Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wire ACME extension configuration refactor #1671

Merged
merged 7 commits into from
Jan 12, 2024
Merged

Wire ACME extension configuration refactor #1671

merged 7 commits into from
Jan 12, 2024

Conversation

hslatman
Copy link
Member

No description provided.

@github-actions github-actions bot added the needs triage Waiting for discussion / prioritization by team label Jan 11, 2024
@hslatman hslatman requested a review from maraino January 11, 2024 15:30
@hslatman hslatman marked this pull request as ready for review January 11, 2024 15:30
@hslatman hslatman mentioned this pull request Jan 11, 2024
Merged
maraino
maraino reviewed Jan 11, 2024
View reviewed changes
Copy link
Contributor

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added a few comments, mostly about naming and TODO things. I'm ok if you want to do this later.

acme/challenge.go Outdated
Comment on lines 544 to 545
key crypto.PublicKey
accountJWK *jose.JSONWebKey
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you clarify the name of these variables? Looking at the code below, I think they can be something like tokenKey and dpopKey.

It's also quite weird to see two types here. I assume these keys come from some configuration, and you should be able to create the verifyParams with two crypto.PublicKey

authority/provisioner/wire/dpop_options.go Outdated
Comment on lines 54 to 62
func (o *DPOPOptions) validate() error {
if _, err := pemutil.Parse(o.SigningKey); err != nil {
return fmt.Errorf("failed parsing key: %w", err)
}
if _, err := template.New("DeviceID").Parse(o.GetTarget()); err != nil {
return fmt.Errorf("failed parsing template: %w", err)
}
return nil
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This validation can also be part of the // TODO(hs): do this once?. We can validate and set hidden fields in the DPOPOptions struct.

I'm ok if you want to do this later.

authority/provisioner/wire/oidc_options.go Outdated
Comment on lines 25 to 26
ClientID string `json:"client_id,omitempty"`
SupportedSigningAlgs []string `json:"supported_signing_algs,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've already commented about this before, but unless this is something coming from a well-known file, what about using clientId and supportedSigningAlgs or even a simpler name like signatureAlgorithms, you can assume that those are the supported ones.

authority/provisioner/wire/oidc_options.go Outdated

return &oidc.Config{
ClientID: o.Config.ClientID,
SupportedSigningAlgs: o.Config.SupportedSigningAlgs,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See previous comment, we can also name this SignatureAlgorithms

authority/provisioner/wire/oidc_options.go Outdated
Comment on lines 69 to 74
if _, err := url.Parse(o.Provider.IssuerURL); err != nil {
return fmt.Errorf("failed parsing issuer URL: %w", err)
}
if _, err := template.New("DeviceID").Parse(o.Provider.IssuerURL); err != nil {
return fmt.Errorf("failed parsing template: %w", err)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can probably do this once

authority/provisioner/wire/oidc_options.go Outdated
panic(err) // config error, it's ok to panic here
}
func toOIDCProviderConfig(in *Provider) *oidc.ProviderConfig {
issuerURL, _ := url.Parse(in.IssuerURL) // NOTE: validation is performed in validate()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can set the issuerURL in the Provider and just parse once.

@hslatman hslatman merged commit 3f37fea into herman/remove-rusty-cli Jan 12, 2024
13 checks passed
@hslatman hslatman deleted the herman/wire-configuration-refactor branch January 12, 2024 09:26
@hslatman hslatman mentioned this pull request Jan 15, 2024
Closed
13 tasks
@hslatman hslatman added this to the v0.25.3 milestone Feb 20, 2024
@hslatman hslatman modified the milestones: v0.26.0, v0.27.3 Aug 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maraino maraino maraino left review comments

Assignees
No one assigned
Labels
needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
v0.27.3
Development

Successfully merging this pull request may close these issues.
2 participants
@hslatman @maraino