Use tls for nginx connection implementation #120
Conversation
ciroque
changed the title
ciroque
force-pushed
the
use-tls-for-nginx-connection-impl
branch
from
d7931e1
to
9f2f8f3
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
ciroque
force-pushed
the
use-tls-for-nginx-connection-impl
branch
from
9f2f8f3
to
52d65e8
Compare
ciroque
force-pushed
the
use-tls-for-nginx-connection-impl
branch
from
e1927ca
to
d8ab736
Compare
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
ciroque
force-pushed
the
use-tls-for-nginx-connection-impl
branch
from
d8ab736
to
3a037c6
Compare
ciroque
force-pushed
the
use-tls-for-nginx-connection-impl
branch
from
3a037c6
to
3b4913b
Compare
There was a problem hiding this comment.
I think this looks good as far as how the configuration is being provided and the TLS is being set up.
However I have two concerns that I think should be addressed before merging, or, if you deem it acceptable given the early stages of the project, fixed quickly afterwards.
-
(As we discussed offline) I think if a
tls-modeis given in theConfigMap, the library should fail to start rather than reverting to a no-tls mode of operation. The user clearly intended to enable some TLS mode and with the current operation they could think it succeeded when it did not. -
Now that we are handling certificates I think we should be quite careful to make sure that any sensitive values don't wind up in logs or error reports. I saw a few debug statements where that could be the case.
I should also caveat that given the size of this PR I focused mostly on understanding the actual code rather than exhaustively going through all the documentation. I will learn to use the feature once we merge and work with you on any docs tweaks that need to happen.
- tweaks - Add Under Development notice - prefer References section over inline links to external documentation - address PR feedback - correct use of [!WARNING]
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.4 to 2.21.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@a09933a...00e563e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@6e04d22...11086d2) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
- Checkpoint - DEMO - DEMO - Implements Certificates - Certificates fleshed out and tests underway - Refactoring of authorization tests required due to changes in the shape of the Certificates module. - FRT (Fix Red Tests) - minor cleanup - Base implementation of Certificate and informer - authentication factory implemented - rename, and doc start - CHECKPOINT: File creation
- Putting a bow on it - Final corrections and enhancements - Let the configuration settings determine log level
ciroque
force-pushed
the
use-tls-for-nginx-connection-impl
branch
from
0bdc8e6
to
29148b2
Compare
Proposed changes
Implementation of TLS communication between NLK and NGINX Plus hosts.
Checklist
Before creating a PR, run through this checklist and mark each as complete.
CONTRIBUTINGdocumentREADME.mdandCHANGELOG.md)