Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add DNS name validation, remove TODO #6674

Merged
merged 1 commit into from
Aug 27, 2021
Merged

add DNS name validation, remove TODO #6674

merged 1 commit into from
Aug 27, 2021

Conversation

xichengliudui
Copy link
Contributor

@xichengliudui xichengliudui commented Aug 13, 2021
edited
Loading

Subject
add DNS name validation, remove TODO

Problem
non-empty identity can pass the verification whether qualified or not
Signed-off-by: liudui [email protected]

@xichengliudui xichengliudui requested a review from a team as a code owner August 13, 2021 03:12
adleong
adleong reviewed Aug 13, 2021
View reviewed changes
proxy-identity/main.go Outdated
if id == "" {
return nil, errors.New("a non-empty identity is required")
}

if err := validation.IsFullyQualifiedDomainName(field.NewPath(""), id).ToAggregate(); err != nil {
return nil, errors.New("a qualified DNS identity is required")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's put the id in the error message to make this error more helpful.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@xichengliudui xichengliudui force-pushed the DNS-name-validation branch 2 times, most recently from b6becf3 to 249f887 Compare August 14, 2021 16:54
kleimkuhler
kleimkuhler reviewed Aug 16, 2021
View reviewed changes
Copy link
Contributor

@kleimkuhler kleimkuhler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @xichengliudui. I have a trivial comment around the error message, but otherwise this looks good.

proxy-identity/main.go Outdated Show resolved Hide resolved
kleimkuhler
kleimkuhler approved these changes Aug 17, 2021
View reviewed changes
Copy link
Contributor

@kleimkuhler kleimkuhler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @xichengliudui! As a future note, it'd be great if you can avoid force-pushing to branches. It makes re-reviewing difficult because it removes the ability to see the changes incrementally—from before and after a review.

Aside from that, thanks for the change!

@xichengliudui
Copy link
Contributor Author

Thanks @xichengliudui! As a future note, it'd be great if you can avoid force-pushing to branches. It makes re-reviewing difficult because it removes the ability to see the changes incrementally—from before and after a review.

Aside from that, thanks for the change!

Thank you for reminding. I'll see to it.

@adleong
Copy link
Member

adleong commented Aug 27, 2021

Just for reference, these names are typically of the form $(_pod_sa).$(_pod_ns).serviceaccount.identity.{{.Values.namespace}}.{{$trustDomain}} e.g. web.emojivoto.serviceaccount.identity.linkerd.cluster.local which are a subset of valid FQDNs.

@adleong adleong merged commit 835d5c3 into linkerd:main Aug 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adleong adleong adleong approved these changes

@kleimkuhler kleimkuhler kleimkuhler approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xichengliudui @adleong @kleimkuhler