Skip to content

ROX-8729: Generate local scanner TLS certificates in Central#211

Merged
juanrh merged 6 commits intomasterfrom
juanrh/ROX-8729
Jan 5, 2022
Merged

ROX-8729: Generate local scanner TLS certificates in Central#211
juanrh merged 6 commits intomasterfrom
juanrh/ROX-8729

Conversation

@juanrh
Copy link
Contributor

@juanrh juanrh commented Dec 28, 2021
edited
Loading

Description

Generate local scanner TLS certificates in Central

Checklist

  • Investigated and inspected CI test results
  • Unit test and regression tests added
  • Evaluated and added CHANGELOG entry if required
  • Determined and documented upgrade steps

Testing Performed

Unit tests added to check compliance wrt design doc. Here I'm assuming that Scanner DB has the same expiration and additional subject alternative name as Scanner, and that those were not added to the design doc due to a typo

@juanrh juanrh requested review from SimonBaeumer and porridge and removed request for porridge December 28, 2021 16:24
@juanrh juanrh requested a review from porridge December 28, 2021 16:24
@ghost
Copy link

ghost commented Dec 28, 2021
edited by ghost
Loading

Tag for build #65004 is 3.67.x-226-g278ee720b4.

💻 For deploying this image using the dev scripts, run the following first:

export MAIN_IMAGE_TAG='3.67.x-226-g278ee720b4'

📦 You can also generate an installation bundle with:

docker run -i --rm stackrox/main:3.67.x-226-g278ee720b4 central generate interactive > bundle.zip

🕹️ A roxctl binary artifact can be downloaded from CircleCI.

porridge
porridge requested changes Jan 3, 2022
View reviewed changes
@juanrh juanrh mentioned this pull request Jan 3, 2022
Merged
4 tasks
Juan Rodriguez Hortala added 2 commits January 3, 2022 15:30
add service type to error message
6317492
Rename ephemeral profiles to have neutral names
ac68f5c 
Referring to the expiration time, instead of to components
@juanrh juanrh marked this pull request as ready for review January 3, 2022 14:44
@juanrh juanrh requested a review from porridge January 3, 2022 14:48
porridge
porridge reviewed Jan 4, 2022
View reviewed changes
@juanrh juanrh requested a review from porridge January 4, 2022 14:38
porridge
porridge approved these changes Jan 5, 2022
View reviewed changes
Copy link
Contributor

@porridge porridge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ooooh, this is almost perfect!
My only concern is that generateServiceCertMap will typically get called twice in a row, and while the key/cert bytes are cached by readCA*, the CA object itself will need to be set up twice. But this is probably best addressed in the next PR.

@juanrh juanrh merged commit c60b7ad into master Jan 5, 2022
@juanrh juanrh deleted the juanrh/ROX-8729 branch January 5, 2022 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@porridge porridge porridge approved these changes

@SimonBaeumer SimonBaeumer Awaiting requested review from SimonBaeumer

Assignees

No one assigned

Labels

area/central area/operator

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@juanrh @porridge