microcluster icon indicating copy to clipboard operation
microcluster copied to clipboard

Published 20 hours ago verified publisher icon canonical

Missing support for wildcard domain names

Open troyanov opened this issue 10 months ago • 0 comments
trafficstars

MicroCluster requires the name of the cluster member to be a FQDN and it also checks that this name is among certificate SAN. https://github.com/canonical/microcluster/blob/d50fa5075619b0e03e0f6b5e86b10be1a18f1831/internal/rest/resources/control.go#L83

// Subject Alternate Name values. (Note that these values may not be valid
// if invalid values were contained within a parsed certificate. For
// example, an element of DNSNames may not be a valid DNS domain name.)
DNSNames       []string

However usage of ValueInSlice doesn't work for certificates that have wildcard DNS This certificate won't work for member1.maas.internal

X509v3 Subject Alternative Name:
    DNS:*.maas.internal, DNS:maas, IP Address:127.0.0.1, URI:*

// ValueInSlice returns true if key is in list.
func ValueInSlice[T comparable](key T, list []T) bool {
	for _, entry := range list {
		if entry == key {
			return true
		}
	}

	return false
}

troyanov avatar Jan 10 '25 16:01 troyanov