Feature/accept mtls keys instead of paths#68
Feature/accept mtls keys instead of paths#68alexbourret wants to merge 8 commits intofeature/move-mtls-settings-to-presetsfrom
Conversation
| "label": "Path to certificate", | ||
| "description": "", | ||
| "type": "STRING", | ||
| "description": "or full certificate from -----BEGIN to END CERTIFICATE-----", |
There was a problem hiding this comment.
I would put this so the user can better understand the expected format. Same for other fields
| "description": "or full certificate from -----BEGIN to END CERTIFICATE-----", | |
| "description": "or full certificate starting with -----BEGIN CERTIFICATE", |
| @@ -130,15 +130,15 @@ | |||
| { | |||
| "name": "mtls_certificate_path", | |||
There was a problem hiding this comment.
I guess it should no longer be named path
| "name": "mtls_certificate_path", | |
| "name": "mtls_certificate", |
There was a problem hiding this comment.
I'm not sure about that one:
- we still accept path in this variable
- it will create incompatibilities with presets created during the beta testing phase, which is fine because that was a beta testing phase, but will still create some confusion...
|
|
||
| def normalize_key(key): | ||
| tempo_text = str(key) | ||
| tempo_text = tempo_text.replace("BEGIN CERTIFICATE", "BEGINCERTIFICATE") |
There was a problem hiding this comment.
By doing this we really need to be sure that the clieant won't pass in RSA or other type of keys.
| tempo_text = tempo_text.replace("END CERTIFICATE", "ENDCERTIFICATE") | ||
| tempo_text = tempo_text.replace("-----BEGIN PRIVATE KEY-----", "-----BEGINPRIVATEKEY-----") | ||
| tempo_text = tempo_text.replace("-----END PRIVATE KEY-----", "-----ENDPRIVATEKEY-----") | ||
| tempo_text = tempo_text.replace(" ", "\n") |
There was a problem hiding this comment.
Could this be avoided if the input to the cert was a textarea instead of a input field? If I understand correctly we're trying to rebuild the certificate content because it was flattened when the user pasted into the input field
There was a problem hiding this comment.
We have to use the password type here so that the certificate and key are encrypted on the instance... Using Textarea would be less safe in that regard.
2 participants
https://app.shortcut.com/dataiku/story/308017
https://app.shortcut.com/dataiku/story/311254