Skip to content

XSI-1821: Add pre-condition for host.emergency_reenable_tls_verification #6322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 4, 2025
Merged

XSI-1821: Add pre-condition for host.emergency_reenable_tls_verification #6322

merged 1 commit into from
Mar 4, 2025

Conversation

gangj
Copy link
Contributor

@gangj gangj commented Feb 26, 2025
edited
Loading

host.emergency_reenable_tls_verification can only be used after TLS
verification is enabled in pool, raise an error if otherwise.

lindig
lindig approved these changes Feb 26, 2025
View reviewed changes
robhoes
robhoes reviewed Feb 26, 2025
View reviewed changes
psafont
psafont requested changes Feb 26, 2025
View reviewed changes
@psafont
Copy link
Member

psafont commented Feb 26, 2025

I think one protection that can be worth doing is to fail when the normal tls_enable can be done. That is, the database is available and certificate checking is off for the pool. The error should direct the user to use the normal call

@robhoes
Copy link
Member

robhoes commented Feb 26, 2025

I agree with @psafont 's last comment: the host re-enable call should only be used if the pool has verification enabled.

@gangj gangj force-pushed the private/gangj/XSI-1821 branch from 75dec32 to 03c7c0a Compare February 27, 2025 07:07
@gangj gangj changed the title XSI-1821: Assert certificates exchanged for host.emergency_reenable_tls_verification XSI-1821: Add pre-condition for host.emergency_reenable_tls_verification Feb 27, 2025
@gangj gangj force-pushed the private/gangj/XSI-1821 branch from 03c7c0a to 4669a5e Compare February 27, 2025 07:22
@gangj gangj requested review from psafont and robhoes February 27, 2025 07:26
@gangj gangj force-pushed the private/gangj/XSI-1821 branch from 4669a5e to 149d437 Compare February 27, 2025 08:08
psafont
psafont reviewed Feb 27, 2025
View reviewed changes
@gangj
XSI-1821: Add pre-condition for host.emergency_reenable_tls_verification
14da91a 
host.emergency_reenable_tls_verification can only be used after TLS
verification is enabled in pool, raise an error if otherwise.

Signed-off-by: Gang Ji <gang.ji@cloud.com>
@gangj gangj force-pushed the private/gangj/XSI-1821 branch from 5ddb4cd to 14da91a Compare February 27, 2025 10:49
@gangj gangj added this pull request to the merge queue Mar 4, 2025
Merged via the queue into xapi-project:master with commit bdd1e03 Mar 4, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lindig lindig lindig approved these changes

@psafont psafont psafont approved these changes

@robhoes robhoes Awaiting requested review from robhoes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gangj @psafont @robhoes @lindig