Skip to content

feat: allow member agent use OS's root certificate authority (follow up) #365

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ryanzhang-oss merged 5 commits into from
May 30, 2023
Merged

feat: allow member agent use OS's root certificate authority (follow up) #365

ryanzhang-oss merged 5 commits into from
May 30, 2023

Conversation

@mingqishao
Copy link
Contributor

@mingqishao mingqishao commented May 22, 2023

Description of your changes

This is following up some comments on another PR: #364 after PR merged.

I have:

  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

Special notes for your reviewer

@mingqishao mingqishao mentioned this pull request May 22, 2023
Merged
1 task
ryanzhang-oss
ryanzhang-oss reviewed May 23, 2023
View reviewed changes
ryanzhang-oss
ryanzhang-oss requested changes May 24, 2023
View reviewed changes
cmd/memberagent/main.go
caBundle, ok := os.LookupEnv("CA_BUNDLE")
if ok && caBundle == "" {
err := errors.New("environment variable CA_BUNDLE should not be empty")
klog.ErrorS(err, "failed to validate system variables")
Copy link
Contributor

@ryanzhang-oss ryanzhang-oss May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not return the err here? I am not sure why we just log this as user can't see the error log. I don't think an empty env is valid. I assume that not setting it means using os default but setting it as "" ambiguous.

Copy link
Contributor Author

@mingqishao mingqishao May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that is a copy/paste bug. I fixed that and added unit test in this commit.

cmd/memberagent/main.go Outdated
return nil, err
}

hubConfig.TLSClientConfig.CAFile = caBundle
Copy link
Contributor

@ryanzhang-oss ryanzhang-oss May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should only set caBundle or caData

Copy link
Contributor Author

@mingqishao mingqishao May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in this commit

@ryanzhang-oss ryanzhang-oss merged commit 6107234 into main May 30, 2023
@zhiying-lin zhiying-lin deleted the minsha/cadata-optional-followup branch August 16, 2023 08:42
weng271190436 pushed a commit to weng271190436/fleet that referenced this pull request Dec 8, 2025
@zhiying-lin @ryanzhang-oss
test: fix the TestPickBindingsToRoll ut (Azure#365)
0f449dc 
Signed-off-by: Zhiying Lin <zhiyingl456@gmail.com>
Co-authored-by: Ryan Zhang <yangzhangrice@hotmail.com>
@weng271190436 weng271190436 mentioned this pull request Dec 8, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanzhang-oss ryanzhang-oss ryanzhang-oss approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mingqishao @ryanzhang-oss