Skip to content

Fix some provisioner and policy prompt issues #1391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 28, 2025
Merged

Fix some provisioner and policy prompt issues #1391

merged 5 commits into from
Mar 28, 2025

Conversation

hslatman
Copy link
Member

@hslatman hslatman commented Mar 20, 2025
edited
Loading

This PR fixes the following issues:

  • SCEP provisioners not detected in admin token flows. They now return an error, similar to ACME provisioners.
  • Invalid provisioner selection logic when managing provisioner policies. The --provisioner flag was used to select a provisioner to authenticate as well as the provisioner to manage policies for.
  • Unexpected error messages showing "issuer" instead of "provisioner" flag. In certain situations the CLI would return error messages indicating an issue with the --issuer flag value, whereas it was actually supplied in the --provisioner flag. This fixes step cli flags with aliases sometimes report a different alias in error messages #821.
  • Update some usages of issuer in our code to reflect provisioner names.

@github-actions github-actions bot added the needs triage Waiting for discussion / prioritization by team label Mar 20, 2025
@hslatman hslatman force-pushed the herman/policy-scep-prompt-fixes branch 2 times, most recently from 1f417fb to bd5cdf3 Compare March 20, 2025 14:10
@hslatman hslatman changed the title Fix some provisioner and policy prompt issues Fix some provisioner and policy prompt issues (WIP) Mar 20, 2025
@hslatman hslatman added this to the v0.28.7 milestone Mar 20, 2025
@hslatman hslatman force-pushed the herman/policy-scep-prompt-fixes branch from bd5cdf3 to 4f46e13 Compare March 20, 2025 14:53
hslatman added 3 commits March 27, 2025 19:50
@hslatman
Fix some provisioner prompt issues related to SCEP and policies
1cec31e 
This PR fixes the following issues:

 - SCEP provisioners not detected in admin token flows
 - Invalid provisioner selection logic when managing provisioner policies
 - Unexpected error messages showing "issuer" instead or "provisioner" flag
@hslatman
Rename some usages of "issuer" to "provisionerName"
9e63618 
Long ago the "issuer" flag was used to denote what we not call
provisioners. There were still some uses of `issuer` in the code,
which have now been renamed to reflect their current usage. Only
when the actual token is going to be signed, will it be called
an `issuer` again.
@hslatman
Refactor ignoring of provisioner flag to not rely on package globals
064866f
@hslatman hslatman force-pushed the herman/policy-scep-prompt-fixes branch from 4f46e13 to 064866f Compare March 27, 2025 18:50
@hslatman hslatman marked this pull request as ready for review March 27, 2025 18:50
@hslatman hslatman changed the title Fix some provisioner and policy prompt issues (WIP) Fix some provisioner and policy prompt issues Mar 27, 2025
maraino
maraino reviewed Mar 27, 2025
View reviewed changes
Copy link
Collaborator

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good, but I would try to see if doing this would work:

ctx.Set("provisioner", "")
// and perhaps 
// ctx.Set("issuer", "")

maraino
maraino previously approved these changes Mar 27, 2025
View reviewed changes
Copy link
Collaborator

@maraino maraino left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks a bit hacky, but it would be nice to find a different way to set the flag to "" for just the things we need. Perhaps with token options instead of getting things from the context in this "flow" methods.

@hslatman hslatman force-pushed the herman/policy-scep-prompt-fixes branch from 418c526 to c153ef3 Compare March 27, 2025 20:56
@hslatman hslatman requested a review from maraino March 27, 2025 21:42
@hslatman hslatman enabled auto-merge March 28, 2025 17:27
maraino
maraino reviewed Mar 28, 2025
View reviewed changes
Copy link
Collaborator

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but I would also set the alias to "". This will also fix the issue if the alias is in an environment variable or on defaults.json

@hslatman hslatman requested a review from maraino March 28, 2025 18:07
maraino
maraino approved these changes Mar 28, 2025
View reviewed changes
Copy link
Collaborator

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@hslatman hslatman merged commit f1aadbb into master Mar 28, 2025
14 of 15 checks passed
@hslatman hslatman deleted the herman/policy-scep-prompt-fixes branch March 28, 2025 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maraino maraino maraino approved these changes

Assignees
No one assigned
Labels
needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
v0.28.7
Development

Successfully merging this pull request may close these issues.

step cli flags with aliases sometimes report a different alias in error messages
2 participants
@hslatman @maraino