-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: TLS passthrough #67
base: main
Are you sure you want to change the base?
Conversation
Note: the git history is a bit messed up on this, since my branch was originally branched off of my TLS Termination branch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not much extra to add, looks good
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for taking care of the comments. I added a couple more but hopefully the last ones. In addition to those, could you also rebase to latest main?
return | ||
try: | ||
# just make sure we can open the file | ||
with open(filepath): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and remove lines 78,79. If we decide to leave the checks for cert and key, let's do the same for cacert
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a little confused between this comment and the one above--are we leaving the check or removing it? The purpose behind checking was more to make sure they didn't accidentally pass a private key file as a cert or vice versa, not to fully check that the certificate is actually a valid one. I'm going to leave the check as the suggestion above gives for now.
…es. Set tls config via settings yaml crts directory. Add instructions for TLS termination to README
…, add acl for access to port 80
…fying cert/key files
…it's end. Change agent-service to agent_service to comply with underscore convention
…epath. Let maas-region handle creating the files in the proper place
…pty string instead of None. Make default tls_mode value 'disabled' instead of empty string
… to be installed. Add ssl_cacert variable
…plays valid tls modes based on roles
… in preseed and manifest, and create section for maas-region in preseed/manifest. do not pass CA cert to ha proxy charm variables
f54b48c
to
0886324
Compare
Adds configuration for passing encrypted requests through HAProxy, to MAAS.
Requires merging of canonical/maas-charms#220. Until it is merged, you can use
latest/edge/passthrough-test
for the maas-region charm channel