Missing configuration schema for key types

Created on 14 September 2023, over 1 year ago
Updated 15 September 2024, 3 months ago

Problem/Motivation

There is missing configuration schema for key.type.asymmetric_private and key.type.asymmetric_public

πŸ› Bug report
Status

Fixed

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States dave reid Nebraska USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @dave reid
  • πŸ‡ΊπŸ‡ΈUnited States John Franklin

    John Franklin β†’ made their first commit to this issue’s fork.

  • Assigned to roderik
  • Status changed to Needs review 6 months ago
  • πŸ‡ΊπŸ‡ΈUnited States John Franklin

    MR filed, assigning to @roderik for review.

  • Status changed to RTBC 4 months ago
  • πŸ‡³πŸ‡±Netherlands roderik Amsterdam,NL / Budapest,HU

    Thank you for this. It looks good. I tested.

    Random blabbering:

    I needed to remember what the structure of these properties was. There are:

    • Properties like "format" and "key_size"
      • are extracted from the key itself (which is likely referenced in the key_provider_settings, as e.g. an environment variable or file name
      • are therefore not independent, and we don't really lose info if we don't store them.
      • but the README gives an explicit example of using them for e.g. selecting a specific key. So it makes sense to export/re-import them in config.
      • are optional: the user can enter an unrecognized key/cert and check the "do not validate" box. But nothing config-related is complaining if these properties don't exist: good.
    • Property "comment" (and maybe I missed another one)
      • You haven't defined it in the config schema, though it's extracted (if set)
      • But given the above and the fact that it's not used in selection, I am agnostic to including it in the config schema.
      • I would have said "include it in the schema" if we were using/displaying the info anywhere. But we aren't.
  • πŸ‡ΊπŸ‡ΈUnited States John Franklin

    The patch focused on what I saw in some sample configs, without making any judgement about whether or not it is appropriate it is to include, or if anything is missing.

    If I'm going to update to make config consistent, then I'm inclined to exclude from the config anything extracted from the key that is just stored for caching purposes. That would mean keeping the fingerprint to verify a key passed in by environment variable is the expected key, and excluding format, key_size, etc.

  • Issue was unassigned.
  • Status changed to Fixed 4 months ago
  • πŸ‡ΊπŸ‡ΈUnited States John Franklin

    @roderik Since you've marked this as RTBC, I'll merge the branch so we have some schema in place.

  • Pipeline finished with Skipped
    4 months ago
    #270974
  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024