Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pki settings extension #3971

Merged
merged 3 commits into from
May 20, 2024
Merged

Pki settings extension #3971

merged 3 commits into from
May 20, 2024

Conversation

mgsharm
Copy link
Contributor

@mgsharm mgsharm commented May 17, 2024

Issue number:

Closes #3657

Description of changes:

  • Creates pki settings extension and uses it in every variant's settings model.
  • Creates settings-pki RPM package that installs the extension binary.

Testing done:

  • Built aws-dev variant with the settings-pki installed. Launched ec2 instance with the aws-dev variant ami. Connected with the instance via SSM to run apiclient commands.
  • Called apiclient to verify the settings-pki worked as expected.
[ssm-user@control]$ apiclient set pki.my-trusted-bundle.data="LS0tLS1..." \
> pki.my-trusted-bundle.trusted=true

[ssm-user@control]$ apiclient get settings.pki
{  
   "settings":  {
       "pki": {      
           "my-trusted-bundle": {       
                "data": "LS0tLS1...",
                 "trusted": true
            }
       }
   }
}
  • Also tested by building locally.
> cert_content=$(cat test-pem)
> json_value="{\"foo\":{\"data\":\"$cert_content\",\"trusted\":true}}"
> cargo run proto1 set --setting-version v1 --value "$json_value"
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.24s
     Running `/home/fedora/bottlerocket/sources/target/debug/settings-extension-pki proto1 set --setting-version v1 --value '{"foo":{"data":"LS0tLS1...,"trusted":true}}'`

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@mgsharm mgsharm mentioned this pull request May 17, 2024
Closed
@mgsharm mgsharm linked an issue May 17, 2024 that may be closed by this pull request
OOTB: Port pki settings model to settings extensions #3657
Closed
@mgsharm mgsharm requested a review from sam-berning May 20, 2024 18:00
@mgsharm mgsharm requested a review from jmt-lab May 20, 2024 18:52
@mgsharm mgsharm merged commit f7a5677 into bottlerocket-os:develop May 20, 2024
33 checks passed
@mgsharm mgsharm self-assigned this May 20, 2024
@mgsharm mgsharm deleted the pki-settings-extension branch May 21, 2024 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmt-lab jmt-lab jmt-lab approved these changes

@sam-berning sam-berning sam-berning approved these changes

Assignees

@mgsharm mgsharm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OOTB: Port pki settings model to settings extensions
3 participants
@mgsharm @jmt-lab @sam-berning