Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

ref(cert): remove expiration field from osm-ca-bundle secret data #4472

Merged
merged 1 commit into from
Jan 27, 2022

Conversation

jaellio
Copy link
Contributor

@jaellio jaellio commented Jan 24, 2022

Description:

Removes the use of the required expiration date data field in the
osm-ca-bundle. The certificate's expiration can be obtained
directly from the certificate rather than from the expiration
field.

This change also updates the logs in GetCertificateFromSecret to
reflect the broader use of the function.

Updates ca_test.go to use go testing package rather than ginko
and gomega. Adds checks for notAfter and expiration values on
the x509 certificate and the certificator respectively.

Note: It is no longer necessary to perform any formatting on
expiration time.

Resolves #4467

Testing done:

  • Updated unit tests to verify the expiration is correctly set using the notAfter value obtained from the decoded x509 cert
  • On a kind cluster ran the automated demo
    • verified osm-ca-bundle formatting when it was created by OSM using Tresor as the certificate provider
    • verified OSM successfully obtained data from the osm-ca-bundle secret without an expiration field when created by the user

Affected area:

Functional Area
New Functionality [ ]
CI System [ ]
CLI Tool [ ]
Certificate Management [x]
Control Plane [ ]
Demo [ ]
Documentation [ ]
Egress [ ]
Ingress [ ]
Install [ ]
Networking [ ]
Observability [ ]
Performance [ ]
SMI Policy [ ]
Security [ ]
Sidecar Injection [ ]
Tests [ ]
Upgrade [ ]
Other [ ]

Please answer the following questions with yes/no.

  1. Does this change contain code from or inspired by another project? No

    • Did you notify the maintainers and provide attribution?
  2. Is this a breaking change? No

  3. Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)? No - will make a follow-up PR in the docs repo

@codecov-commenter
Copy link

Codecov Report

Merging #4472 (8674854) into main (a0c9a86) will decrease coverage by 0.04%.
The diff coverage is 53.84%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4472      +/-   ##
==========================================
- Coverage   69.19%   69.14%   -0.05%     
==========================================
  Files         212      212              
  Lines       14580    14573       -7     
==========================================
- Hits        10089    10077      -12     
- Misses       4439     4444       +5     
  Partials       52       52              
Flag Coverage Δ
unittests 69.14% <53.84%> (-0.05%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/certificate/providers/tresor/ca.go 68.96% <44.44%> (-3.19%) ⬇️
pkg/certificate/providers/config.go 76.76% <75.00%> (-1.37%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a0c9a86...8674854. Read the comment docs.

Removes the use of the required expiration date data field in the
osm-ca-bundle. The certificate's expiration can be obtained
directly from the certificate rather than from the expiration
field.

This change also updates the logs in GetCertificateFromSecret to
reflect the broader use of the function.

Resolves openservicemesh#4467

Signed-off-by: jaellio <[email protected]>
@jaellio jaellio marked this pull request as ready for review January 26, 2022 22:12
Copy link
Member

@shashankram shashankram left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jaellio

@jaellio jaellio merged commit 0c0d99f into openservicemesh:main Jan 27, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Remove "expiration" field from osm-ca-bundle secret
5 participants