Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use GetPelicanUser() to set issuer keys directory's permission group #2062

Merged
merged 1 commit into from
Feb 28, 2025
Merged

Use GetPelicanUser() to set issuer keys directory's permission group #2062

merged 1 commit into from
Feb 28, 2025

Conversation

h2zh
Copy link
Collaborator

@h2zh h2zh commented Feb 27, 2025

No description provided.

@h2zh h2zh added the bug Something isn't working label Feb 27, 2025
@h2zh h2zh added this to the v7.14 milestone Feb 27, 2025
@h2zh h2zh requested a review from brianaydemir February 27, 2025 21:09
@h2zh h2zh linked an issue Feb 27, 2025 that may be closed by this pull request
Issuer keys directory's permission group should not be set to 'xrootd' #2063
Closed
7 tasks
@h2zh h2zh mentioned this pull request Feb 27, 2025
Merged
@h2zh h2zh requested a review from jhiemstrawisc February 28, 2025 16:02
jhiemstrawisc
jhiemstrawisc approved these changes Feb 28, 2025
View reviewed changes
Copy link
Member

@jhiemstrawisc jhiemstrawisc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This passes my smell check. Have we confirmed that changing the user to Pelican doesn't prevent us from exporting public keys through the .well-known/ path at our XRootD endpoint?

@h2zh
Copy link
Collaborator Author

h2zh commented Feb 28, 2025
edited
Loading

This passes my smell check. Have we confirmed that changing the user to Pelican doesn't prevent us from exporting public keys through the .well-known/ path at our XRootD endpoint?

Public key can still be obtained by sending a GET request to https://localhost:8447/.well-known/issuer.jwks (8447 is the port I run Origin), while https://localhost:8443/.well-known/issuer.jwks cannot get the public key before or after this PR(see next comment for update). Am I probing the port and endpoint the same as your expected?

@h2zh h2zh merged commit b29c24b into PelicanPlatform:main Feb 28, 2025
26 of 28 checks passed
@h2zh
Copy link
Collaborator Author

h2zh commented Feb 28, 2025

Alarm cleared! No need to create another issue. I double checked and found out https://localhost:8443/.well-known/issuer.jwks CAN get the public key before AND after this PR. My previous test said "no" because it prompted me to provide a certificate when accessing this endpoint. I just found out that I could just click "cancel" to bypass this blocker and access the public key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhiemstrawisc jhiemstrawisc jhiemstrawisc approved these changes

@brianaydemir brianaydemir Awaiting requested review from brianaydemir

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
v7.14
Development

Successfully merging this pull request may close these issues.

Issuer keys directory's permission group should not be set to 'xrootd'
2 participants
@h2zh @jhiemstrawisc