Add the ability to customise the details of the CA #17309

lhaig · 2023-05-25T05:34:23Z

Allow operators to customise the CA created using nomad tls ca create

.changelog/17309.txt

jrasell

I have added some initial comments inline along with an internal note about a change I believe is required for this to work. It would also be nice if new tests used must rather than require, so we continue moving towards this library.

command/tls_ca_create.go

helper/tlsutil/generate.go

jrasell

Thanks for the changes @lhaig; I left some comments inline, mostly stylistic ones and some areas we could reduce the amount of code.

I feel we could make some changes to the validation logic as well after testing this locally. I would expect to be able to modify only the organizational-unit for example, however, when running this I get an error:

./pkg/darwin_arm64/nomad tls ca create --organizational-unit="nomad engineering"
please provide the -common-name flag when customizing the CA

I therefore think we need some type of merge function, which merges default values onto a potentially partially populated opts struct.

helper/tlsutil/generate.go

jrasell

Some inline comments. It would probably also be nice to expand on the command description, given that defaults don't take effect if you modify certain parameters.

command/tls_ca_create.go

helper/tlsutil/generate.go

command/tls_ca_create.go

Add changelog entry

Co-authored-by: James Rasell <[email protected]>

Added the ability to provide custom data to create CAs improved testing.

Update Tests

@jrasell

Apply suggestion by @jrasell to compose the function off the struct.

jrasell

LGTM, thanks so much @lhaig!

lhaig marked this pull request as draft May 25, 2023 05:34

vercel bot deployed to Preview – nomad-storybook-and-ui May 25, 2023 05:43 View deployment

lhaig marked this pull request as ready for review May 25, 2023 07:26

lhaig requested review from tgross and jrasell and removed request for tgross and jrasell May 25, 2023 07:27

jrasell reviewed May 25, 2023

View reviewed changes

.changelog/17309.txt Outdated Show resolved Hide resolved

jrasell requested changes May 25, 2023

View reviewed changes

command/tls_ca_create.go Show resolved Hide resolved

command/tls_ca_create.go Outdated Show resolved Hide resolved

helper/tlsutil/generate.go Outdated Show resolved Hide resolved

jrasell self-assigned this May 25, 2023

vercel bot deployed to Preview – nomad-storybook-and-ui May 26, 2023 12:16 View deployment

vercel bot deployed to Preview – nomad-storybook-and-ui June 5, 2023 19:18 View deployment

vercel bot deployed to Preview – nomad-storybook-and-ui June 6, 2023 07:45 View deployment

lhaig force-pushed the f-command-tls-ca-update branch from db6f1da to 47b7fa2 Compare June 6, 2023 08:26

vercel bot deployed to Preview – nomad-storybook-and-ui June 6, 2023 08:31 View deployment

lhaig requested a review from jrasell June 6, 2023 09:49

jrasell requested changes Jun 8, 2023

View reviewed changes

helper/tlsutil/generate.go Outdated Show resolved Hide resolved

helper/tlsutil/generate.go Outdated Show resolved Hide resolved

helper/tlsutil/generate.go Outdated Show resolved Hide resolved

vercel bot deployed to Preview – nomad-storybook-and-ui June 8, 2023 08:41 View deployment

lhaig force-pushed the f-command-tls-ca-update branch from 3ca5aa6 to 4c202ef Compare June 15, 2023 18:04

vercel bot deployed to Preview – nomad-storybook-and-ui June 15, 2023 18:09 View deployment

lhaig requested a review from jrasell June 16, 2023 08:28

jrasell requested changes Jun 19, 2023

View reviewed changes

lhaig and others added 8 commits June 23, 2023 16:15

Add the ability to customise the details of the CA

0c418c8

Create 17309.txt

36ef94a

Add changelog entry

Update .changelog/17309.txt

3e59966

Co-authored-by: James Rasell <[email protected]>

Add the Ability to customize the CA

96e921c

Added the ability to provide custom data to create CAs improved testing.

Update tls_ca_create_test.go

4da2936

Update Tests

Update generate.go

8cf9c47

Apply suggestion by @jrasell to compose the function off the struct.

Update ca create code to be more generic for later usage.

ff6e6bf

Update with suggestions from @jrasell

4bc9d81

lhaig force-pushed the f-command-tls-ca-update branch from d8fb7c5 to 4bc9d81 Compare June 23, 2023 14:15

vercel bot deployed to Preview – nomad-storybook-and-ui June 23, 2023 14:21 View deployment

lhaig requested a review from jrasell June 23, 2023 14:43

jrasell approved these changes Jul 11, 2023

View reviewed changes

jrasell merged commit 1541358 into main Jul 11, 2023

jrasell deleted the f-command-tls-ca-update branch July 11, 2023 07:53

lgfa29 mentioned this pull request Feb 6, 2024

TLS CA create command with name-constraint #19836

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add the ability to customise the details of the CA #17309

Add the ability to customise the details of the CA #17309

lhaig commented May 25, 2023

jrasell left a comment

jrasell left a comment

jrasell left a comment

jrasell left a comment

Add the ability to customise the details of the CA #17309

Add the ability to customise the details of the CA #17309

Conversation

lhaig commented May 25, 2023

jrasell left a comment

Choose a reason for hiding this comment

jrasell left a comment

Choose a reason for hiding this comment

jrasell left a comment

Choose a reason for hiding this comment

jrasell left a comment

Choose a reason for hiding this comment