- Issue created by @dave reid
- πΊπΈUnited States John Franklin
John Franklin β made their first commit to this issueβs fork.
- Merge request !3Issue #3387395 by John Franklin: Add schema for key_asymmetric key types. β (Merged) created by John Franklin
- Assigned to roderik
- Status changed to Needs review
6 months ago 6:55pm 19 June 2024 - πΊπΈUnited States John Franklin
MR filed, assigning to @roderik for review.
- Status changed to RTBC
4 months ago 10:26am 19 August 2024 - π³π±Netherlands roderik Amsterdam,NL / Budapest,HU
Thank you for this. It looks good. I tested.
Random blabbering:
I needed to remember what the structure of these properties was. There are:
- Properties like "format" and "key_size"
- are extracted from the key itself (which is likely referenced in the key_provider_settings, as e.g. an environment variable or file name
- are therefore not independent, and we don't really lose info if we don't store them.
- but the README gives an explicit example of using them for e.g. selecting a specific key. So it makes sense to export/re-import them in config.
- are optional: the user can enter an unrecognized key/cert and check the "do not validate" box. But nothing config-related is complaining if these properties don't exist: good.
- Property "comment" (and maybe I missed another one)
- You haven't defined it in the config schema, though it's extracted (if set)
- But given the above and the fact that it's not used in selection, I am agnostic to including it in the config schema.
- I would have said "include it in the schema" if we were using/displaying the info anywhere. But we aren't.
- Properties like "format" and "key_size"
- πΊπΈUnited States John Franklin
The patch focused on what I saw in some sample configs, without making any judgement about whether or not it is appropriate it is to include, or if anything is missing.
If I'm going to update to make config consistent, then I'm inclined to exclude from the config anything extracted from the key that is just stored for caching purposes. That would mean keeping the fingerprint to verify a key passed in by environment variable is the expected key, and excluding format, key_size, etc.
- Issue was unassigned.
- Status changed to Fixed
4 months ago 6:03pm 1 September 2024 - πΊπΈUnited States John Franklin
@roderik Since you've marked this as RTBC, I'll merge the branch so we have some schema in place.
-
john franklin β
committed 9a57c5a1 on 1.x
Issue #3387395 by john franklin: Missing configuration schema for key...
-
john franklin β
committed 9a57c5a1 on 1.x
Automatically closed - issue fixed for 2 weeks with no activity.