Merge ~tshinn/snap-store-proxy-charm:compare_hostname_instead_of_full_url into snap-store-proxy-charm:main

Proposed by Tong Shinn
Status: Merged
Approved by: Tong Shinn
Approved revision: be20e8b3b93b91fe8f867e4421dabb0dc9bf73d8
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~tshinn/snap-store-proxy-charm:compare_hostname_instead_of_full_url
Merge into: snap-store-proxy-charm:main
Diff against target: 38 lines (+3/-2)
3 files modified
setup.cfg (+1/-0)
src/charm.py (+1/-1)
tests/test_charm.py (+1/-1)
Reviewer Review Type Date Requested Status
Wouter van Bommel (community) Approve
Review via email: mp+436217@code.launchpad.net

Commit message

self._stored.domain contains the full URL (including http:// or https://) and thus directly comparing it to the CN or SAN of certificates does not work. Extract the hostname from the URL so that we can make the comparison.

Description of the change

With this change, we can now set the "certificate" and "private_key" configurations of snap-store-proxy via juju and the certificates will correctly match the configured domain of the proxy.

To post a comment you must log in.
Revision history for this message
Wouter van Bommel (woutervb) wrote :

lgtm

review: Approve
Revision history for this message
Otto Co-Pilot (otto-copilot) wrote :

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/setup.cfg b/setup.cfg
2index 8e3f700..c59d487 100644
3--- a/setup.cfg
4+++ b/setup.cfg
5@@ -9,6 +9,7 @@ exclude:
6 *.egg_info
7 extend-ignore =
8 E203
9+ W503
10
11 [coverage:report]
12 # Regexes for lines to exclude from consideration
13diff --git a/src/charm.py b/src/charm.py
14index 4a64d8f..3bdbca1 100755
15--- a/src/charm.py
16+++ b/src/charm.py
17@@ -319,7 +319,7 @@ class SnapstoreProxyCharm(CharmBase):
18 str(ip) for ip in san.value.get_values_for_type(x509.IPAddress)
19 )
20
21- domain = getattr(self._stored, "domain")
22+ domain = urlparse(getattr(self._stored, "domain")).hostname
23 if domain not in cert_names:
24 logger.warning(f"Could not find {domain} in list {cert_names}")
25 return "Certificate does not contain the proxy's registered name"
26diff --git a/tests/test_charm.py b/tests/test_charm.py
27index eff60e8..43d6364 100644
28--- a/tests/test_charm.py
29+++ b/tests/test_charm.py
30@@ -627,7 +627,7 @@ class TestTLSCertificate(CharmTest):
31 # Test for correct handling of missing private key
32 domain = "http://test.domain.just.invented"
33 harness.charm._stored.domain = domain
34- cert, key = self.create_x509_certificate(domain, san)
35+ cert, key = self.create_x509_certificate("test.domain.just.invented", san)
36
37 # Since valid values will be pushed on to the proxy, we need to stub that here
38 with patch("charm.configure_proxy") as m_configure, patch(

Subscribers

People subscribed via source and target branches

to all changes: