Skip to content
This repository was archived by the owner on Apr 6, 2026. It is now read-only.

NOISSUE - Unify prism certs#154

Merged
drasko merged 11 commits into
absmach:mainfrom
WashingtonKK:unify_prism_certs
Sep 9, 2025
Merged

NOISSUE - Unify prism certs#154
drasko merged 11 commits into
absmach:mainfrom
WashingtonKK:unify_prism_certs

Conversation

@WashingtonKK

@WashingtonKK WashingtonKK commented Sep 4, 2025

Copy link
Copy Markdown
Contributor

What type of PR is this?

This is a feature addition for certs

What does this do?

Adds more features to certs.

Which issue(s) does this PR fix/relate to?

Have you included tests for your changes?

Did you document any new/modified features?

Notes

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update'

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update sdk and tests

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update cli

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update certs client

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

rebase

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update certs

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update certs

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update mocks

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Comment thread api/grpc/client.go Outdated
revokeCerts endpoint.Endpoint
retrieveCert endpoint.Endpoint
retrieveDownloadToken endpoint.Endpoint
issueCert endpoint.Endpoint

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not use the exposed http api for this through sdk

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same with the additional methods not used internally that require user tokens, we don't want private grpc for them

Comment thread certs.go Outdated

// IssueCert issues a certificate from the database.
IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, option SubjectOptions) (Certificate, error)
IssueCert(ctx context.Context, entityID, entityType, ttl string, ipAddrs []string, option SubjectOptions) (Certificate, error)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's only one entity type so we don't need the parameter

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Comment thread api/grpc/client.go Outdated
timeout time.Duration
getEntityID endpoint.Endpoint
revokeCerts endpoint.Endpoint
getCA endpoint.Endpoint

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is not required internally and cone be done via sdk

Comment thread api/grpc/endpoint.go Outdated
}
}

func issueEndpoint(svc certs.Service) endpoint.Endpoint {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clean up deadcode

Comment thread api/grpc/server.go Outdated
Comment on lines +21 to +26
getEntity kitgrpc.Handler
revokeCerts kitgrpc.Handler
retrieveCert kitgrpc.Handler
retrieveDownloadToken kitgrpc.Handler
issueCert kitgrpc.Handler
getCA kitgrpc.Handler

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should match client

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

keep only internal methods

Comment thread certs.proto Outdated
Comment on lines +17 to +21
rpc RetrieveCert(RetrieveCertReq) returns (CertificateBundle) {}
rpc RetrieveCertDownloadToken(RetrieveCertDownloadTokenReq) returns (
RetrieveCertDownloadTokenRes) {}
rpc IssueCert(IssueCertReq) returns (IssueCertRes) {}
rpc GetCA(GetCAReq) returns (Cert) {}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be done via sdk

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Comment thread api/http/requests.go Outdated
IpAddrs []string `json:"ip_addresses"`
Options certs.SubjectOptions `json:"options"`
entityID string `json:"-"`
entityType string `json:"entity_type"`

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deprecated we only have one entity type, clean up the pr

Comment thread api/http/transport.go Outdated
Comment on lines +275 to +278
// Set default entityType if not provided
if req.entityType == "" {
req.entityType = "backend" // Default to backend entity type
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deprecated

Comment thread certs.proto Outdated
Comment on lines +31 to +81
message Cert {
string serial_number = 1;
string certificate = 2;
string key = 3;
bool revoked = 4;
google.protobuf.Timestamp expiry_time = 5;
string entity_id = 6;
string download_url = 7;
}

message CertificateBundle {
bytes ca = 1;
bytes certificate = 2;
bytes private_key = 3;
}

message RetrieveCertReq {
string download_token = 1;
string serial_number = 2;
}

message RetrieveCertDownloadTokenReq {
string domain_id = 1;
string serial_number = 2;
string user_id = 3;
}

message RetrieveCertDownloadTokenRes {
string token = 1;
}

message Options {
string common_name = 1;
repeated string organizations = 2;
repeated string organizational_units = 3;
repeated string countries = 4;
repeated string provinces = 5;
repeated string localities = 6;
repeated string street_addresses = 7;
repeated string postal_codes = 8;
repeated string dns_names = 9;
repeated string ip_addresses = 10;
}

message IssueCertReq {
string domain_id = 1;
string entity_id = 2;
string entity_type = 3;
repeated string ip_addresses = 4;
string user_id = 5;
string ttl = 6;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove deadcode and cleanup the pr

Comment thread certs_test.go Outdated
for _, tc := range testCases {
t.Run(tc.desc, func(t *testing.T) {
agentCall := agent.On("Issue", tc.entityID, tc.ttl, []string{}, certs.SubjectOptions{}).Return(tc.cert, tc.agentErr)
// Expected SubjectOptions with defaults set by service

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove unecessary comments

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Comment thread certs.go Outdated
Comment on lines +19 to +23
const (
EntityTypeBackend EntityType = "backend"
EntityTypeCVM EntityType = "cvm"
CommonName = "Ultraviolet"
)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deadcode

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Comment thread cli/setup_test.go Outdated
root.SetArgs(args)
err := root.Execute()
assert.NoError(t, err, "Error executing command")
_ = root.Execute()

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why are you ignoring the error

Comment thread sdk/certs_test.go Outdated
for _, tc := range cases {
t.Run(tc.desc, func(t *testing.T) {
svcCall := svc.On("IssueCert", mock.Anything, tc.entityID, tc.ttl, tc.ipAddrs, mock.Anything).Return(tc.svcresp, tc.svcerr)
svcCall := svc.On("IssueCert", mock.Anything, tc.entityID, "backend", tc.ttl, tc.ipAddrs, mock.Anything).Return(tc.svcresp, tc.svcerr)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

entity type is no longer used

Comment thread sdk/certs_test.go Outdated
if tc.err == nil {
assert.Equal(t, tc.sdkCert.SerialNumber, resp.SerialNumber)
ok := svcCall.Parent.AssertCalled(t, "IssueCert", mock.Anything, tc.entityID, tc.ttl, tc.ipAddrs, certs.SubjectOptions{CommonName: tc.commonName})
ok := svcCall.Parent.AssertCalled(t, "IssueCert", mock.Anything, tc.entityID, "backend", tc.ttl, tc.ipAddrs, certs.SubjectOptions{CommonName: tc.commonName})

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dsmr here

Comment thread service.go Outdated
func (s *service) IssueCert(ctx context.Context, entityID, ttl string, ipAddrs []string, options SubjectOptions) (Certificate, error) {
// Set default common name if not provided
if options.CommonName == "" {
options.CommonName = entityID

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why would we assign an id to common name, this is wrong

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

common name should be validated as required

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
@drasko drasko merged commit 096c6da into absmach:main Sep 9, 2025
2 of 3 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants