You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@brooklyn.apache.org by grkvlt <gi...@git.apache.org> on 2016/07/14 17:45:45 UTC

[GitHub] brooklyn-library pull request #51: Support proxying with TLS client certific...

GitHub user grkvlt opened a pull request:

    https://github.com/apache/brooklyn-library/pull/51

    Support proxying with TLS client certificates in Nginx

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/grkvlt/brooklyn-library nginx-ssl-config

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/brooklyn-library/pull/51.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #51
    
----
commit 5dd15e87931372a455ef12e8b1e6650b1500731a
Author: Andrew Donald Kennedy <an...@cloudsoftcorp.com>
Date:   2016-07-14T17:12:36Z

    Support proxying with TLS client certificates in Nginx

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] brooklyn-library issue #51: Support proxying with TLS client certificates in...

Posted by aledsage <gi...@git.apache.org>.

Github user aledsage commented on the issue:

    https://github.com/apache/brooklyn-library/pull/51
  
    @grkvlt I agree this is too hard to write a test here for! We'd need to generate a certificate for the specific IP address of the server that the test is running against, then have some software component (e.g. etcd or swarm-node) that requies tls, and then configure our nginx to talk to that.
    
    This is being tested in a downstream project. The pragmatic thing to do is to merge this, and rely on the downstream project to regression test it for us. It's a fairly niche use-case anyway.
    
    Merging now that jenkins has completed.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] brooklyn-library pull request #51: Support proxying with TLS client certific...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/brooklyn-library/pull/51


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] brooklyn-library issue #51: Support proxying with TLS client certificates in...

Posted by Graeme-Miller <gi...@git.apache.org>.

Github user Graeme-Miller commented on the issue:

    https://github.com/apache/brooklyn-library/pull/51
  
    LGTM, but I agree with Aled that testing would be beneficial. Andrew did you investigate further how to do this?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] brooklyn-library issue #51: Support proxying with TLS client certificates in...

Posted by grkvlt <gi...@git.apache.org>.

Github user grkvlt commented on the issue:

    https://github.com/apache/brooklyn-library/pull/51
  
    @aledsage not sure how easy the test will be, since will need to configure tomcat (?) for client certificate auth, as well as generating a client certificate for the server that is running the test, so that it validates. I have tested this many times as a proxy to a Docker Swarm that uses client certificate authentication, but not sure how to replicate that in a test.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] brooklyn-library issue #51: Support proxying with TLS client certificates in...

Posted by aledsage <gi...@git.apache.org>.

Github user aledsage commented on the issue:

    https://github.com/apache/brooklyn-library/pull/51
  
    jenkins build failure is unrelated - @grkvlt is kicking it off again:
    
    ```
    Parsing POMs
    Downloaded artifact http://repository.apache.org/snapshots/org/apache/brooklyn/brooklyn-parent/0.10.0-SNAPSHOT/maven-metadata.xml
    Downloaded artifact http://repository.apache.org/snapshots/org/apache/brooklyn/brooklyn-parent/0.10.0-SNAPSHOT/brooklyn-parent-0.10.0-20160719.223024-76.pom
    Downloaded artifact http://repository.apache.org/snapshots/org/apache/brooklyn/brooklyn-server/0.10.0-SNAPSHOT/maven-metadata.xml
    Downloaded artifact http://repository.apache.org/snapshots/org/apache/brooklyn/brooklyn-server/0.10.0-SNAPSHOT/brooklyn-server-0.10.0-20160719.223502-76.pom
    Failed to transfer Could not find metadata org.apache.brooklyn:brooklyn-parent:0.10.0-SNAPSHOT/maven-metadata.xml in clojars.org (http://clojars.org/repo)
    Failed to transfer Could not find metadata org.apache.brooklyn:brooklyn-server:0.10.0-SNAPSHOT/maven-metadata.xml in clojars.org (http://clojars.org/repo)
    Failed to transfer Could not find metadata org.apache.brooklyn:brooklyn-parent:0.10.0-SNAPSHOT/maven-metadata.xml in oracle (http://download.oracle.com/maven)
    Failed to transfer Could not find metadata org.apache.brooklyn:brooklyn-server:0.10.0-SNAPSHOT/maven-metadata.xml in oracle (http://download.oracle.com/maven)
    Modules changed, recalculating dependency graph
    Build timed out (after 40 minutes). Marking the build as aborted.
    Build was aborted
    Putting comment on the pull request
    Finished: ABORTED
    ```



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] brooklyn-library issue #51: Support proxying with TLS client certificates in...

Posted by aledsage-tmp <gi...@git.apache.org>.

Github user aledsage-tmp commented on the issue:

    https://github.com/apache/brooklyn-library/pull/51
  
    @grkvlt Can you add a test as well please - see https://github.com/apache/brooklyn-library/blob/67a4dda36fcc0eaa628a5a887bdb07f953e06610/software/webapp/src/test/java/org/apache/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.java for existing nginx tests that are similar.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---