Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HOSTEDCP-1344: use library-go crypto where we can #3326

Merged
merged 2 commits into from Dec 15, 2023
Merged

HOSTEDCP-1344: use library-go crypto where we can #3326

merged 2 commits into from Dec 15, 2023

Conversation

stevekuznetsov
Copy link
Contributor

go.mod: update openshift/library-go to latest

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

control-plane-pki-operator: use library-go crypto everywhere

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

@stevekuznetsov
go.mod: update openshift/library-go to latest
865b2ec 
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
@stevekuznetsov
control-plane-pki-operator: use library-go crypto everywhere
810081e 
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
@openshift-ci openshift-ci bot added area/control-plane-pki-operator Indicates the PR includes changes for the control plane PKI operator - in an OCP release area/testing Indicates the PR includes changes for e2e testing and removed do-not-merge/needs-area labels Dec 14, 2023
stevekuznetsov
stevekuznetsov commented Dec 14, 2023
View reviewed changes
Copy link
Contributor Author

@stevekuznetsov stevekuznetsov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@csrwng @sjenning PTAL - happy to delete the authority module

control-plane-pki-operator/certificatesigningcontroller/certificatesigningcontroller.go
@@ -188,3 +216,39 @@ func duration(certTTL time.Duration, expirationSeconds *int32) time.Duration {
return requestedDuration
}
}

// boundaries computes NotBefore and NotAfter:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@deads2k please let me know if you want this kind of logic to live in library-go or not

control-plane-pki-operator/certificatesigningcontroller/certificatesigningcontroller_test.go
@@ -468,7 +453,7 @@ func TestSign(t *testing.T) {
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
BasicConstraintsValid: true,
NotBefore: fakeClock.Now().Add(-5 * time.Minute),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This uncovered a bug in the test - we were always signing a short-lived certificate, so we should not be back-dating.

@stevekuznetsov stevekuznetsov changed the title use library-go crypto where we can HOSTEDCP-1344: use library-go crypto where we can Dec 14, 2023
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 14, 2023
@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 14, 2023
edited by openshift-ci bot

@stevekuznetsov: This pull request references HOSTEDCP-1344 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set.

In response to this:

go.mod: update openshift/library-go to latest

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

control-plane-pki-operator: use library-go crypto everywhere

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Dec 14, 2023

@stevekuznetsov: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@sjenning
Copy link
Contributor

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 15, 2023
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Dec 15, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sjenning, stevekuznetsov

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 15, 2023
@openshift-merge-bot openshift-merge-bot bot merged commit 9a32615 into openshift:main Dec 15, 2023
12 checks passed
@openshift-bot
Copy link

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-hypershift-container-v4.16.0-202312150810.p0.g9a32615.assembly.stream for distgit hypershift.
All builds following this will include this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enxebre enxebre Awaiting requested review from enxebre

@isco-rodriguez isco-rodriguez Awaiting requested review from isco-rodriguez

Assignees

@sjenning sjenning

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/control-plane-pki-operator Indicates the PR includes changes for the control plane PKI operator - in an OCP release area/testing Indicates the PR includes changes for e2e testing jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@stevekuznetsov @openshift-ci-robot @sjenning @openshift-bot