Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: bug fix to correct path checks for existing certificates prior to generation #61101

Merged
merged 1 commit into from
Feb 28, 2021
Merged

server: bug fix to correct path checks for existing certificates prior to generation #61101

merged 1 commit into from
Feb 28, 2021

Conversation

aaron-crl
Copy link

I erred in my use of os.Stat and no exists checks were correct. I've refactored the read/write
functions to perform these checks themselves. This also improves our resiliency against
races between time of check and time of use for cert/key file paths.

Part of #60632

Release justification: bug fix to enable proper automatic generation of certificates
Release note: None

@aaron-crl aaron-crl requested review from itsbilal and knz February 25, 2021 01:57
@aaron-crl aaron-crl requested a review from a team as a code owner February 25, 2021 01:57
@cockroach-teamcity
Copy link
Member

This change is Reviewable

knz
knz approved these changes Feb 25, 2021
View reviewed changes
Copy link
Contributor

@knz knz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 2 of 2 files at r1.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @aaron-crl and @itsbilal)

pkg/server/auto_tls_init.go, line 94 at r1 (raw file):

			}

			// Both key and cert should now be populated

nit: period at end of sentence

pkg/server/auto_tls_init.go, line 145 at r1 (raw file):

				// Cert exists but key doesn't, this is an error.
				return errors.Wrapf(err,
					"failed to load service certificate key for %s expected key at %s",

nit: use %q instead of %s so that paths containing spaces are more clearly readable

server: bug fix to correct path checks for existing certificates prio…
598fc1a 
…r to generation

I erred in my use of os.Stat and no checks were correct. I've refactored the read/write
functions to perform these checks themselves. This also improves our resliency against
races between time of check and time of use for cert/key file paths.

Release justification: bug fix to enable proper automatic generation of certificates
Release note: None
@aaron-crl aaron-crl force-pushed the aaron-crl_secure-init branch from 3f1260a to 598fc1a Compare February 25, 2021 16:15
aaron-crl
aaron-crl commented Feb 25, 2021
View reviewed changes
Copy link
Author

@aaron-crl aaron-crl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @itsbilal and @knz)

pkg/server/auto_tls_init.go, line 94 at r1 (raw file):

Previously, knz (kena) wrote…

nit: period at end of sentence

Done.

pkg/server/auto_tls_init.go, line 145 at r1 (raw file):

Previously, knz (kena) wrote…

nit: use %q instead of %s so that paths containing spaces are more clearly readable

Done here and elsewhere in file.

@aaron-crl
Copy link
Author

bors r+

@craig
Copy link
Contributor

craig bot commented Feb 28, 2021

Build succeeded:

@craig craig bot merged commit 9028433 into cockroachdb:master Feb 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knz knz knz approved these changes

@itsbilal itsbilal Awaiting requested review from itsbilal

Assignees
No one assigned
Labels
A-security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aaron-crl @cockroach-teamcity @knz