Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ADDED] Cluster tls insecure configuration #921

Merged
merged 1 commit into from Mar 11, 2019
Merged

[ADDED] Cluster tls insecure configuration #921

merged 1 commit into from Mar 11, 2019

Conversation

kozlovic
Copy link
Member

@kozlovic kozlovic commented Mar 7, 2019

Based on @softkbot PR #913.
Removed the command line parameter, which then removes the need for Options.Cluster.TLSInsecure.
Added a test with config reload.

/cc @nats-io/core

@kozlovic kozlovic mentioned this pull request Mar 7, 2019
Closed
wallyqs
wallyqs approved these changes Mar 7, 2019
View reviewed changes
Copy link
Member

@wallyqs wallyqs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, maybe should squash some of the commits before merging

@kozlovic
Copy link
Member Author

kozlovic commented Mar 7, 2019

@wallyqs Yes, but wanted to keep @softkot commits for now so he can see the changes, etc.

@coveralls
Copy link

coveralls commented Mar 7, 2019
edited

Coverage Status

Coverage decreased (-0.02%) to 91.45% when pulling 83aefdc on cluster_tls_insecure into c625970 on master.

@kozlovic
Copy link
Member Author

kozlovic commented Mar 7, 2019

@wallyqs I have updated the PR: since we use parseTLS (and getTLSConfig) in various places, and we have an exported GenTLSConfig(), I moved the setting into that function. However, when creating the server (NewServer()), I now reject InsecureSkipVerify if set in anything but the Cluster config. Let me know what you think.

wallyqs
wallyqs approved these changes Mar 7, 2019
View reviewed changes
Copy link
Member

@wallyqs wallyqs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kozlovic sounds good to prevent setting skip verify for client connection and gateways for now

derekcollison
derekcollison approved these changes Mar 9, 2019
View reviewed changes
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@softkot @kozlovic
[ADDED] Cluster tls insecure configuration
83aefdc 
Based on @softkbot PR #913.
Removed the command line parameter, which then removes the need for Options.Cluster.TLSInsecure.
Added a test with config reload.

Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
@kozlovic kozlovic merged commit 04deabf into master Mar 11, 2019
@kozlovic kozlovic deleted the cluster_tls_insecure branch March 11, 2019 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wallyqs wallyqs wallyqs approved these changes

@derekcollison derekcollison derekcollison approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@kozlovic @coveralls @wallyqs @derekcollison @softkot