Skip to content

lxd: Improve certificate add token validation #13749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tomponline merged 4 commits into from
Jul 12, 2024
Merged

lxd: Improve certificate add token validation #13749

tomponline merged 4 commits into from
Jul 12, 2024

Conversation

@tomponline
Copy link
Member

@tomponline tomponline commented Jul 12, 2024

When using a certificate add token stored in an operation on a non-local cluster member the expiry time of the token wasn't being taken into account due to incorrect data type conversion and error checking.

@tomponline tomponline requested a review from markylaing July 12, 2024 08:03
@tomponline tomponline self-assigned this Jul 12, 2024
markylaing
markylaing requested changes Jul 12, 2024
View reviewed changes
Copy link
Contributor

@markylaing markylaing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM just a couple of comments to update :)

@tomponline tomponline requested a review from markylaing July 12, 2024 08:11
@tomponline
lxd/certificates: Improve validation in certificateTokenValid
39f9758 
 - An expired token could be used if operation was non-local due to missing validation & conversion.
 - Use happy path code style.
 - Explicitly check operation's location in order to decide unmarshalling format of `request` field rather than rely on errors - allows for better validation.

Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
test: Check certificate add token expiry support for non-local operat…
629c7e4 
…ion in test_clustering_trust_add

Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
test: Reduce unnecessarily long sleep in test_remote_url_with_token
10c8639 
Signed-off-by: Thomas Parrott <[email protected]>
@tomponline tomponline merged commit ca61dee into canonical:main Jul 12, 2024
@tomponline tomponline deleted the tp-token-expiry branch July 12, 2024 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markylaing markylaing markylaing approved these changes

Assignees

@tomponline tomponline

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomponline @markylaing