From 34145bfb29c4ff1900c6f3cdd3507f96e4bfb0cc Mon Sep 17 00:00:00 2001 From: John Gallagher Date: Tue, 19 Sep 2023 14:54:16 -0700 Subject: [PATCH] review feedback --- certificates/src/lib.rs | 4 ++-- nexus/src/app/certificate.rs | 21 --------------------- nexus/src/app/silo.rs | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+), 23 deletions(-) diff --git a/certificates/src/lib.rs b/certificates/src/lib.rs index 4a30625b4a..6bd7fa32de 100644 --- a/certificates/src/lib.rs +++ b/certificates/src/lib.rs @@ -39,7 +39,7 @@ pub enum CertificateError { #[error("Error validating certificate hostname")] ErrorValidatingHostname(#[source] openssl::error::ErrorStack), - #[error("Certificate not valid for {hostname:?}: {cert_description}")] + #[error("Certificate not valid for given hostnames {hostname:?}: {cert_description}")] NoDnsNameMatchingHostname { hostname: String, cert_description: String }, #[error("Unsupported certificate purpose (not usable for server auth)")] @@ -106,7 +106,7 @@ impl CertificateValidator { /// /// If `possible_hostnames` is empty, no hostname validation is performed. /// If `possible_hostnames` is not empty, we require _at least one_ of its - /// hostnames to match the SANs (or CN, of no SANs are present) of the leaf + /// hostnames to match the SANs (or CN, if no SANs are present) of the leaf /// certificate. pub fn validate>( &self, diff --git a/nexus/src/app/certificate.rs b/nexus/src/app/certificate.rs index b0a47cc2a7..71be93f5b7 100644 --- a/nexus/src/app/certificate.rs +++ b/nexus/src/app/certificate.rs @@ -4,7 +4,6 @@ //! x.509 Certificates -use super::silo::silo_dns_name; use crate::external_api::params; use crate::external_api::shared; use nexus_db_queries::authz; @@ -14,7 +13,6 @@ use nexus_db_queries::db::lookup; use nexus_db_queries::db::lookup::LookupPath; use nexus_db_queries::db::model::Name; use nexus_db_queries::db::model::ServiceKind; -use nexus_types::identity::Resource; use omicron_common::api::external::http_pagination::PaginatedBy; use omicron_common::api::external::CreateResult; use omicron_common::api::external::DeleteResult; @@ -78,25 +76,6 @@ impl super::Nexus { } } - async fn silo_fq_dns_names( - &self, - opctx: &OpContext, - silo_id: Uuid, - ) -> ListResultVec { - let (_, silo) = - self.silo_lookup(opctx, silo_id.into())?.fetch().await?; - let silo_dns_name = silo_dns_name(&silo.name()); - let external_dns_zones = self - .db_datastore - .dns_zones_list_all(opctx, nexus_db_model::DnsGroup::External) - .await?; - - Ok(external_dns_zones - .into_iter() - .map(|zone| format!("{silo_dns_name}.{}", zone.zone_name)) - .collect()) - } - pub(crate) async fn certificates_list( &self, opctx: &OpContext, diff --git a/nexus/src/app/silo.rs b/nexus/src/app/silo.rs index e6772e164f..a53f20ec79 100644 --- a/nexus/src/app/silo.rs +++ b/nexus/src/app/silo.rs @@ -65,6 +65,25 @@ impl super::Nexus { } } + pub(crate) async fn silo_fq_dns_names( + &self, + opctx: &OpContext, + silo_id: Uuid, + ) -> ListResultVec { + let (_, silo) = + self.silo_lookup(opctx, silo_id.into())?.fetch().await?; + let silo_dns_name = silo_dns_name(&silo.name()); + let external_dns_zones = self + .db_datastore + .dns_zones_list_all(opctx, nexus_db_model::DnsGroup::External) + .await?; + + Ok(external_dns_zones + .into_iter() + .map(|zone| format!("{silo_dns_name}.{}", zone.zone_name)) + .collect()) + } + pub(crate) async fn silo_create( &self, opctx: &OpContext,