WIP: in depth tls certificate validations for routes #1824
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if err != nil { | ||
| msg := fmt.Sprintf("the certificate and key were not able to be parsed: %s", err.Error()) | ||
| //no value set on this, it is a multi-field validation | ||
| result = append(result, fielderrors.NewFieldInvalid("certificate/key", "", msg)) |
There was a problem hiding this comment.
json path - "certificate" or "key", not /
pweil-
changed the title
| } | ||
|
|
||
| // decodeNewlines is utility to remove the json formatted newlines from a cert | ||
| func decodeNewlines(s string) string { |
There was a problem hiding this comment.
the fact that we need to do this makes me feel like we're missing something... newline to []byte and back should be transparent... we shouldn't need to fiddle with escaped newlines
There was a problem hiding this comment.
this is a holdover from defining a cert inside the route's json. The newlines need escaped in the json and translate just fine when you write the file to disk. When you try to load the json value like I'm doing though...not so much. If there is a better way then we should definitely use it and get rid of this method.
There was a problem hiding this comment.
newlines should be in the JSON strings as "\n"... are they not? if so, parsing the JSON should result in a string with newlines, not literal "\n" strings
|
What's the status of this pull? |
|
in progress, just has been neglected in favor of security contexts and default certs. Will finish this week. |
|
Origin Action Required: Pull request cannot be automatically merged, please rebase your branch from latest HEAD and push again |
|
Post 3.0 |
|
Needs rebase |
|
@pweil- Bump |
|
closing. The router will soon have a mechanism to report route status and will be able to specify reason codes such as an invalid certificate. This should move to the router. |
|
Hello has this been fixed? And in what version? Thanks! |
|
Fixed in the latest 3.2.x release. |
jboyd01
pushed a commit
to jboyd01/origin
that referenced
this pull request
Mar 26, 2018
…service-catalog/' changes from c3e3071633..231772fcc0 231772fcc0 origin build: add origin tooling 98af588 v0.1.11 release changes 01e2f90 v0.1.10 release changes 49af948 clear polling queue before starting new operation (openshift#1855) 252958e Refactor common serviceclass validations (openshift#1858) 68f55c6 Catalog Controller should listen on https and serve metrics over TLS secured channel (openshift#1851) 5d0f773 Refactor common broker validations (openshift#1865) eeaf285 Add NamespacedServiceBroker switch to helm chart (openshift#1864) d2c960c Add NamespacedServiceBroker Feature (openshift#1863) ef15310 Fix NamespaceScoped doc text for ns types (openshift#1862) 8d0a637 fix async deprovision retry (openshift#1832) a918a16 Update registry code from serviceclass to clusterserviceclass (openshift#1852) 4dfd13c Bump dependency on go-open-service-broker-client to 0.0.6 (openshift#1856) 958b7cd Rename SharedServicePlanSpec to CommonServicePlanSpec (openshift#1850) 426aec3 pick a better random port to listen on in integration tests (openshift#1844) 6a59ada OrphanMitigation condition and different handling of retry timeout (openshift#1789) c9b8f60 Extracting common broker spec elements into embeddable struct (openshift#1841) 3f8fab6 Extract common service class spec fields (openshift#1834) 93dab13 Support for OSB [PR#452](openservicebrokerapi/servicebroker#452). (openshift#1849) 5e1e90d [WIP] Pass correct plan ID in deprovision request (for both deleting and orphan mitigation) (openshift#1847) 74f73c0 disable tests for deployment stage (openshift#1845) 82fc6e4 Revert "Pass correct plan ID in deprovision request (for both deleting and orphan mitigation) (openshift#1803)" (openshift#1843) 94b5795 gitignore integration.test binary (openshift#1840) 014c468 Extracting common plan spec into embeddable struct (openshift#1833) 5d7041b Use k8s NewUUID method exclusively (openshift#1836) eac3f96 A new test was added after prechecks happened for last pr. (openshift#1838) 4b5d159 Pass correct plan ID in deprovision request (for both deleting and orphan mitigation) (openshift#1803) cc02f0e [svcat] Adding a filter to get plan. (openshift#1758) 70afb56 reset RemovedFromBroker flag on plans that are re-added by broker (openshift#1824) 712dd4a Add behavior to print deleted instance name (openshift#1806) 55505be Update catalog charts README configuration (openshift#1823) 6426c98 Controller reconciliation rework - part 2 (ServiceBinding) (openshift#1819) c606560 Integrate svcat docs with Service Catalog's (openshift#1784) e9aeeb0 Synchronize some generated code that was missed along the way (openshift#1801) a63ebf7 Fix failing test: TestReconcileServiceInstanceWithFailedCondition (openshift#1813) 07ef743 Controller reconciliation rework - part 1 (ServiceInstance) (openshift#1779) a7d602b Export the touch instance command (openshift#1809) bddb9a7 Allow retries for instances with Failed condition after spec changes (openshift#1751) a777af5 Add enhanced parameter options to provision (openshift#1785) fd1a0b9 Print deleted bindings (openshift#1799) 36d437a Adding the ability to sync a service instance (openshift#1762) 1f60676 Remove Failed condition if there was no terminal failure (openshift#1788) cd831de allow brokers to respond to getCatalog() with no services (openshift#1772) (openshift#1781) e5c37ad Add ObservedGeneration and Provisioned into ServiceInstanceStatus (openshift#1748) 9021d8b Add carolynvs to OWNERS (openshift#1780) b7643d6 Add all-namespaces flag to svcat (openshift#1782) 01e652f Use docker to interact with files made by docker (openshift#1777) REVERT: c3e3071633 origin build: add origin tooling git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog git-subtree-split: 231772fcc00be08b6b2665a39c4a3bacb0b2271f
jboyd01
pushed a commit
to jboyd01/origin
that referenced
this pull request
Mar 27, 2018
…service-catalog/' changes from c3e3071633..231772fcc0 231772fcc0 origin build: add origin tooling 98af588 v0.1.11 release changes 01e2f90 v0.1.10 release changes 49af948 clear polling queue before starting new operation (openshift#1855) 252958e Refactor common serviceclass validations (openshift#1858) 68f55c6 Catalog Controller should listen on https and serve metrics over TLS secured channel (openshift#1851) 5d0f773 Refactor common broker validations (openshift#1865) eeaf285 Add NamespacedServiceBroker switch to helm chart (openshift#1864) d2c960c Add NamespacedServiceBroker Feature (openshift#1863) ef15310 Fix NamespaceScoped doc text for ns types (openshift#1862) 8d0a637 fix async deprovision retry (openshift#1832) a918a16 Update registry code from serviceclass to clusterserviceclass (openshift#1852) 4dfd13c Bump dependency on go-open-service-broker-client to 0.0.6 (openshift#1856) 958b7cd Rename SharedServicePlanSpec to CommonServicePlanSpec (openshift#1850) 426aec3 pick a better random port to listen on in integration tests (openshift#1844) 6a59ada OrphanMitigation condition and different handling of retry timeout (openshift#1789) c9b8f60 Extracting common broker spec elements into embeddable struct (openshift#1841) 3f8fab6 Extract common service class spec fields (openshift#1834) 93dab13 Support for OSB [PR#452](openservicebrokerapi/servicebroker#452). (openshift#1849) 5e1e90d [WIP] Pass correct plan ID in deprovision request (for both deleting and orphan mitigation) (openshift#1847) 74f73c0 disable tests for deployment stage (openshift#1845) 82fc6e4 Revert "Pass correct plan ID in deprovision request (for both deleting and orphan mitigation) (openshift#1803)" (openshift#1843) 94b5795 gitignore integration.test binary (openshift#1840) 014c468 Extracting common plan spec into embeddable struct (openshift#1833) 5d7041b Use k8s NewUUID method exclusively (openshift#1836) eac3f96 A new test was added after prechecks happened for last pr. (openshift#1838) 4b5d159 Pass correct plan ID in deprovision request (for both deleting and orphan mitigation) (openshift#1803) cc02f0e [svcat] Adding a filter to get plan. (openshift#1758) 70afb56 reset RemovedFromBroker flag on plans that are re-added by broker (openshift#1824) 712dd4a Add behavior to print deleted instance name (openshift#1806) 55505be Update catalog charts README configuration (openshift#1823) 6426c98 Controller reconciliation rework - part 2 (ServiceBinding) (openshift#1819) c606560 Integrate svcat docs with Service Catalog's (openshift#1784) e9aeeb0 Synchronize some generated code that was missed along the way (openshift#1801) a63ebf7 Fix failing test: TestReconcileServiceInstanceWithFailedCondition (openshift#1813) 07ef743 Controller reconciliation rework - part 1 (ServiceInstance) (openshift#1779) a7d602b Export the touch instance command (openshift#1809) bddb9a7 Allow retries for instances with Failed condition after spec changes (openshift#1751) a777af5 Add enhanced parameter options to provision (openshift#1785) fd1a0b9 Print deleted bindings (openshift#1799) 36d437a Adding the ability to sync a service instance (openshift#1762) 1f60676 Remove Failed condition if there was no terminal failure (openshift#1788) cd831de allow brokers to respond to getCatalog() with no services (openshift#1772) (openshift#1781) e5c37ad Add ObservedGeneration and Provisioned into ServiceInstanceStatus (openshift#1748) 9021d8b Add carolynvs to OWNERS (openshift#1780) b7643d6 Add all-namespaces flag to svcat (openshift#1782) 01e652f Use docker to interact with files made by docker (openshift#1777) REVERT: c3e3071633 origin build: add origin tooling git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog git-subtree-split: 231772fcc00be08b6b2665a39c4a3bacb0b2271f
jpeeler
added a commit
to jpeeler/origin
that referenced
this pull request
Jun 5, 2018
…service-catalog/' changes from c3e3071633..abec8bcc89 abec8bcc89 UPSTREAM: Only validate status on updates df5ab09c9a UPSTREAM: reset RemovedFromBroker flag on plans that are re-added by broker (openshift#1824) git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog git-subtree-split: abec8bcc8984d5612aa51aef445a4aaf7d910963
Miciah
pushed a commit
to Miciah/origin
that referenced
this pull request
Jun 27, 2018
…service-catalog/' changes from c3e3071633..b65141ce43 b65141ce43 reset RemovedFromBroker flag on plans that are re-added by broker (openshift#1824) git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog git-subtree-split: b65141ce4380126d83d2968f3f4d02a3af958601
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Part 2 of strengthening the router validations. This PR includes validation for
@smarterclayton @liggitt PTAL