NOISSUE - Add cert revocation to SDK #1693
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manuio
reviewed
Jan 9, 2023
pkg/sdk/go/certs.go
Outdated
| @@ -34,7 +35,7 @@ func (sdk mfSDK) IssueCert(thingID string, keyBits int, keyType, valid, token st | |||
| } | |||
|
|
|||
| url := fmt.Sprintf("%s/%s", sdk.certsURL, certsEndpoint) | |||
| resp, err := request(http.MethodPost, token, url, d) | |||
| resp, err := request(http.MethodPost, apiutil.BearerPrefix+token, url, d) | |||
There was a problem hiding this comment.
Why are you not using sdk.processRequest here?
There was a problem hiding this comment.
Updated to used sdk.processRequest
manuio
suggested changes
Jan 9, 2023
|
|
||
| if err := errors.CheckError(resp, http.StatusOK); err != nil { | ||
| return Cert{}, err | ||
| _, body, sdkerr := sdk.processRequest(http.MethodPost, url, token, string(CTJSON), d, http.StatusCreated) |
There was a problem hiding this comment.
You should remove request method and replace it everywhere by sdk.processRequest
Codecov Report
@@ Coverage Diff @@
## master #1693 +/- ##
==========================================
+ Coverage 70.25% 70.32% +0.06%
==========================================
Files 148 148
Lines 11512 11501 -11
==========================================
Hits 8088 8088
+ Misses 2757 2745 -12
- Partials 667 668 +1
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
dborovcanin
changed the title
Closed
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
rodneyosodo
force-pushed
the
NOISSUE-clicerts
branch
from
c99e8bf
to
71805f7
Compare
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
arvindh123
reviewed
Jan 11, 2023
certs/api/responses.go
Outdated
| @@ -28,6 +28,10 @@ type certsRes struct { | |||
| created bool | |||
| } | |||
|
|
|||
| type revokeCertsRes struct { | |||
| RevocationTime time.Time `mapstructure:"revocation_time"` | |||
There was a problem hiding this comment.
Do we need the mapstructure tag ?
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
…x into NOISSUE-clicerts
dborovcanin
requested changes
Jan 11, 2023
certs/pki/vault.go
Outdated
| cReq := certRevokeReq{ | ||
| SerialNumber: serial, | ||
| SerialNumber: strings.Replace(serial, ":", "-", -1), |
There was a problem hiding this comment.
Can you add a quick comment explaining this line?
There was a problem hiding this comment.
Use http.MethodPost instead of the string in:
r := p.client.NewRequest("POST", p.revokeURL)Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
This was referenced Jan 12, 2023
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
|
Removing |
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
dborovcanin
requested changes
Jan 13, 2023
certs/mocks/pki.go
Outdated
Comment on lines
24
to
26
| const ( | ||
| keyBits = 2048 | ||
| ) |
There was a problem hiding this comment.
Inline const keyBits = 2048.
docker/addons/vault/vault-init.sh
Outdated
| vault() { | ||
| docker exec -it mainflux-vault vault "$@" | ||
| } | ||
|
|
||
| mkdir -p data | ||
|
|
||
| vault operator init 2>&1 | tee >(sed -r 's/\x1b\[[0-9;]*m//g' > data/secrets) | ||
|
|
||
| write_env |
provision/config.go
Outdated
Comment on lines
55
to
56
| // KeyBits int `json:"key_bits" toml:"key_bits"` | ||
| // KeyType string `json:"key_type"` |
There was a problem hiding this comment.
Remove commented code.
arvindh123
reviewed
Jan 13, 2023
| @@ -263,7 +263,7 @@ func (ps *provisionService) Cert(token, thingID, ttl string, keyBits int) (strin | |||
| if err != nil { | |||
There was a problem hiding this comment.
Remove the unused parameter keyBits from the function
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
dborovcanin
approved these changes
Jan 13, 2023
Comment on lines
+7
to
+12
| write_env() { | ||
| sed -i "s,MF_VAULT_UNSEAL_KEY_1=.*,MF_VAULT_UNSEAL_KEY_1=$(awk -F ": " '$1 == "Unseal Key 1" {print $2}' data/secrets)," $MAINFLUX_DIR/docker/.env | ||
| sed -i "s,MF_VAULT_UNSEAL_KEY_2=.*,MF_VAULT_UNSEAL_KEY_2=$(awk -F ": " '$1 == "Unseal Key 2" {print $2}' data/secrets)," $MAINFLUX_DIR/docker/.env | ||
| sed -i "s,MF_VAULT_UNSEAL_KEY_3=.*,MF_VAULT_UNSEAL_KEY_3=$(awk -F ": " '$1 == "Unseal Key 3" {print $2}' data/secrets)," $MAINFLUX_DIR/docker/.env | ||
| sed -i "s,MF_VAULT_TOKEN=.*,MF_VAULT_TOKEN=$(awk -F ": " '$1 == "Initial Root Token" {print $2}' data/secrets)," $MAINFLUX_DIR/docker/.env | ||
| } |
arvindh123
reviewed
Jan 24, 2023
| resp, err := p.client.RawRequest(r) | ||
| if resp != nil { | ||
| defer resp.Body.Close() | ||
| TTL: fmt.Sprintf("%sh", ttl), |
There was a problem hiding this comment.
Do we need to add h prefix to ttl ?
Why the request can we with any prefix like h,m, s
rodneyosodo
added a commit
to rodneyosodo/magistrala
that referenced
this pull request
Feb 2, 2023
* initial commit Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * fix certificate revoking Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * change from mapstructure to json Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * add comments to serial modification Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * fix typo Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * update vault docker version Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * write env variables Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * change env path Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * return revocation time Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * revert to intermediate CA Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove deadcode Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * make revoke cert output readable Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove keybits and keytype Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove dead code Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * make inline Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * add empty line Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove commented code Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove keyBits Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove keyBits Signed-off-by: rodneyosodo <socials@rodneyosodo.com> Signed-off-by: rodneyosodo <socials@rodneyosodo.com> Co-authored-by: rodneyosodo <socials@rodneyosodo.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com>
rodneyosodo
added a commit
to rodneyosodo/magistrala
that referenced
this pull request
Feb 6, 2023
* initial commit Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * fix certificate revoking Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * change from mapstructure to json Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * add comments to serial modification Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * fix typo Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * update vault docker version Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * write env variables Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * change env path Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * return revocation time Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * revert to intermediate CA Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove deadcode Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * make revoke cert output readable Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove keybits and keytype Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove dead code Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * make inline Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * add empty line Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove commented code Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove keyBits Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove keyBits Signed-off-by: rodneyosodo <socials@rodneyosodo.com> Signed-off-by: rodneyosodo <socials@rodneyosodo.com> Co-authored-by: rodneyosodo <socials@rodneyosodo.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this do?
Fix issue certs SDK by adding BearerPrefix and changing validity to ttl
Which issue(s) does this PR fix/relate to?
Resolves #1700.
Resolves #1697
Closes #1225.
List any changes that modify/break current functionality
N/A
Have you included tests for your changes?
No
Did you document any new/modified functionality?
No
Notes
N/A