic
kozlovic requested changes Nov 23, 2020
View reviewed changes
server/server.go Outdated
@@ -451,6 +451,18 @@ func NewServer(opts *Options) (*Server, error) {
return nil, fmt.Errorf("no local account %q for remote leafnode", r.LocalAccount)
}
}
} else {
if len(opts.LeafNode.Users) != 0 {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would that be possible to move those checks in validateLeafNode() which checks for options?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

absolutely, I placed them here because of the non operator mode checks. Ok to move all those checks?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That being said, I am not sure since we call this in NewServer()

if err := validateOptions(opts); err != nil {
    return nil, err
}

but before we actually process the trusted keys:

	// Trusted root operator keys.
	if !s.processTrustedKeys() {
		return nil, fmt.Errorf("Error processing trusted operator keys")
	}

would have to make sure that the validation of leafnode would still work if you move them there.

server/leafnode_test.go Outdated Show resolved Hide resolved
@matthiashanel
Incorporating comments and moving code
a8390b7 
Signed-off-by: Matthias Hanel <mh@synadia.com>
kozlovic
kozlovic requested changes Nov 24, 2020
View reviewed changes
server/leafnode.go Show resolved Hide resolved
server/leafnode.go Outdated Show resolved Hide resolved
@matthiashanel
Reducing complexity of lookup
a0dc9ea 
Signed-off-by: Matthias Hanel <mh@synadia.com>
kozlovic
kozlovic requested changes Nov 24, 2020
View reviewed changes
Copy link
Member

@kozlovic kozlovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost there :-)

server/leafnode.go Outdated Show resolved Hide resolved
server/leafnode.go Show resolved Hide resolved
@matthiashanel
Fixed comment
b0461e3 
Signed-off-by: Matthias Hanel <mh@synadia.com>
kozlovic
kozlovic approved these changes Nov 24, 2020
View reviewed changes
Copy link
Member

@kozlovic kozlovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kozlovic kozlovic merged commit 120b031 into master Nov 24, 2020
@kozlovic kozlovic deleted the leaf-warning branch November 24, 2020 19:35
This was referenced Mar 15, 2021
Closed
Closed
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kozlovic kozlovic kozlovic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@matthiashanel @kozlovic