zed icon indicating copy to clipboard operation
zed copied to clipboard
verified publisher icon authzed

--certificate-path flag is not respected

Open tom-aignostics opened this issue 2 years ago • 0 comments

When using a context or any command with a custom CA via --certificate-path it seems to not be respected. I tested with zed v0.10.1 but I think it also appears in the latest version.

E.g. running zed schema read --log-level trace fails with:

11:29AM DBG configured logging async=false format=auto log_level=trace provider=zerolog
11:29AM TRC token={"APIToken":"<API-TOKEN>","CACert":null,"Endpoint":"localhost:50051","Insecure":false,"Name":"my-context"}
11:29AM TRC requesting schema read request={}
[...]
Error: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: “<cert-alias>” certificate is not trusted"

Even setting --certificate-path directly on the call does not change this.

I could trace the issue back to https://github.com/authzed/zed/blob/5520b40119bf769e08663e62615f090178e74aa3/internal/storage/config.go#L51 I think one should carry over the CACert field from the CurrentToken response. If that's also your understanding I can open a PR.

tom-aignostics avatar Jun 09 '23 09:06 tom-aignostics