Skip to content

asterfusion commit pki2.0 #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: asterfusion
Choose a base branch
from
Open

asterfusion commit pki2.0 #21

wants to merge 1 commit into from

Conversation

@Larry199203
Copy link

@Larry199203 Larry199203 commented Sep 12, 2025

@binnyjeshan
Copy link

binnyjeshan commented Sep 12, 2025

@taraschornyiplv

Could you please add relevant folks from the OLS SONiC side to review as well, thanks.

binnyjeshan
binnyjeshan reviewed Sep 12, 2025
View reviewed changes
cmd/client.go
// save to operational.pem
file, err := os.Create(operationalPath)
if err != nil {
logger.Error("cannot create opreational.pem, err is %s", err.Error())
Copy link

@binnyjeshan binnyjeshan Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor mistake .. typo error "operational" it must have been.

binnyjeshan
binnyjeshan reviewed Sep 12, 2025
View reviewed changes
cmd/client.go
Bytes: cert.Raw,
})
if err != nil {
logger.Error("write opreational.pem failed, err is %s", err.Error())
Copy link

@binnyjeshan binnyjeshan Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here, typo

binnyjeshan
binnyjeshan reviewed Sep 12, 2025
View reviewed changes
cmd/client.go
if ControllerAddr == "" {
logger.Error("Could not get ControllerAddr")
estServerList = []string{estHost}
updateOperationalPem()
Copy link

@binnyjeshan binnyjeshan Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return if it was false, then its not handled ?

binnyjeshan
binnyjeshan reviewed Sep 12, 2025
View reviewed changes
cmd/client.go
cmd.Stdout = &out
err := cmd.Run()
if err != nil {
logger.Error("command dig failed, err is %s", err.Error())
Copy link

@binnyjeshan binnyjeshan Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logging the domain context may also be additionally helpful in this log.

binnyjeshan
binnyjeshan reviewed Sep 12, 2025
View reviewed changes
cmd/client.go
caUrl := "https://" + estServer + "/cacerts"
resp, err := client.Get(caUrl)
if err != nil {
logger.Error("request failed, err is %s", err.Error())
Copy link

@binnyjeshan binnyjeshan Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

additionally printing the url attempted may be helpful.

Copy link
Author

@Larry199203 Larry199203 Sep 15, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the err info contains the url.But It's more readable when expressed in code. Thank you!

binnyjeshan
binnyjeshan reviewed Sep 12, 2025
View reviewed changes
cmd/client.go
}

// parse private key
privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
Copy link

@binnyjeshan binnyjeshan Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getSignatureAlgorithm function supports both RSA and ECDSA, rest is erred.
In tihs code, there is a single key type parsed. Is that enough?

I'm not sure if my comment is right, but thinking why only this is called here and returned failed below, without checking if the key type is something else?

binnyjeshan
binnyjeshan reviewed Sep 12, 2025
View reviewed changes
cmd/client.go
return true
}

estServerList = getEstServer(ControllerAddr)
Copy link

@binnyjeshan binnyjeshan Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if this was returned empty from getEstServer ?
Guess that case to be handled?

Copy link
Author

@Larry199203 Larry199203 Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If It's empty from getEstServer, the code will use production est or qs est based on the birth certificate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@binnyjeshan binnyjeshan binnyjeshan left review comments

@jaspreetsachdev jaspreetsachdev Awaiting requested review from jaspreetsachdev

@amoljawale2 amoljawale2 Awaiting requested review from amoljawale2

@liutao0316 liutao0316 Awaiting requested review from liutao0316

@jacky1100002 jacky1100002 Awaiting requested review from jacky1100002

@chengchao23041 chengchao23041 Awaiting requested review from chengchao23041

@Cahb Cahb Awaiting requested review from Cahb

@mikehansen1970 mikehansen1970 Awaiting requested review from mikehansen1970

@taraschornyiplv taraschornyiplv Awaiting requested review from taraschornyiplv

@oleksandr-kholodnyi oleksandr-kholodnyi Awaiting requested review from oleksandr-kholodnyi

@phwhite phwhite Awaiting requested review from phwhite

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Larry199203 @binnyjeshan