Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vespa prod deploy requires named clients.pem file #31978

Open
olaughter opened this issue Jul 17, 2024 · 2 comments · May be fixed by #31988
Open

vespa prod deploy requires named clients.pem file #31978

olaughter opened this issue Jul 17, 2024 · 2 comments · May be fixed by #31988
Assignees
@mpolden
Milestone
soon

Comments

@olaughter
Copy link

Describe the bug
The cli command for deploying a production application package contains a check for a certificate. However the check itself is just looking for a file named clients.pem. Meaning cli deploys fail when using named certs the cli fails

To Reproduce
Steps to reproduce the behavior:
In the security guide there is an example config for the services.xml file that uses the clients element to configure cert permissions. The example shows using an id and file name to have certs with names like 'serve, ingest, etc. When deploying this config to vespa cloud the error is raised:

Error: deployment to Vespa Cloud requires certificate in application package
Hint: See https://cloud.vespa.ai/en/security/guide
Hint: Pass --add-cert to use the certificate of the current application

Expected behaviour
The cli check for certs is based on the clients element, falling back to the current behaviour if not present

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

  • OS: ubuntu
  • Infrastructure: Github Actions
  • Deploying to Vespa Cloud

Vespa version
CLI version used initially: 8.250.43

Additional context
Add any other context about the problem here.
@olaughter olaughter linked a pull request Jul 19, 2024 that will close this issue
Open
@olaughter
Copy link
Author

olaughter commented Jul 19, 2024
edited
Loading

Hey @mpolden, I've made an attempt to resolve this, let me know what you think: #31988

@yngveaasheim
Copy link
Member

@olaughter,
Thank you for the contribution! @mpolden is currently on PTO; I am sure he will get back to you on this when he comes back; presumably the week of August 5.

Best,
-Yngve

@kkraune kkraune added this to the soon milestone Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mpolden mpolden

Labels
None yet
Projects
None yet
Milestone
soon
Development

Successfully merging a pull request may close this issue.

Support custom paths for cli cert checks olaughter/vespa
4 participants
@mpolden @yngveaasheim @kkraune @olaughter