Update module github.com/go-git/go-git/v5 to v5.4.2

Merge pull request #444 from qlik-oss/fix_crds
Fix crds
2021-06-06 20:17:47 +00:00 · 2020-09-30 10:07:41 -04:00 · 2020-09-30 09:07:01 -04:00 · 2020-09-30 09:03:56 -04:00 · 2020-06-25 16:50:51 -04:00
3 changed files with 22 additions and 13 deletions
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/bugsnag/bugsnag-go v1.5.3 // indirect
 	github.com/containers/image/v5 v5.1.0
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/go-git/go-git/v5 v5.1.0
+	github.com/go-git/go-git/v5 v5.4.2
 	github.com/gobuffalo/envy v1.9.0 // indirect
 	github.com/gobuffalo/logger v1.0.3 // indirect
 	github.com/gobuffalo/packd v1.0.0 // indirect
--- a/pkg/preflight/verify_ca.go
+++ b/pkg/preflight/verify_ca.go
@@ -93,25 +93,30 @@ func (qp *QliksensePreflight) extractCertAndVerify(server string, caCertificates
 	// Get the ConnectionState struct as that's the one which gives us x509.Certificate struct
 	x509Certificates := conn.ConnectionState().PeerCertificates

+	var serverCert *x509.Certificate
 	if len(x509Certificates) == 0 {
 		return fmt.Errorf("no server certificates retrieved from the server")
 	}
-	if len(x509Certificates) > 1 {
-		return fmt.Errorf("more than 1 server certificate retrieved from the server")
+	// we retrieve and verify the server certificate, we ignore intermediate certificates at this point.
+	for _, x509Cert := range x509Certificates {
+		if !x509Cert.IsCA {
+			serverCert = x509Cert
+			break
+		}
+	}
+	if serverCert == nil {
+		return fmt.Errorf("no valid server certificates retrieved from the server")
 	}
-	//  execute verify cmd
 	roots := x509.NewCertPool()
-	ok := roots.AppendCertsFromPEM([]byte(caCertificates))
-	if !ok {
+	if ok := roots.AppendCertsFromPEM([]byte(caCertificates)); !ok {
 		return fmt.Errorf("failed to parse root certificate.")
 	}

 	opts := x509.VerifyOptions{
-		Roots:         roots,
-		DNSName:       u.Hostname(),
-		Intermediates: x509.NewCertPool(),
+		Roots:   roots,
+		DNSName: u.Hostname(),
 	}
-	if _, err := x509Certificates[0].Verify(opts); err != nil {
+	if _, err := serverCert.Verify(opts); err != nil {
 		return fmt.Errorf("failed to verify certificate: " + err.Error())
 	}
 	return nil
--- a/pkg/qliksense/crds.go
+++ b/pkg/qliksense/crds.go
@@ -93,11 +93,15 @@ func getQliksenseInitCrds(qcr *qapi.QliksenseCR) (string, error) {
 		}
 	}

-	qInitMsPath := filepath.Join(repoPath, Q_INIT_CRD_PATH)
+	qInitMsPath := filepath.Join(repoPath, "manifests", qcr.Spec.Profile, "crds")
 	if _, err := os.Lstat(qInitMsPath); err != nil {
-		// older version of qliksense-init used
-		qInitMsPath = filepath.Join(repoPath, "manifests/base/manifests/qliksense-init")
+		qInitMsPath = filepath.Join(repoPath, Q_INIT_CRD_PATH)
+		if _, err := os.Lstat(qInitMsPath); err != nil {
+			// older version of qliksense-init used
+			qInitMsPath = filepath.Join(repoPath, "manifests/base/manifests/qliksense-init")
+		}
 	}
+
 	qInitByte, err := ExecuteKustomizeBuild(qInitMsPath)
 	if err != nil {
 		fmt.Println("cannot generate crds for qliksense-init", err)
Author	SHA1	Message	Date
Renovate Bot	92652f7fae	Update module github.com/go-git/go-git/v5 to v5.4.2	2021-06-06 20:17:47 +00:00
Boris Kuschel	6ab9317638	Merge pull request #444 from qlik-oss/fix_crds Fix crds	2020-09-30 10:07:41 -04:00
Boris Kuschel	5899760c16	retain old qliksense-init func Signed-off-by: Boris Kuschel <boris.kuschel@qlik.com>	2020-09-30 09:07:01 -04:00
Boris Kuschel	a63c400106	Use crds in profile, if exists Signed-off-by: Boris Kuschel <boris.kuschel@qlik.com>	2020-09-30 09:03:56 -04:00
Ashwathi Shiva	568012edd8	Preflight openssl verify (#438 ) * verify only server cert, not intermediate certs at this point	2020-06-25 16:50:51 -04:00