Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: prefer publicKey over pemCSR in API #143

Merged
merged 7 commits into from
Oct 25, 2023
Merged

chore: prefer publicKey over pemCSR in API #143

merged 7 commits into from
Oct 25, 2023

Conversation

jackwotherspoon
Copy link
Collaborator

@jackwotherspoon jackwotherspoon commented Oct 24, 2023
edited
Loading

Prefer publicKey over pemCSR in API request body.

Will follow up after this PR with #14 to make key generation async and non-blocking

Closes #110

@jackwotherspoon jackwotherspoon self-assigned this Oct 24, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 24, 2023
View reviewed changes
google/cloud/alloydb/connector/utils.py
with open(ca_filename, "w+") as ca_out:
ca_out.write("".join(cert_chain))
with open(cert_chain_filename, "w+") as chain_out:
chain_out.write("".join(full_chain))
chain_out.write("".join(cert_chain))

Check failure

Code scanning / CodeQL

Clear-text storage of sensitive information

This expression stores [sensitive data (certificate)](1) as clear text. This expression stores [sensitive data (certificate)](2) as clear text. This expression stores [sensitive data (certificate)](3) as clear text. This expression stores [sensitive data (certificate)](4) as clear text.
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 24, 2023
View reviewed changes
google/cloud/alloydb/connector/utils.py
with open(ca_filename, "w+") as ca_out:
ca_out.write("".join(cert_chain))
ca_out.write(ca_cert)

Check failure

Code scanning / CodeQL

Clear-text storage of sensitive information

This expression stores [sensitive data (certificate)](1) as clear text. This expression stores [sensitive data (certificate)](2) as clear text. This expression stores [sensitive data (certificate)](3) as clear text. This expression stores [sensitive data (certificate)](4) as clear text.
@jackwotherspoon jackwotherspoon marked this pull request as ready for review October 24, 2023 13:34
@jackwotherspoon jackwotherspoon changed the title WIP: use public key over PemCSR chore: prefer publicKey over pemCSR in API Oct 24, 2023
enocom
enocom approved these changes Oct 24, 2023
View reviewed changes
Copy link
Member

@enocom enocom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Can we disable the false-positive lint errors?

nancynh
nancynh approved these changes Oct 24, 2023
View reviewed changes
Copy link
Collaborator

@nancynh nancynh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Jack, LGTM

@jackwotherspoon
Copy link
Collaborator Author

Can we disable the false-positive lint errors?

@enocom its nots part of the lint its part of the security scan. I've already marked them as false positives so they won't show up in future PRs I believe. Should be good.

@jackwotherspoon jackwotherspoon merged commit c54b274 into main Oct 25, 2023
@jackwotherspoon jackwotherspoon deleted the remove-pemcsr branch October 25, 2023 09:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nancynh nancynh nancynh approved these changes

@enocom enocom enocom approved these changes

@cthumuluru cthumuluru Awaiting requested review from cthumuluru

Assignees

@jackwotherspoon jackwotherspoon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove CSR usage in ephemeral cert request
3 participants
@jackwotherspoon @enocom @nancynh