Skip to content

Use our own implementation of miekg/dns.TsigProvider interface #4958

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 22, 2022
Merged

Use our own implementation of miekg/dns.TsigProvider interface #4958

merged 4 commits into from
Mar 22, 2022

Conversation

irbekrm
Copy link
Contributor

@irbekrm irbekrm commented Mar 17, 2022
edited
Loading

See #4942 for context

This PR adds our own implementation of github.com/miekg/dns.TsigProvider interface

This is done to allow us to both upgrade the upstream library and keep supporting HMACMD5 as RFC2136 TSIG algorithm which was deprecated in the upstream library

NONE

/kind cleanup

Signed-off-by: irbekrm irbekrm@gmail.com

@jetstack-bot jetstack-bot added release-note-none Denotes a PR that doesn't merit a release note. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. area/acme Indicates a PR directly modifies the ACME Issuer code area/acme/dns01 Indicates a PR modifies ACME DNS01 provider code approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 17, 2022
@jetstack-bot jetstack-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 18, 2022
@jetstack-bot jetstack-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 18, 2022
@wallrj wallrj self-requested a review March 18, 2022 14:12
@wallrj wallrj self-assigned this Mar 18, 2022
irbekrm
irbekrm commented Mar 18, 2022
View reviewed changes
wallrj
wallrj approved these changes Mar 18, 2022
View reviewed changes
Copy link
Member

@wallrj wallrj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @irbekrm

It's a shame that upstream can't be persuaded to just re-instate the MD5 hmac feature.
I see that others are advocating for it. Perhaps we should too.

This all looks good to me:

/lgtm
/hold in case you want to address those comments.

@jetstack-bot jetstack-bot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm Indicates that a PR is ready to be merged. labels Mar 18, 2022
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: irbekrm, wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot removed the lgtm Indicates that a PR is ready to be merged. label Mar 18, 2022
@irbekrm
Copy link
Contributor Author

irbekrm commented Mar 18, 2022

Thanks for the thorough code review @wallrj , I think I've addressed all the points, PTAL

It's a shame that upstream can't be persuaded to just re-instate the MD5 hmac feature.
I see that others are advocating for it. Perhaps we should too.

I will leave a note to the issue (and will leave a link to this PR in case it makes it easier for anyone else trying to figure out how to implement the interface)

Perhaps strictly we should include an extra copyright comment acknowledging the upstream copyright, but it's not clear which https://github.com/miekg/dns/blob/master/LICENSE or https://github.com/miekg/dns/blob/master/COPYRIGHT or all of those.

Have we done this before? I know there are other bits in the codebase where the code is copied over from kubernetes or other upstream projects

@wallrj
Copy link
Member

wallrj commented Mar 18, 2022

/retest
/lgtm
/unhold

@jetstack-bot jetstack-bot added lgtm Indicates that a PR is ready to be merged. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Mar 18, 2022
@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

6 similar comments
@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

9 similar comments
@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

@jetstack-bot
Copy link
Contributor

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.

irbekrm added 4 commits March 21, 2022 07:09
@irbekrm
Use our own implementation of github.com/miekg/dns.TsigProvider inter…
3a21f96 
…face

To allow us to both upgrade the upstream library and keep supporting HMACMD5 as RFC2136 TSIG algorithm although it was deprecated in the upstream library

Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Cleanup of the adopted code
0b75448 
Don't swallow an error, don't use naked return

Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Adds a basic unit test
5c241ec 
Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Code review comments
2722e63 
Signed-off-by: irbekrm <irbekrm@gmail.com>
@jetstack-bot jetstack-bot removed the lgtm Indicates that a PR is ready to be merged. label Mar 21, 2022
@irbekrm
Copy link
Contributor Author

irbekrm commented Mar 21, 2022

@wallrj could I get another LGTM please?

Looks like I had to rebase the PR to get rid of the (unrelated) flakes.

@wallrj
Copy link
Member

wallrj commented Mar 22, 2022

/lgtm

1 similar comment
@wallrj
Copy link
Member

wallrj commented Mar 22, 2022

/lgtm

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Mar 22, 2022
@jetstack-bot jetstack-bot merged commit dc24503 into cert-manager:master Mar 22, 2022
@jetstack-bot jetstack-bot added this to the v1.8 milestone Mar 22, 2022
@irbekrm irbekrm deleted the tsig_provider branch March 25, 2022 09:06
irbekrm added a commit to irbekrm/cert-manager that referenced this pull request Mar 30, 2023
@irbekrm
Removes leftover replace statement
ece44ec 
This should have been removed in �[200~cert-manager#4958

Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm irbekrm mentioned this pull request Mar 30, 2023
Merged
irbekrm added a commit to irbekrm/cert-manager that referenced this pull request Mar 30, 2023
@irbekrm
Removes leftover replace statement
7617302 
This should have been removed in �[200~cert-manager#4958

Signed-off-by: irbekrm <irbekrm@gmail.com>
This was referenced Jan 2, 2024
Merged
Closed
Merged
logand22 pushed a commit to gravitational/cert-manager that referenced this pull request Mar 8, 2024
@irbekrm @logand22
Removes leftover replace statement
1680389 
This should have been removed in �[200~cert-manager#4958

Signed-off-by: irbekrm <irbekrm@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wallrj wallrj wallrj approved these changes

Assignees

@wallrj wallrj

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/acme/dns01 Indicates a PR modifies ACME DNS01 provider code area/acme Indicates a PR directly modifies the ACME Issuer code dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.8
Development

Successfully merging this pull request may close these issues.
3 participants
@irbekrm @jetstack-bot @wallrj