Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add self_signed pluginConfig #119

Merged
merged 7 commits into from
Jul 18, 2023
Merged

feat: add self_signed pluginConfig #119

merged 7 commits into from
Jul 18, 2023

Conversation

JeyJeyGao
Copy link
Collaborator

@JeyJeyGao JeyJeyGao commented Jul 13, 2023
edited
Loading

Feat:

  • added self_signed parameter in the pluginConfig for self-signed certificate (Certificates Get permission)

Fix:

  • removed as_secert pluginConfig
  • secerts get is the default behavior when self_signed and ca_certs are not set (Secrets Get permission)
  • added a message to remind user to enable secrets get permission
  • raise exception when the ca_certs is empty

Parameters logic:

  • self_signed is true && ca_certs=/path/to/cacerts ==> exception
  • self_signed is true && ca_certs is null or empty ==> get self-signed certificate with Certificates Get permission
  • self_signed is false or not set && ca_certs=/path/to/cacerts ==> get leaf certificate with Certificates Get permission and read the certificate bundle from file
  • self_signed is false or not set && ca_certs is not set or empty ==> get certificate chain with Secrets Get permission

Signed-off-by: Junjie Gao [email protected]

@JeyJeyGao JeyJeyGao requested a review from shizhMSFT July 13, 2023 03:14
@JeyJeyGao JeyJeyGao force-pushed the feat/remove_as_secret branch from e3ce8cd to 390e0cb Compare July 13, 2023 03:25
@codecov
Copy link

codecov bot commented Jul 13, 2023
edited
Loading

Codecov Report

Merging #119 (6550dd7) into main (6bf62ca) will increase coverage by 0.22%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #119      +/-   ##
==========================================
+ Coverage   93.97%   94.19%   +0.22%     
==========================================
  Files          15       15              
  Lines         448      465      +17     
==========================================
+ Hits          421      438      +17     
  Misses         27       27
Impacted Files Coverage Δ
...gin.AzureKeyVault/Certificate/CertificateBundle.cs 100.00% <100.00%> (ø)
....Plugin.AzureKeyVault/Command/GenerateSignature.cs 100.00% <100.00%> (ø)

@JeyJeyGao JeyJeyGao force-pushed the feat/remove_as_secret branch from 390e0cb to 5d13252 Compare July 13, 2023 03:27
@JeyJeyGao
fix: update doc and test
03f0f24 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao JeyJeyGao force-pushed the feat/remove_as_secret branch from 5d13252 to 03f0f24 Compare July 13, 2023 04:24
@JeyJeyGao
test: add unit test
0abb91c 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao JeyJeyGao force-pushed the feat/remove_as_secret branch from 3b2ba20 to 0abb91c Compare July 13, 2023 04:29
@JeyJeyGao
fix: optimize format
eded4d1 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao JeyJeyGao force-pushed the feat/remove_as_secret branch from 94b34bb to eded4d1 Compare July 13, 2023 05:05
@JeyJeyGao JeyJeyGao changed the title fix: remove as_secret config feat: add self_signed pluginConfig Jul 14, 2023
@JeyJeyGao JeyJeyGao force-pushed the feat/remove_as_secret branch from 58cc283 to e54868a Compare July 14, 2023 03:48
@JeyJeyGao
fix: update doc
10fc2d8 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao JeyJeyGao force-pushed the feat/remove_as_secret branch from fc138b8 to 10fc2d8 Compare July 14, 2023 04:10
@shizhMSFT shizhMSFT requested a review from Two-Hearts July 17, 2023 13:56
shizhMSFT
shizhMSFT approved these changes Jul 17, 2023
View reviewed changes
Copy link
Member

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with suggestions

docs/self-signed-workflow.md Outdated Show resolved Hide resolved
docs/self-signed-workflow.md Outdated Show resolved Hide resolved
docs/self-signed-workflow.md Outdated Show resolved Hide resolved
Notation.Plugin.AzureKeyVault/Certificate/CertificateBundle.cs Show resolved Hide resolved
@JeyJeyGao
fix: resolve comment
6550dd7 
Signed-off-by: Junjie Gao <[email protected]>
shizhMSFT
shizhMSFT approved these changes Jul 18, 2023
View reviewed changes
Copy link
Member

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Two-Hearts
Two-Hearts requested changes Jul 18, 2023
View reviewed changes
Copy link
Collaborator

@Two-Hearts Two-Hearts left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I highly recommend that we document this behavior somewhere in this Repo for user's reference, otherwise the learning experience for new users gonna be a real pain :)

Parameters logic:
self_signed is true && ca_certs=/path/to/cacerts ==> exception
self_signed is true && ca_certs is null or empty ==> get self-signed certificate with Certificates Get permission
self_signed is false or not set && ca_certs=/path/to/cacerts ==> get leaf certificate with Certificates Get permission and read the certificate bundle from file
self_signed is false or not set && ca_certs is not set or empty ==> get certificate chain with Secrets Get permission

/cc: @shizhMSFT @yizha1 @FeynmanZhou

@JeyJeyGao JeyJeyGao merged commit 38aac67 into Azure:main Jul 18, 2023
@JeyJeyGao
Copy link
Collaborator Author

I highly recommend that we document this behavior somewhere in this Repo for user's reference, otherwise the learning experience for new users gonna be a real pain :)

Parameters logic:
self_signed is true && ca_certs=/path/to/cacerts ==> exception
self_signed is true && ca_certs is null or empty ==> get self-signed certificate with Certificates Get permission
self_signed is false or not set && ca_certs=/path/to/cacerts ==> get leaf certificate with Certificates Get permission and read the certificate bundle from file
self_signed is false or not set && ca_certs is not set or empty ==> get certificate chain with Secrets Get permission

/cc: @shizhMSFT @yizha1 @FeynmanZhou

I will create a new RR to update the documentations and include your suggestion.

@JeyJeyGao JeyJeyGao mentioned this pull request Jul 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Two-Hearts Two-Hearts Two-Hearts requested changes

@shizhMSFT shizhMSFT shizhMSFT approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JeyJeyGao @shizhMSFT @Two-Hearts