snap-store-proxy-charm

Merge ~tshinn/snap-store-proxy-charm:compare_hostname_instead_of_full_url into snap-store-proxy-charm:main

Proposed by Tong Shinn on 2023-01-24

Status:	Merged
Approved by:	Tong Shinn on 2023-01-24
Approved revision:	be20e8b3b93b91fe8f867e4421dabb0dc9bf73d8
Merge reported by:	Otto Co-Pilot
Merged at revision:	not available
Proposed branch:	~tshinn/snap-store-proxy-charm:compare_hostname_instead_of_full_url
Merge into:	snap-store-proxy-charm:main
Diff against target:	38 lines (+3/-2) 3 files modified setup.cfg (+1/-0) src/charm.py (+1/-1) tests/test_charm.py (+1/-1)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Wouter van Bommel (community)		2023-01-24	Approve on 2023-01-24
Review via email: mp+436217@code.launchpad.net

Commit message

self._stored.domain contains the full URL (including http:// or https://) and thus directly comparing it to the CN or SAN of certificates does not work. Extract the hostname from the URL so that we can make the comparison.

Description of the change

With this change, we can now set the "certificate" and "private_key" configurations of snap-store-proxy via juju and the certificates will correctly match the configured domain of the proxy.

Revision history for this message

Wouter van Bommel (woutervb) wrote on 2023-01-24:

lgtm

review: Approve

Revision history for this message

Otto Co-Pilot (otto-copilot) wrote on 2023-01-24:

Running landing tests failed
https://jenkins.ols.canonical.com/online-services/job/snap-store-proxy-charm/39/

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Tong Shinn

Wouter van Bommel

1	diff --git a/setup.cfg b/setup.cfg
2	index 8e3f700..c59d487 100644
3	--- a/setup.cfg
4	+++ b/setup.cfg
5	@@ -9,6 +9,7 @@ exclude:
6	*.egg_info
7	extend-ignore =
8	E203
9	+ W503
10
11	[coverage:report]
12	# Regexes for lines to exclude from consideration
13	diff --git a/src/charm.py b/src/charm.py
14	index 4a64d8f..3bdbca1 100755
15	--- a/src/charm.py
16	+++ b/src/charm.py
17	@@ -319,7 +319,7 @@ class SnapstoreProxyCharm(CharmBase):
18	str(ip) for ip in san.value.get_values_for_type(x509.IPAddress)
19	)
20
21	- domain = getattr(self._stored, "domain")
22	+ domain = urlparse(getattr(self._stored, "domain")).hostname
23	if domain not in cert_names:
24	logger.warning(f"Could not find {domain} in list {cert_names}")
25	return "Certificate does not contain the proxy's registered name"
26	diff --git a/tests/test_charm.py b/tests/test_charm.py
27	index eff60e8..43d6364 100644
28	--- a/tests/test_charm.py
29	+++ b/tests/test_charm.py
30	@@ -627,7 +627,7 @@ class TestTLSCertificate(CharmTest):
31	# Test for correct handling of missing private key
32	domain = "http://test.domain.just.invented"
33	harness.charm._stored.domain = domain
34	- cert, key = self.create_x509_certificate(domain, san)
35	+ cert, key = self.create_x509_certificate("test.domain.just.invented", san)
36
37	# Since valid values will be pushed on to the proxy, we need to stub that here
38	with patch("charm.configure_proxy") as m_configure, patch(