feat: add subject URIs to index for x509 certificates #897
Conversation
Signed-off-by: Asra Ali <asraa@google.com>
pkg/pki/x509/x509.go
Outdated
| errs := validate.Var(name.String(), "required,uri") | ||
| if errs == nil { | ||
| names = append(names, strings.ToLower(name.String())) | ||
| } | ||
| } |
There was a problem hiding this comment.
nit:
| errs := validate.Var(name.String(), "required,uri") | |
| if errs == nil { | |
| names = append(names, strings.ToLower(name.String())) | |
| } | |
| } | |
| if errs := validate.Var(name.String(), "required,uri"); errs == nil { | |
| names = append(names, strings.ToLower(name.String())) | |
| } | |
| } |
There was a problem hiding this comment.
Are these validation errors surfaced anywhere before/after this? It seems a waste to drop perfectly good validation errors from end users (...says the end user most likely to send invalid values 🙃 )
There was a problem hiding this comment.
This ones a little tougher to surface -- I expect that this one is relatively difficult to hit, because Fulcio is the one populating certificates and it's not user-controlled.
On that note maybe it's worth filing an issue that we surface what keys WERE successfully indexed when you upload something?
There was a problem hiding this comment.
FWIW, it's also worth noting that it might not be Fulcio's certs uploaded to the log, as users can upload certs from their own PKI.
I'm fine with that. |
I looked, and |
Signed-off-by: Asra Ali <asraa@google.com>
|
Added |
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali asraa@google.com
Summary
Adds URIs to x509 certificate "email addresses". This picks up on job workflow ref for Fulcio issued certificates.
Ideally I'd like to deprecate
EmailAddresses()in favor ofSubjects()-- should I addSubjects()and markEmailAddresses()as deprecated? I'm not sure there's much external usage.Ticket Link
Fixes
Release Note