Skip to content
This repository was archived by the owner on Oct 23, 2024. It is now read-only.

Support for service accounts, HTTPS and CA certs #443

Merged
merged 9 commits into from
Jun 22, 2016
Merged

Support for service accounts, HTTPS and CA certs #443

merged 9 commits into from
Jun 22, 2016

Conversation

alberts
Copy link
Contributor

@alberts alberts commented Jun 20, 2016

No description provided.

@alberts alberts added the WIP label Jun 20, 2016
@jdef
Copy link
Contributor

jdef commented Jun 21, 2016

build failure

# github.com/mesosphere/mesos-dns/records
records/generator.go:191: invalid operation: token.Claims["uid"] (type jwt.Claims does not support indexing)
records/generator.go:192: invalid operation: token.Claims["exp"] (type jwt.Claims does not support indexing)

@alberts alberts force-pushed the master branch 3 times, most recently from 42d825a to dd11b15 Compare June 21, 2016 01:10
@jdef
Copy link
Contributor

jdef commented Jun 21, 2016

lint fail:

cd $GOPATH/src/github.com/mesosphere/mesos-dns && gometalinter --vendor --concurrency=6 --cyclo-over=12 --tests --deadline=300s ./...
records/config.go:85:6:warning: exported type IAMConfig should have comment or be unexported (golint)
records/generator.go:181:6:warning: type authHttpClient should be authHTTPClient (golint)
records/generator.go:200:3:warning: struct field Uid should be UID (golint)
records/config.go:167:16:warning: error return value not checked (defer f.Close()) (errcheck)
records/config.go:186:16:warning: error return value not checked (defer f.Close()) (errcheck)
records/generator.go:217:23:warning: error return value not checked (defer resp.Body.Close()) (errcheck)
records/config.go:127::warning: cyclomatic complexity 16 of function SetConfig() is high (> 12) (gocyclo)

@jdef jdef mentioned this pull request Jun 22, 2016
Merged
@alberts
Merge pull request #1 from jdef/jdef_security_refactor
00e2c3a 
refactor/repackage security changes and fix problems reported by linter
alberts
alberts reviewed Jun 22, 2016
View reviewed changes
httpcli/doer.go
func TLSConfig(enabled bool, caPool *x509.CertPool) (scheme string, config *tls.Config) {
scheme = "http"
if enabled {
scheme = "https"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would be great to get rid of scheme entirely

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agreed

On Tue, Jun 21, 2016 at 8:50 PM, Albert Strasheim [email protected]
wrote:

In httpcli/doer.go
#443 (comment):

  •   return nil, err
  • }
  • if req.Header == nil {
  •   req.Header = make(http.Header)
  • }
  • req.Header.Set("Authorization", "token="+authResp.Token)
  • return a.client.Do(req)
    +}

+// TLSConfig generates and returns a recommended protocol scheme ("http" or "https") and TLS configuration.
+func TLSConfig(enabled bool, caPool *x509.CertPool) (scheme string, config *tls.Config) {

  • scheme = "http"
  • if enabled {
  •   scheme = "https"

would be great to get rid of scheme entirely


You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
https://github.com/mesosphere/mesos-dns/pull/443/files/00e2c3a5bbcc291550b5d0707072d2359f991fbb#r67978748,
or mute the thread
https://github.com/notifications/unsubscribe/ACPVLGfoO2tHjZCWuhxhljON0XzwocpPks5qOIbqgaJpZM4I6PXJ
.

@jdef jdef mentioned this pull request Jun 22, 2016
Merged
@alberts
Merge pull request #2 from jdef/jdef_fix_httpclient_sharing
aa6d908 
reuse http transport/client across generator instances
jdef
jdef reviewed Jun 22, 2016
View reviewed changes
vendor/vendor.json
@@ -3,6 +3,12 @@
"ignore": "test",
"package": [
{
"checksumSHA1": "+al5Z5nU/8wGul4Yo9WHdL6WocE=",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this snuck in there, not intentional. didn't see what the changes here imply

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was it not intentional? It seems like a new dep we must vendor.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, we need this for web tokens or something - should have recognized it. going to blame it on low blood sugar

@sargun
Copy link
Contributor

sargun commented Jun 22, 2016

Reasonable.

@alberts
Copy link
Contributor Author

alberts commented Jun 22, 2016

Managed to start a DC/OS cluster succesfully with this.

@alberts alberts removed the WIP label Jun 22, 2016
@jdef
Copy link
Contributor

jdef commented Jun 22, 2016

🎉

@jdef
Copy link
Contributor

jdef commented Jun 22, 2016

@alberts why is commit c91c973 included here?

@jdef jdef merged commit 22146c6 into d2iq-archive:master Jun 22, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@sargun sargun

@jdef jdef

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alberts @jdef @sargun