review feedback

oxidecomputer · Sep 19, 2023 · 34145bf · 34145bf
1 parent 94450c8
commit 34145bf
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 23 deletions.
diff --git a/certificates/src/lib.rs b/certificates/src/lib.rs
@@ -39,7 +39,7 @@ pub enum CertificateError {
     #[error("Error validating certificate hostname")]
     ErrorValidatingHostname(#[source] openssl::error::ErrorStack),
 
-    #[error("Certificate not valid for {hostname:?}: {cert_description}")]
+    #[error("Certificate not valid for given hostnames {hostname:?}: {cert_description}")]
     NoDnsNameMatchingHostname { hostname: String, cert_description: String },
 
     #[error("Unsupported certificate purpose (not usable for server auth)")]
@@ -106,7 +106,7 @@ impl CertificateValidator {
     ///
     /// If `possible_hostnames` is empty, no hostname validation is performed.
     /// If `possible_hostnames` is not empty, we require _at least one_ of its
-    /// hostnames to match the SANs (or CN, of no SANs are present) of the leaf
+    /// hostnames to match the SANs (or CN, if no SANs are present) of the leaf
     /// certificate.
     pub fn validate<S: Borrow<str>>(
         &self,

diff --git a/nexus/src/app/certificate.rs b/nexus/src/app/certificate.rs
@@ -4,7 +4,6 @@
 
 //! x.509 Certificates
 
-use super::silo::silo_dns_name;
 use crate::external_api::params;
 use crate::external_api::shared;
 use nexus_db_queries::authz;
@@ -14,7 +13,6 @@ use nexus_db_queries::db::lookup;
 use nexus_db_queries::db::lookup::LookupPath;
 use nexus_db_queries::db::model::Name;
 use nexus_db_queries::db::model::ServiceKind;
-use nexus_types::identity::Resource;
 use omicron_common::api::external::http_pagination::PaginatedBy;
 use omicron_common::api::external::CreateResult;
 use omicron_common::api::external::DeleteResult;
@@ -78,25 +76,6 @@ impl super::Nexus {
         }
     }
 
-    async fn silo_fq_dns_names(
-        &self,
-        opctx: &OpContext,
-        silo_id: Uuid,
-    ) -> ListResultVec<String> {
-        let (_, silo) =
-            self.silo_lookup(opctx, silo_id.into())?.fetch().await?;
-        let silo_dns_name = silo_dns_name(&silo.name());
-        let external_dns_zones = self
-            .db_datastore
-            .dns_zones_list_all(opctx, nexus_db_model::DnsGroup::External)
-            .await?;
-
-        Ok(external_dns_zones
-            .into_iter()
-            .map(|zone| format!("{silo_dns_name}.{}", zone.zone_name))
-            .collect())
-    }
-
     pub(crate) async fn certificates_list(
         &self,
         opctx: &OpContext,

diff --git a/nexus/src/app/silo.rs b/nexus/src/app/silo.rs
@@ -65,6 +65,25 @@ impl super::Nexus {
         }
     }
 
+    pub(crate) async fn silo_fq_dns_names(
+        &self,
+        opctx: &OpContext,
+        silo_id: Uuid,
+    ) -> ListResultVec<String> {
+        let (_, silo) =
+            self.silo_lookup(opctx, silo_id.into())?.fetch().await?;
+        let silo_dns_name = silo_dns_name(&silo.name());
+        let external_dns_zones = self
+            .db_datastore
+            .dns_zones_list_all(opctx, nexus_db_model::DnsGroup::External)
+            .await?;
+
+        Ok(external_dns_zones
+            .into_iter()
+            .map(|zone| format!("{silo_dns_name}.{}", zone.zone_name))
+            .collect())
+    }
+
     pub(crate) async fn silo_create(
         &self,
         opctx: &OpContext,