Add verify server hostname to tls default#17155
Add verify server hostname to tls default#17155pglass merged 7 commits intohashicorp:mainfrom fulviodenza:add-verify_server_hostname-to-tls-default
Conversation
github-actions
bot
added
theme/config
There was a problem hiding this comment.
Thank you for the diligence in updating these config examples in the docs :)
jkirschner-hashicorp
requested review from
a team,
kisunji and
pglass
and removed request for
a team
pglass
left a comment
pglass
left a comment
There was a problem hiding this comment.
This looks great! Just some minor nits/comments.
huikang
left a comment
huikang
left a comment
There was a problem hiding this comment.
Shall we update the config doc at
-
Add
verify_server_hostnameto -
Add the override note at
consul/website/content/docs/agent/config/config-files.mdx
Lines 2181 to 2185 in 5eaeb7b
agent/config/runtime_test.go
Outdated
There was a problem hiding this comment.
Shall we add a test case testing that tls.internal_rpc.verify_server_hostname overrides tls.defaults.verify_server_hostname?
There was a problem hiding this comment.
@fulviodenza , I am not sure if this test case has been added. Could you please confirm this? Thanks.
There was a problem hiding this comment.
yes, sorry, didn't push a change. Now should have been added
There was a problem hiding this comment.
I think we need to add Overrides [tls.defaults.verify_server_hostname](#tls_defaults_verify_server_hostname). at line 2187.
There was a problem hiding this comment.
you're right, thanks, I pushed the change
|
@fulviodenza the CI is failing due to a docker login. We are removing the step in another PR. Please rebase this one, once it's done. |
|
Hey @huikang I've seen the pr has been merged in main, shall we move forward with this? |
|
Hi @fulviodenza, It seems like some of the tests are still failing due to CI login failures for PRs submitted by contributors outside the HashiCorp org (nothing to do with the code you changed). It's something we'll need to look into. |
agent/config/builder.go
Outdated
There was a problem hiding this comment.
Not sure what folks prefer for styling but we could get rid of the else block by setting the default first. IMO this is a bit easier to read.
c.InternalRPC.VerifyServerHostname = boolVal(t.Defaults.VerifyServerHostname)
if t.InternalRPC.VerifyServerHostname != nil {
c.InternalRPC.VerifyServerHostname = boolVal(t.InternalRPC.VerifyServerHostname)
}
|
Hi @fulviodenza, Once we've addressed the CI issue, we'll let you know. Until then, merging the latest changes from Thank you for your patience! |
|
It looks like all tests passed. Should we go ahead and merge @pglass ? |
fulviodenza
requested review from
randyhdev and
sarahethompson
and removed request for
a team
Description
This PR solves Add verify_server_hostname to tls.defaults #17095
The PR improves the UX allowing the users to default the verify_server_hostname value avoiding anti-intuitive configurations such as
now the internal_rpc is not needed anymore in this configuration and can be written as follows:
as @jkirschner-hashicorp suggested in #17095 (comment)
Testing & Reproduction steps
Unit test in runtime_test
Links
#17095
PR Checklist