Use tls for nginx connection implementation #120
Conversation
ciroque changed the title ciroque force-pushed the use-tls-for-nginx-connection-impl branch from d7931e1 to 9f2f8f3 Compare ![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
ciroque force-pushed the use-tls-for-nginx-connection-impl branch from 9f2f8f3 to 52d65e8 Compare ciroque force-pushed the use-tls-for-nginx-connection-impl branch from e1927ca to d8ab736 Compare 
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
ciroque force-pushed the use-tls-for-nginx-connection-impl branch from d8ab736 to 3a037c6 Compare ciroque force-pushed the use-tls-for-nginx-connection-impl branch from 3a037c6 to 3b4913b Compare 
There was a problem hiding this comment.
I think this looks good as far as how the configuration is being provided and the TLS is being set up.
However I have two concerns that I think should be addressed before merging, or, if you deem it acceptable given the early stages of the project, fixed quickly afterwards.
-
(As we discussed offline) I think if a
tls-modeis given in theConfigMap, the library should fail to start rather than reverting to a no-tls mode of operation. The user clearly intended to enable some TLS mode and with the current operation they could think it succeeded when it did not. -
Now that we are handling certificates I think we should be quite careful to make sure that any sensitive values don't wind up in logs or error reports. I saw a few debug statements where that could be the case.
I should also caveat that given the size of this PR I focused mostly on understanding the actual code rather than exhaustively going through all the documentation. I will learn to use the feature once we merge and work with you on any docs tweaks that need to happen.
- tweaks - Add Under Development notice - prefer References section over inline links to external documentation - address PR feedback - correct use of [!WARNING]
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.4 to 2.21.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@a09933a...00e563e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@6e04d22...11086d2) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
- Checkpoint - DEMO - DEMO - Implements Certificates - Certificates fleshed out and tests underway - Refactoring of authorization tests required due to changes in the shape of the Certificates module. - FRT (Fix Red Tests) - minor cleanup - Base implementation of Certificate and informer - authentication factory implemented - rename, and doc start - CHECKPOINT: File creation
- Putting a bow on it - Final corrections and enhancements - Let the configuration settings determine log level
ciroque force-pushed the use-tls-for-nginx-connection-impl branch from 0bdc8e6 to 29148b2 Compare 2 participants
Proposed changes
Implementation of TLS communication between NLK and NGINX Plus hosts.
Checklist
Before creating a PR, run through this checklist and mark each as complete.
CONTRIBUTINGdocumentREADME.mdandCHANGELOG.md)