Commands add connect-serviceFabricCluster commands, add optional properties defaultValue and description #855
Conversation
src/SfxWeb/src/app/views/cluster/commands/commands.component.ts
Outdated
Show resolved
Hide resolved
| let nodeTypes: INodeTypeInfo[] = [] | ||
| try { | ||
| let XMLnodeTypes = manifest.getElementsByTagName("NodeTypes")[0].getElementsByTagName("NodeType"); | ||
| private getNodeCertificatesProperty(xmlNode: Element) { |
There was a problem hiding this comment.
Don't use the values from the NodeType section, instead, use the thumbprints found inside the Security section and the common names found inside the Security/AdminClientX509Names section, the Security/ServerX509Names section and the Security/ClientX509Names
There was a problem hiding this comment.
There could be multiple certificates. For thumbprints, they would be in the format of a comma separated list, for common names, there would be multiple parameters inside each corresponding section
| }); | ||
| const findValueThumbprint = new PowershellCommandParameter("FindValue", CommandParamTypes.enum, { | ||
| required: true, | ||
| options: [...new Set(clientThumbprints.concat(clusterThumbprints))], |
There was a problem hiding this comment.
for findValue, use client certificate and admin certificate, not cluster certificate
|
|
||
| const serverThumbprint = new PowershellCommandParameter("ServerCertThumbprint", CommandParamTypes.enum, { | ||
| required: true, | ||
| options: [...new Set(serverThumbprints)], |
There was a problem hiding this comment.
There could be a secondary Server certificates listed, but only one of them would work. Since the ServerCertificate parameters accept a string array, put all of the certificates in as one value
| defaultValue: clientCommonNames[0] ?? clusterCommonNames[0] | ||
| }); | ||
|
|
||
| if (clientCommonNames.length > 0 || serverCommonNames.length > 0) { |
There was a problem hiding this comment.
For Server Certificate, it is either common name or thumbprint. However, for Client Certificates, both common name and thumbprint could exist at the same time. So maybe instead of two separate commands, it's better to have one command that already has the server certificate parameter defined, then allow the user to choose what kind of client certificate to use.
There was a problem hiding this comment.
Unsecure clusters that don't have any certificates should also be supported.
| const findValueCommonName = new PowershellCommandParameter("FindValue", CommandParamTypes.enum, { | ||
| required: true, | ||
| options: [...new Set(clientCommonNames.concat(clusterCommonNames))], | ||
| defaultValue: clientCommonNames[0] ?? clusterCommonNames[0] |
There was a problem hiding this comment.
for findValue, enable allowCustomValues so users can input their own certificate information.
| 'Creates a connection to a Service Fabric cluster using certificate thumbprint.', | ||
| connectHelp, | ||
| CommandSafetyLevel.safe, | ||
| `Connect-ServiceFabricCluster ${authType}-StoreName My -FindType FindByThumbprint`, |
There was a problem hiding this comment.
When AAD is enabled, both FindType and FindValue are not needed, only Server Certificate is needed
Commands add connect-serviceFabricCluster commands
add optional property defaultValue