opa
opa copied to clipboard
open-policy-agent
Parse and verify certificates with options
Why the changes in this PR are needed?
parse and verify x509 certificates with additional options was requested
What are the changes in this PR?
buitins.go and crypto.go were modified
Notes to assist PR review:
This is a draft PR as requested by @ashutosh-narkar. Please comment if the implementation looks right
Further comments:
Just to pass the existing tests I created a another method verifyX509CertificateChainWithOpts which is same as verifyX509CertificateChain except it takes additional verifyOptions struct. I can remove this method and add this extra verifyOptions to verifyX509CertificateChain and change the test cases later. verifyX509CertificateChainWithOpts is just temporary.
For an e.g. This method will be called as :
crypto.x509.parse_and_verify_certificates_with_options(
pem encoded cert data,
'{
"DNSName": "some_value", "CurrentTime": "value in millis epoch",
"KeyUsages": ["KeyUsageServerAuth", "KeyUsageClientAuth", "KeyUsageCodeSigning"]}",
"MaxConstraintComparisons": "int value"
)'
)
Deploy Preview for openpolicyagent ready!
| Name | Link |
|---|---|
| Latest commit | 91e90078e79b579c938e3258cc2b0872a20f8bab |
| Latest deploy log | https://app.netlify.com/sites/openpolicyagent/deploys/65fbfc10ae698f0008217e9a |
| Deploy Preview | https://deploy-preview-6583--openpolicyagent.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
@yogisinha thanks for the contribution. Can you please resolve the conflicts in the PR?
Hey, I have added a comment here https://github.com/open-policy-agent/opa/pull/6583#discussion_r1497884139 regarding previewing the docs. I think you're also going to need to run make generate and commit the new builtins JSON too. Thanks!
Hey, I have added a comment here #6583 (comment) regarding previewing the docs. I think you're also going to need to run make generate and commit the new builtins JSON too. Thanks!
Added the json files.
Hey @yogisinha, are you able to take a look at the conflicts with main again?
Are you talking about this message "This branch is out-of-date with the base branch" . This was not coming before. What should I do ? Should I do "Update with merge commit" ?
Hey, yeah best would be to run:
git fetch origin
git rebase origin/main
# address any conflicts and make sure the tests all pass etc
git rebase --continue
git push -f
I didn't find any merge conflicts after I did the rebase. There is nothing to push (no files changed) when I did the above .
I did:
git pull origin parse_and_verify_certificates_with_options
git push origin parse_and_verify_certificates_with_options
it removed that msg: "This branch is out-of-date with the base branch"
@yogisinha can you please rebase this branch? I'm unable to do it via the UI. Similar to what Charlie mentioned here. Also make sure your origin points to [email protected]:open-policy-agent/opa.git
@charlieegan3 , I think it looks good now. I had to make several commits incrementally to see the behavior of deploy preview.
Hey, I think we are nearly there now @yogisinha, I have updated the generated code in https://github.com/open-policy-agent/opa/pull/6583/commits/91e90078e79b579c938e3258cc2b0872a20f8bab but can you rebase this from origin/main so that we can get this in. I'm at KubeCon at the moment so have limited time to help, but will reply when I get a chance.
Thanks for your work here, much appreciated!
Hi @charlieegan3 , I created a new PR . I was getting lot of conflicts when I was trying to rebase, don't know why. In that new PR, everything is in single commit.
New PR: https://github.com/open-policy-agent/opa/pull/6643
Closing this in favor of https://github.com/open-policy-agent/opa/pull/6643.