Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ca init --dns=csv validated as single DNS name, not a CSV of them #537

Closed
labichn opened this issue Sep 4, 2021 · 1 comment · Fixed by #545
Closed

ca init --dns=csv validated as single DNS name, not a CSV of them #537

labichn opened this issue Sep 4, 2021 · 1 comment · Fixed by #545
Assignees
@dopey
Labels
bug needs triage Waiting for discussion / prioritization by team

Comments

@labichn
Copy link

labichn commented Sep 4, 2021

Subject of the issue

The value passed to the --dns flag of step ca init is validated incorrectly.

The issue seems to be here. The ui.DNS() validator tests for a single DNS name, not a CSV of them.

Your environment

  • OS - Arch Linux
  • Version - Smallstep CLI/0.16.1 (linux/amd64) Release Date: 2021-07-12

Steps to reproduce

$ step ca init --dns=[::1] --address=:443 --name=ca --provisioner=jwk --password-file=<(echo foo)
# Works fine
$ step ca init --dns=localhost,127.0.0.1 ...
# Works because 'localhost,127.0.0.1' is a valid host per https://pkg.go.dev/net#SplitHostPort
$ step ca init --dns=localhost,127.0.0.1,[::1] ...
localhost,127.0.0.1,[::1] is not a valid DNS name

Expected behaviour

The third command should continue without error and lead to the expected ca.json:dnsNames:

$ step ca init --dns=localhost,127.0.0.1,[::1] --address=:443 --name=ca --provisioner=jwk --password-file=<(echo foo)
$ jq .dnsNames $STEPPATH/config/ca.json
[
   "localhost",
   "127.0.0.1",
   "[::1]"
]

Actual behaviour

The validation error localhost,127.0.0.1,[::1] is not a valid DNS name is printed to stderr.
@labichn labichn added bug needs triage Waiting for discussion / prioritization by team labels Sep 4, 2021
@dopey dopey self-assigned this Sep 8, 2021
tashian added a commit to smallstep/certificates that referenced this issue Sep 8, 2021
@tashian
Fixes Docker entrypoint script for smallstep/cli#537
324df87
@tashian
Copy link
Contributor

tashian commented Sep 8, 2021

Hi @dopey I just added a branch on smallstep/certificates to have the docker entrypoint script pass multiple --dns values. Once you have a fix here I can test it out.

@dopey dopey mentioned this issue Sep 9, 2021
Merged
@dopey dopey closed this as completed in #545 Sep 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dopey dopey

Labels
bug needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Change dns to string slice in ca init but backwards compatible csv smallstep/cli
3 participants
@tashian @labichn @dopey