-
Notifications
You must be signed in to change notification settings - Fork 926
Allow using server authentication cert config in runtime WithContainerFiles callbacks, fix MacOS keychain access spam with dev cert #13151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 4 commits
d06fc0f
ef6b320
64a4219
e453337
64bffd2
540e423
51053cd
e97c4f5
9ecbc62
820d7b8
42f6377
1f256d3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,6 +2,7 @@ | |
| // The .NET Foundation licenses this file to you under the MIT license. | ||
|
|
||
| using System.Diagnostics; | ||
| using System.Diagnostics.CodeAnalysis; | ||
|
|
||
| namespace Aspire.Hosting.ApplicationModel; | ||
|
|
||
|
|
@@ -276,4 +277,37 @@ public sealed class ContainerFileSystemCallbackContext | |
| /// The app model resource the callback is associated with. | ||
| /// </summary> | ||
| public required IResource Model { get; init; } | ||
|
|
||
| /// <summary> | ||
| /// The path to the server authentication certificate file inside the container. | ||
| /// </summary> | ||
| [Experimental("ASPIRECERTIFICATES001", UrlFormat = "https://aka.ms/aspire/diagnostics/{0}")] | ||
| public ContainerFileSystemCallbackServerAuthenticationCertificateContext? ServerAuthenticationCertificateContext { get; set; } | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Represents the context for server authentication certificate files in a <see cref="ContainerFileSystemCallbackContext"/>. | ||
| /// </summary> | ||
| [Experimental("ASPIRECERTIFICATES001", UrlFormat = "https://aka.ms/aspire/diagnostics/{0}")] | ||
| public sealed class ContainerFileSystemCallbackServerAuthenticationCertificateContext | ||
| { | ||
| /// <summary> | ||
| /// The path to the server authentication certificate file inside the container. | ||
| /// </summary> | ||
|
danegsta marked this conversation as resolved.
|
||
| public ReferenceExpression CertificatePath { get; init; } = null!; | ||
|
|
||
| /// <summary> | ||
| /// The path to the server authentication key file inside the container. | ||
| /// </summary> | ||
|
danegsta marked this conversation as resolved.
|
||
| public ReferenceExpression KeyPath { get; init; } = null!; | ||
|
|
||
| /// <summary> | ||
| /// The path to the server authentication PFX file inside the container. | ||
| /// </summary> | ||
|
Comment on lines
+306
to
+309
|
||
| public ReferenceExpression PfxPath { get; init; } = null!; | ||
|
|
||
| /// <summary> | ||
| /// The password for the server authentication PFX file inside the container. | ||
| /// </summary> | ||
|
danegsta marked this conversation as resolved.
|
||
| public string? Password { get; init; } | ||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -63,13 +63,20 @@ private ReferenceExpression(string format, IValueProvider[] valueProviders, stri | |
| public string ValueExpression => | ||
| string.Format(CultureInfo.InvariantCulture, Format, _manifestExpressions); | ||
|
|
||
| /// <summary> | ||
| /// Indicates whether this expression was ever referenced to get its value. | ||
| /// </summary> | ||
| internal bool WasResolved { get; set; } | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why do we need this?
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I’m only generating key material that’s actually reference; if no resource actually references the pfx or pem key, I’m not exporting them. I’m using this to check the usage.
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I dont like it, can we put it outside of the reference expression.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Other option (without making the API weird) would be a custom IValueProvider |
||
|
|
||
| /// <summary> | ||
| /// Gets the value of the expression. The final string value after evaluating the format string and its parameters. | ||
| /// </summary> | ||
| /// <param name="context">A context for resolving the value.</param> | ||
| /// <param name="cancellationToken">A <see cref="CancellationToken"/>.</param> | ||
| public async ValueTask<string?> GetValueAsync(ValueProviderContext context, CancellationToken cancellationToken) | ||
| { | ||
| WasResolved = true; | ||
|
|
||
| // NOTE: any logical changes to this method should also be made to ExpressionResolver.EvalExpressionAsync | ||
| if (Format.Length == 0) | ||
| { | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| // Licensed to the .NET Foundation under one or more agreements. | ||
| // The .NET Foundation licenses this file to you under the MIT license. | ||
|
|
||
| using System.Diagnostics.CodeAnalysis; | ||
| using Aspire.Hosting.ApplicationModel; | ||
|
|
||
| /// <summary> | ||
| /// Represents a X509 Certificate resource. This may be backed by a local certificate in run mode or a remote certificate in deploy mode. | ||
| /// </summary> | ||
|
danegsta marked this conversation as resolved.
Outdated
|
||
| [Experimental("ASPIRECERTIFICATES001", UrlFormat = "https://aka.ms/aspire/diagnostics/{0}")] | ||
| public sealed class X509CertificateResource : Resource | ||
| { | ||
| /// <summary> | ||
| /// Initializes a new instance of the <see cref="X509CertificateResource"/> class with the specified name. | ||
| /// </summary> | ||
| /// <param name="name">The name of the resource.</param> | ||
| public X509CertificateResource(string name) : base(name) | ||
| { | ||
| ArgumentNullException.ThrowIfNull(name); | ||
|
danegsta marked this conversation as resolved.
Outdated
|
||
| } | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The documentation says "The path to the server authentication certificate file inside the container" but this property actually contains a
ContainerFileSystemCallbackServerAuthenticationCertificateContextobject, not a path. The documentation should describe what the context contains, e.g., "The server authentication certificate context containing paths to certificate files and associated configuration."