Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

expose MinTLSVersion config for TLS handshake #3103

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

expose MinTLSVersion config for TLS handshake #3103

wants to merge 3 commits into from

Conversation

ZetaoZhuang
Copy link
Contributor

@ZetaoZhuang ZetaoZhuang commented Nov 4, 2024
edited
Loading

Reason for Change:

A configuration change is required in CNS to be able to specify the optional config of minimum TLS version support desired for TLS handshake

Issue Fixed:

Requirements:

Notes:

@ZetaoZhuang ZetaoZhuang requested review from a team as code owners November 4, 2024 20:21
timraymond
timraymond reviewed Nov 4, 2024
View reviewed changes
cns/service.go Outdated

// TLSVersionNumber returns the version number for the provided TLS version name
// (e.g. 0x0301)
func TLSVersionNumber(versionName string) (uint16, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am surprised the standard library doesn't have a parse function for this. I would change this to parseTLSVersionNumber since that's the convention you would find there.

cns/service.go Outdated
case "TLS 1.3":
return tls.VersionTLS13, nil
default:
return 0, errors.Wrap(errBootConfig, "unsupported TLS version name")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"configuration error" isn't adding a whole lot of information here. I think you can just have unsupported TLS version name as the constantized error, then include what you tried to parse (the versionName arg) in the Wrapf.

cns/service.go Outdated
@@ -226,8 +232,13 @@ func getTLSConfigFromKeyVault(tlsSettings localtls.TlsSettings, errChan chan<- e
errChan <- cr.Refresh(ctx, tlsSettings.KeyVaultCertificateRefreshInterval)
}()

minTLSVersionNumber, err := TLSVersionNumber(tlsSettings.MinTLSVersion)
if err != nil {
return nil, errors.Wrap(err, "MinTLSVersion is not valid")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Usually, for error wrapping, I put what I was trying to do when the error emerged. Here it would be:

Suggested change
return nil, errors.Wrap(err, "MinTLSVersion is not valid")
return nil, errors.Wrap(err, "parsing MinTLSVersion from config")

Doing this gives you a progressive chain of explanation.

jackieluc
jackieluc requested changes Nov 5, 2024
View reviewed changes
cns/service.go Outdated Show resolved Hide resolved
cns/service_test.go Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jackieluc jackieluc jackieluc approved these changes

@csfmomo csfmomo Awaiting requested review from csfmomo csfmomo is a code owner automatically assigned from Azure/acn-cns-reviewers

@timraymond timraymond Awaiting requested review from timraymond

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ZetaoZhuang @timraymond @jackieluc