-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ Add support for static client certificates defined in fastly.toml. #306
Conversation
lib/src/config.rs
Outdated
key = """ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIEpQIBAAKCAQEAz27x1GpD46K6b9/3PNyZYKgTL9GBbpLAVF8Uebd34ftUfnWZ | ||
3ER+x6A1YbacHnL112diPPevyYkpXuiujwCeswYNrZHEtiRfAvrzBRhnhL8owQTx | ||
jOcG4EOzR7Je556FTq8kNth5iHckORjmXiV9ZahbLv/zBFpkXpDeze62zd8y9chP | ||
NEqcrLZBOb4UoKXmOt1lIdeo23nysR4rC6XemWNSFcZv9zagUzliMeca3XN2RIUA | ||
FZv4o+gYPqqXQi+0a+OOq0jnKpawW+avn2UG7wzXGlLcVOvLe5BOCA1RfWtR8w03 | ||
MFdvoBAesXJ4xGX1ROUzelldedmpqtvORdhmGQIDAQABAoIBAQCsbu6KhDehMDHJ | ||
NCWjK0I4zh78/iyZDVbiDBPKRpBag4GuifX329yD95LIgnNvAGOKxz8rrT4sy19f | ||
rQ8Ggx5pdVvDcExUmRF+Obvw/WN4PywSoBhn59iYbs7Gh+lKo0Tvrrns+bC1l0y+ | ||
RguiMYn3CqeZ/1w1vyp2TflYuNqvcR4zMzJ4dN474CCLPIUX9OfK21Lbv/UMdguF | ||
Rs/BuStucqaCzEtTLyZYlxQc1i8S8Uy2yukXR6TYWJOsWZj0KIgH/YI7ZgzvTIxL | ||
ax4Hn4jIHPFSJ+vl2ehDKffkQQ0lzm60ASkjaJY6GsFoTQzsmuafpLIAoJbDbZR1 | ||
txPSFC+BAoGBAPbp6+LsXoEY+4RfStg4c/oLWmK3aTxzQzMY90vxnMm6SJTwTPAm | ||
pO+Pp2UGyEGHV7hg3d+ItWpM9QGVmsjm+punIfc0W/0+AVUonjPLfv44dz7+geYt | ||
/oeMv4RTqCclROvtQTqV6hHn4E3Xg061miEe6OxYmqfZuLD2nv2VlsQRAoGBANcR | ||
GAqeClQtraTnu+yU9U+FJZfvSxs1yHr7XItCMtwxeU6+nipa+3pXNnKu0dKKekUG | ||
PCdUipXgggA6OUm2YFKPUhiXJUNoHCj45Tkv2NshGplW33U3NcCkDqL7vvZoBBfP | ||
OPxEVRVEIlwp/WzEambs9MjWoecEaOe7/3UCVumJAoGANlfVquQLCK7O7JtshZon | ||
LGlDQ2bKqptTtvNPuk87CssNHnqk9FYNBwy+8uVDPejjzZjEPGaCRxsY8XhT0NPF | ||
ZGysdRP5CwuSj4OZDh1DngAffqXVQSvuUTcRD7a506PIP4TATnygP8ChBYDhTXl6 | ||
qr961EnMABVTKN+eroE15YECgYEAv+YLyqV71+KuNx9i6lV7kcnfYnNtU8koqruQ | ||
tt2Jnjoy4JVrcaWfEGmzNp9Qr4lKUj6e/AUOZ29c8DEDnwcxaVliynhLEptZzSFQ | ||
/zb3S4d9QWdnmiJ6Pvrj6H+yxBDJ3ijT0xxxwrj547y/2QZlXpN+U5pX+ldP974i | ||
0dgVjukCgYEArxv0dO2VEguWLx5YijHiN72nDDI+skbfkQkvWQjA7x8R9Xx1SWUl | ||
WeyeaaV5rqfJZF1wBCK5VJndjbOGhPh6u/0mpeYw4Ty3+CKN2WoikQO27qYfMZW5 | ||
vvT7m9ZR+gkm2TjZ+pZuilz2gqu/yMJKl8Fi8Q7dsb8eWedWQXjbUZg= | ||
-----END RSA PRIVATE KEY----- | ||
""" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As fastly.toml
is often committed into projects - could we also offer key_path
and certificate_path
which contain paths to the files which contain the key and certificate, that way projects can exclude those files from being committed whilst still allowing fastly.toml
to be committed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code has moved and shifted a bit, and I think maybe this comment has gotten mis-attributed. But, if you look in lib/src/config/backends/client_cert_info.rs
(or the CHANGELOG), you'll see that this PR does add the ability to either add the TLS certificate/key directly in the file (using certificate
and key
) or by reference in a file (using certificate_file
and key_file
).
Obviously, we can change those to certificate_path
and key_path
, if those would be better names.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚢
I was going to ask about adding documentation for this to https://www.fastly.com/documentation/reference/compute/fastly-toml/, but I see that "ca_certs" isn't documented there either. I guess this means we need to launch an 'audit' project to get the docs up to date with what the CLI and Viceroy actually support in fastly.toml. |
…astly#306) Add support for supplying client certificates in fastly.toml, through the use of the `client_cert_info` table, which must have one of a "certificate" or "certificate_file" key, as well as one of a "key" and "key_file" key. The "_file" variants can be used to point to certificate/key files on disk, whereas the non-"_file" variants should be multi-line string constants in the toml. In all cases, they should be in PEM format.
As it says in the CHANGELOG entry:
Add support for supplying client certificates in fastly.toml, through the use of the
client_cert_info
table, which must have one of a "certificate" or "certificate_file"key, as well as one of a "key" and "key_file" key. The "_file" variants can be used to
point to certificate/key files on disk, whereas the non-"_file" variants should be
multi-line string constants in the toml. In all cases, they should be in PEM format.