-
Notifications
You must be signed in to change notification settings - Fork 549
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix creation of vault_pki_secret_backend_root_sign_intermediate
resource with zero path length
#2253
Conversation
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
+1 |
sorry to bother, any timeline it get merge? |
Hi @vaerh, would you mind signing the CLA? I'm not exactly sure what is going on as there are conflicting messages in this PR, perhaps the email used on the commit didn't match the Github user (just a guess)? |
I was surprised by two posts myself. I signed the CLA back in May when I created the PR. I have two email addresses in my profile and will check a little later to see what's going on. |
Thanks @vaerh! If possible could you look into adding a test case for the field so we protect against further regressions? If time is an issue, please let me know and I can look into it. |
No problem. It'll take a little time |
@stevendpclark Completed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @vaerh,
Thanks for adding the test! I've spotted a few issues in the test that was added
- Currently the test fails
TestPkiSecretBackendRootSignIntermediate_basic_der
as the certificate is not PEM encoded but a base64 encoded der - I believe the reflect.DeepEqual needs to be negated but it is also comparing a string and an int which I don't believe will ever work.
- I just noticed that we have the same issue of max_path_length within
vault_pki_secret_backend_root_cert
- We are missing a changelog entry for this bug.
That was a lot of different feedback, if you wish I've codified it all within this gist as a patch. I didn't feel comfortable pushing this to your main branch on this PR so feel free to apply it.
Thanks again!
I apologize for my inattention here. I'll fix it! |
When filling the data map, values are incorrectly evaluated using the `GetOk` function, so zero integer values are discarded. For this reason it is not possible to set the `max_path_length = 0` restriction for a certificate. Co-authored-by: Steven Clark <[email protected]>
@stevendpclark Thank you very much for your help! A little offtopic, do you know if there are any plans to add the ability to change |
Hey @vaerh, Thanks for fixing that up, there seems to be a conflict on the changelog file, would you mind fixing that up and I can merge this in.
If you are referring to Vault itself, I believe you can now do that on 1.18.x. If it is in regard to syncing up that functionality within TFVP it's on the to do list but I'd be happy to review any submission if you'd be interested in contributing. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @vaerh for the contribution!
You're welcome, it was a pleasure working with you! Some time ago I needed to create a PKI specifying |
Description
When filling the data map, values are incorrectly evaluated using the
GetOk
function, so zero integer values are discarded. For this reason it is not possible to set themax_path_length = 0
restriction for a certificate.Checklist
Output from acceptance testing:
Community Note