Skip to content
This repository was archived by the owner on Apr 6, 2026. It is now read-only.

NOISSUE - Add intermediate certificates#161

Merged
dborovcanin merged 23 commits into
absmach:mainfrom
nyagamunene:fix_entrypoint_implementation
Sep 19, 2025
Merged

NOISSUE - Add intermediate certificates#161
dborovcanin merged 23 commits into
absmach:mainfrom
nyagamunene:fix_entrypoint_implementation

Conversation

@nyagamunene

Copy link
Copy Markdown
Contributor

What type of PR is this?

What does this do?

Which issue(s) does this PR fix/relate to?

Have you included tests for your changes?

Did you document any new/modified features?

Notes

@nyagamunene nyagamunene marked this pull request as ready for review September 15, 2025 13:00
SammyOina
SammyOina previously approved these changes Sep 15, 2025
WashingtonKK
WashingtonKK previously approved these changes Sep 15, 2025
Comment thread pki/openbao.go Outdated
Comment thread pki/openbao.go Outdated
Comment thread pki/openbao.go Outdated
Comment thread pki/openbao.go Outdated
@nyagamunene nyagamunene dismissed stale reviews from WashingtonKK and SammyOina via d6b9bda September 15, 2025 15:36

@dborovcanin dborovcanin left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use cluent.Logical for handling generic read/write interface; i.e. avoid using custom HTTP client because of tokens, retries, and OpenBao custom headers?

Comment thread pki/openbao.go Outdated
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

@WashingtonKK WashingtonKK left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove auth from issue certs and allow it to be called without the need to provide domain id and token.

This will allow server certificates to be issued prior to initialization of domains & users services.

@nyagamunene nyagamunene moved this to 🚧 In Progress in Magistrala Sep 18, 2025
@nyagamunene nyagamunene self-assigned this Sep 18, 2025
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
@nyagamunene nyagamunene force-pushed the fix_entrypoint_implementation branch from d6b9bda to b7aed73 Compare September 18, 2025 11:09
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Comment thread api/http/transport.go Outdated
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
WashingtonKK

This comment was marked as outdated.

SammyOina
SammyOina previously approved these changes Sep 18, 2025
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
@nyagamunene nyagamunene dismissed stale reviews from SammyOina and WashingtonKK via 6eeab4e September 18, 2025 15:42
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
@nyagamunene nyagamunene force-pushed the fix_entrypoint_implementation branch from 57afc7c to e825f05 Compare September 19, 2025 08:44
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Comment thread certs.go Outdated
Comment thread sdk/sdk.go

func (sdk mgSDK) ViewCA(domainID, token string) (Certificate, errors.SDKError) {
url := fmt.Sprintf("%s/%s/%s/view-ca", sdk.certsURL, domainID, certsEndpoint)
func (sdk mgSDK) ViewCA() (Certificate, errors.SDKError) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we removing token from here?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@WashingtonKK requested to remove users auth from viewCA and downloadCA because of his work on prism.

Comment thread sdk/sdk.go

func (sdk mgSDK) DownloadCA(domainID, token string) (CertificateBundle, errors.SDKError) {
url := fmt.Sprintf("%s/%s/%s/download-ca", sdk.certsURL, domainID, certsEndpoint)
func (sdk mgSDK) DownloadCA() (CertificateBundle, errors.SDKError) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, why are we removing access control from SDK methods?

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
@dborovcanin dborovcanin merged commit 9306617 into absmach:main Sep 19, 2025
3 checks passed
@github-project-automation github-project-automation Bot moved this from 🚧 In Progress to ✅ Done in Magistrala Sep 19, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

Status: ✅ Done

Development

Successfully merging this pull request may close these issues.

4 participants