Landscape Client

Incorrect/Misleading key name in landscape-client charm and landscape-config tool, "ssl public key"

Bug #2066033 reported by Yamen Hatahet
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Landscape Client
Triaged
Undecided
Unassigned
landscape-client-charm
Triaged
Undecided
Unassigned
landscape-client (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

The issue is in the landscape-client charm's config, with the key name "ssl-public-key", as well as in the landscape-config tool (which is part of the landscape-client), with the cli option -k SS:_PUBLIC KEY, --ssl-public-key=SSL_PUBLIC_KEY.

Below is the entry in the landscape-client charmhub page:

```
ssl-public-key | string

The CA certificate to verify the server certificate with. This can be
a path to a file, or a base64 encoded entry of the certificate itself,
prefixed with "base64:". This config is only used if the message server
URL given above starts with https.
```

And in the man page of landscape-config:

```
       -k SSL_PUBLIC_KEY, --ssl-public-key=SSL_PUBLIC_KEY
              The SSL CA certificate to verify the server with. Only used if the server URL to which we connect is https.
```
Additionally, when using the `landscape-config` tool, it will ask the user to supply the --ssl-public-key option, so the change needs to be done on all occurrences.

The word "key" should be changed to something more accurate, such as "cert".

See original description
Revision history for this message
Bartosz Woronicz (mastier1) wrote :

For the sake of consistency with other charms like for openstack charms I would go with ssl-ca

Also the landscape client should be update to match the correct naming convention

```
root@vault-1:~# cat /etc/landscape/client.conf|grep ssl_public_key
ssl_public_key = /etc/ssl/certs/landscape_server_ca.crt
root@vault-1:~# head /etc/ssl/certs/landscape_server_ca.crt
-----BEGIN CERTIFICATE-----
MIIEOTCCAyGg.................J4Z4wDQYJKoZIhvcNAQEL
BQAwLDEq....................1VEIEVudGVycHJpc2UgSXNzdWluZyBDQSAx
```

Yamen Hatahet (yhatahet)
summary: - Incorrect/Misleading key name in landscape-client "ssl-public-key"
+ Incorrect/Misleading key name in landscape-client charm config "ssl-
+ public-key"
Revision history for this message
Bartosz Woronicz (mastier1) wrote : Re: Incorrect/Misleading key name in landscape-client charm config "ssl-public-key"

Also the need for base64: prefix is redundant.
It should be served on the charm level to check whether the input is base64, all other charms are doing it this way
https://github.com/juju/charm-helpers/blob/master/charmhelpers/contrib/openstack/cert_utils.py#L344

For the elegance you may add some the cert validation itself

Yamen Hatahet (yhatahet)
summary: - Incorrect/Misleading key name in landscape-client charm config "ssl-
- public-key"
+ Incorrect/Misleading key name in landscape-client charm and landscape-
+ config tool, "ssl public key"
Revision history for this message
Yamen Hatahet (yhatahet) wrote :

Completely Agree with @mastier1 . The base64 prefix is an easy way to make errors, and sometimes hard to debug.

description: updated
Yamen Hatahet (yhatahet)
description: updated
Mitch Burton (mitchburton)
Changed in landscape-client:
status: New → Confirmed
Changed in landscape-client-charm:
status: New → Confirmed
Changed in landscape-client (Ubuntu):
status: New → Confirmed
Changed in landscape-client:
status: Confirmed → Triaged
Changed in landscape-client-charm:
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.