fix: share frontend development certificates#3077
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughThe local TLS setup now uses a configurable shared certificate directory, defaults to ChangesLocal TLS certificate flow
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: petersutter The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
LGTM label has been added. DetailsGit tree hash: 512e6b7b63e49391b42a6d4e9771d9baded59631 |
How to categorize this PR?
/area dev-productivity
/kind bug
/label crypto
What this PR does / why we need it:
Frontend development certificates are currently stored inside each repository checkout. Each checkout therefore generates a different CA with the same name and replaces the trusted macOS keychain entry, potentially invalidating certificates from other local Dashboard repositories.
This change stores the certificates under
${HOME}/.gardener/dashboard/ssl, allows overriding the directory withGARDENER_DASHBOARD_SSL_DIR, and restricts access to the directory and private keys.Which issue(s) this PR fixes:
None.
Special notes for your reviewer:
Validated with
make verifyand targeted certificate-chain, SAN, permissions, and Vite-loading checks. Developers need to runyarn setuponce to populate the shared directory.Release note:
Summary by CodeRabbit
Documentation
Bug Fixes