Skip to content

fix: tedge cert renew returning success exit code on error #3525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 2, 2025
Merged

fix: tedge cert renew returning success exit code on error #3525

merged 4 commits into from
Apr 2, 2025

Conversation

didier-wenzek
Copy link
Contributor

@didier-wenzek didier-wenzek commented Apr 2, 2025
edited
Loading

Proposed changes

  • tedge cert renew exits with status code 1 on error
  • tedge cert renew returning a confusing error message when the private key cannot be read

Types of changes

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
  • Documentation Update (if none of the other choices apply)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

#3524

Checklist

  • I have read the CONTRIBUTING doc
  • I have signed the CLA (in all commits with git commit -s. You can activate automatic signing by running just prepare-dev once)
  • I ran just format as mentioned in CODING_GUIDELINES
  • I used just check as mentioned in CODING_GUIDELINES
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

@codecov Codecov
Copy link

codecov bot commented Apr 2, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 11.11111% with 56 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...tes/core/tedge/src/cli/certificate/c8y/download.rs 0.00% 18 Missing ⚠️
crates/core/tedge/src/cli/certificate/c8y/renew.rs 0.00% 16 Missing ⚠️
crates/core/tedge/src/cli/certificate/error.rs 9.09% 10 Missing ⚠️
crates/core/c8y_api/src/http_proxy.rs 0.00% 5 Missing ⚠️
crates/core/tedge/src/cli/certificate/mod.rs 0.00% 5 Missing ⚠️
crates/core/tedge/src/cli/certificate/create.rs 80.00% 1 Missing ⚠️
...rates/core/tedge/src/cli/certificate/create_csr.rs 66.66% 0 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@didier-wenzek didier-wenzek temporarily deployed to Test Pull Request April 2, 2025 08:53 — with GitHub Actions Inactive
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 2, 2025
edited
Loading

Robot Results

✅ Passed ❌ Failed ⏭️ Skipped Total Pass % ⏱️ Duration
604 0 3 604 100 1h43m4.138806999s

@didier-wenzek didier-wenzek force-pushed the fix/cert-renew-exit-code branch from cbceba9 to ec2bf68 Compare April 2, 2025 09:20
@didier-wenzek didier-wenzek temporarily deployed to Test Pull Request April 2, 2025 09:20 — with GitHub Actions Inactive
didier-wenzek
didier-wenzek commented Apr 2, 2025
View reviewed changes
crates/core/tedge/src/cli/certificate/create.rs
Comment on lines +169 to +175
.or_else(|err| {
if key_path.exists() {
Err(err)
} else {
Ok(KeyKind::New)
}
})
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The root cause of the error-prone hint was to conflate all error cases into a file not found error.

@didier-wenzek didier-wenzek added bug Something isn't working theme:cli Theme: cli related topics theme:certificates Theme: Device certificate topics labels Apr 2, 2025
rina23q
rina23q reviewed Apr 2, 2025
View reviewed changes
Copy link
Member

@rina23q rina23q left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure the behaviour of tedge cert renew for self-signed certificate is intended.

@didier-wenzek didier-wenzek temporarily deployed to Test Pull Request April 2, 2025 14:16 — with GitHub Actions Inactive
reubenmiller
reubenmiller approved these changes Apr 2, 2025
View reviewed changes
Copy link
Contributor

@reubenmiller reubenmiller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. Works nicely now.

rina23q
rina23q approved these changes Apr 2, 2025
View reviewed changes
Copy link
Member

@rina23q rina23q left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@didier-wenzek
Fix exit code on tedge cert error
1e0dc63 
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
@didier-wenzek
Fix tedge cert renew error-prone error message
9f16e40 
When run without enough privileges
`tedge cert renew` was returning an error-prone message:

```
A private key already exists and would be overwritten.
Run `tedge cert remove` first to generate a new certificate and private key.
```

With this fix the error points to the correct cause:

```
Error: failed to renew the device certificate from https://127.0.0.1

Caused by:
    0: I/O error accessing the private key: "/etc/tedge/device-certs/demo-device-888.key"
    1: Permission denied (os error 13)
```

Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
@didier-wenzek
Fix: do not remove the certificate before a renewal
e5e1f94 
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
@didier-wenzek
Fix blocking call from async code
f34c00a 
Signed-off-by: Didier Wenzek <didier.wenzek@free.fr>
@didier-wenzek didier-wenzek force-pushed the fix/cert-renew-exit-code branch from 758b169 to f34c00a Compare April 2, 2025 18:37
@didier-wenzek didier-wenzek temporarily deployed to Test Pull Request April 2, 2025 18:38 — with GitHub Actions Inactive
@didier-wenzek didier-wenzek enabled auto-merge April 2, 2025 18:38
@didier-wenzek didier-wenzek added this pull request to the merge queue Apr 2, 2025
Merged via the queue into thin-edge:main with commit e727c2d Apr 2, 2025
34 checks passed
@didier-wenzek didier-wenzek deleted the fix/cert-renew-exit-code branch April 2, 2025 19:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reubenmiller reubenmiller reubenmiller approved these changes

@rina23q rina23q rina23q approved these changes

@albinsuresh albinsuresh Awaiting requested review from albinsuresh albinsuresh is a code owner

@jarhodes314 jarhodes314 Awaiting requested review from jarhodes314 jarhodes314 is a code owner

Assignees
No one assigned
Labels
bug Something isn't working theme:certificates Theme: Device certificate topics theme:cli Theme: cli related topics
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@didier-wenzek @reubenmiller @rina23q