Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for pki auth #94

Merged
merged 5 commits into from
Nov 7, 2023
Merged

add support for pki auth #94

merged 5 commits into from
Nov 7, 2023

Conversation

realmgic
Copy link
Member

No description provided.

spkesan
spkesan reviewed Sep 27, 2023
View reviewed changes
Copy link
Contributor

@spkesan spkesan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about having validations in conjunction with TLS configurations when PKI auth mode is used. I'll let @mphanias chip in.

observer.go Outdated
Comment on lines 105 to 108
if authMode == "external" {
clientPolicy.AuthMode = aero.AuthModeExternal
} else if authMode == "pki" {
clientPolicy.AuthMode = aero.AuthModePKI
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if authMode == "external" {
clientPolicy.AuthMode = aero.AuthModeExternal
} else if authMode == "pki" {
clientPolicy.AuthMode = aero.AuthModePKI
switch authMode {
case "internal":
clientPolicy.AuthMode = aero.AuthModeInternal
case "external":
clientPolicy.AuthMode = aero.AuthModeExternal
case "pki":
clientPolicy.AuthMode = aero.AuthModePKI
default:
log.Fatalln("Invalid auth mode: only `internal`, `external`, `pki` values are accepted.")
}

and remove line 85-86

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed. I also added the default value of "" as an option.

@spkesan
Copy link
Contributor

spkesan commented Sep 30, 2023

Thanks @realmgic .

Two things,

  1. Can you create this PR against dev branch ?
  2. And, we might want to add a validation such that when authMode is pki, clientPolicy.TlsConfig.Certificates (which contains the certiticates that the client presents to the server) must not be empty. What do you think?

@realmgic realmgic changed the base branch from master to dev September 30, 2023 13:12
spkesan
spkesan reviewed Oct 4, 2023
View reviewed changes
Copy link
Contributor

@spkesan spkesan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise, LGTM. I'll let @mphanias take a look.

observer.go Outdated Show resolved Hide resolved
@sunilvirus sunilvirus merged commit 0b4c4f1 into aerospike:dev Nov 7, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spkesan spkesan spkesan left review comments

@mphanias mphanias Awaiting requested review from mphanias

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@realmgic @spkesan @sunilvirus