Project

Profile

Help

Issue #6735

closed

Docs incorrectly recommend to users they escape newlines from their ca_cert and client_cert

Added by bmbouter over 2 years ago. Updated about 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 77
Quarter:

Description

Background

The BaseRemote.ca_cert and BaseRemote.client_cert fields the current serializers tell the user "All new line characters must be escaped". You can see that here.

There are two issues with this:

  1. It's not needed. For example pulp-certguard allows users to submit certs without modification, they are saved in the database, and openssl uses them correctly.

  2. It's extra work for users.

Solution

  1. Update the serializers to not have newlines escaped
  2. Audit the handling of these fields throughout the code and remove any "unescaping" that is done
  3. Add a .removal release note indicating this is a breaking change and users will need to re-save their ca_cert and client_cert fields
  4. Audit client_key as well just for good measure
  5. Add a test that sync's content where a ca_cert is required
  6. Add a test that sync's content where a client_cert and client_key is required

How to add these tests?

These tests will use the Red Hat CDN and will use a test certificate and key registered to pulp-infra, along with the master ca_cert of the Red Hat CDN. The test certs will be stored as a Travis secret and made available to the tests via environment variables. If the test goes to run and the environment variables are not present the test should skip.

Actions #1

Updated by bmbouter over 2 years ago

  • Description updated (diff)
Actions #2

Updated by fao89 over 2 years ago

  • Triaged changed from No to Yes
  • Sprint set to Sprint 73
Actions #3

Updated by lmjachky over 2 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to lmjachky
Actions #4

Updated by lmjachky over 2 years ago

  • Status changed from ASSIGNED to NEW
  • Assignee deleted (lmjachky)
Actions #5

Updated by rchan over 2 years ago

  • Sprint changed from Sprint 73 to Sprint 74
Actions #6

Updated by rchan over 2 years ago

  • Sprint changed from Sprint 74 to Sprint 75
Actions #7

Updated by ppicka over 2 years ago

observations: even unescaped string got escaped by django so to use certificate 'at' notation (http POST :pulp/api/v3/...remote client_cert=@./cdn.crt client_key=@./cdn.key) must be used.

Actions #8

Updated by rchan over 2 years ago

  • Sprint changed from Sprint 75 to Sprint 76
Actions #9

Updated by ppicka about 2 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ppicka
Actions #10

Updated by rchan about 2 years ago

  • Sprint changed from Sprint 76 to Sprint 77
Actions #11

Updated by pulpbot about 2 years ago

  • Status changed from ASSIGNED to POST
Actions #12

Updated by ppicka about 2 years ago

Test will be added to RPM plugin as CDN has an rpm content (https://pulp.plan.io/issues/7134).

Added by ppicka about 2 years ago

Revision f1911e73

Remote certs esacping

User doesn't have to escape newlines for ca_cert, client_cert and client_key fields.

closes: #6735 https://pulp.plan.io/issues/6735

Actions #13

Updated by ppicka about 2 years ago

  • Status changed from POST to MODIFIED

Added by ppicka about 2 years ago

Revision e7f6ec13

Remote certs esacping

User doesn't have to escape newlines for ca_cert, client_cert and client_key fields.

closes: #6735 https://pulp.plan.io/issues/6735 (cherry picked from commit f1911e73ca6c3a27b72887f7eb7cb62b78b1d72f)

Actions #15

Updated by dkliban@redhat.com about 2 years ago

  • Sprint/Milestone set to 3.6.0
Actions #16

Updated by pulpbot about 2 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF