Change from legacy slash DN format to current comma DN format?

GOCDB / gocdb

Grid Operations Configuration Management Database. A Repository, Portal and REST style API for managing Grid and Cloud topology objects including; projects, administrative domains, sites, services, service-endpoints, service-groups, downtimes, users, roles and business rules.

Apache License 2.0

12 stars 27 forks source link

Change from legacy slash DN format to current comma DN format? #308

Open tofu-rocketry opened 2 years ago

tofu-rocketry commented 2 years ago

The slash separated DN format is quite old now and produces inconsistent results with some tools (e.g. OpenSSL, depending on version). Comma separated seems to be the way to go for future compatibility.

This will need coordination with any services that make use of the DN fields (e.g. APEL).

gregcorbett commented 2 years ago

There's probably two issues here: Supporting RFC4514 style (i.e. comma separated) for a services HOST_DN field and supporting them for user identity strings.

I think the first question for both is what approach we take to transitioning from slash to comma:

Big Bang, we iterated through each user and service and comma-fy the DN. Feels error and edge case prone, and goes against service/infrastructure operators managing their own info.
Piecemeal, as users login or services get edited we enforce the comma syntax. Would require more coordination / overlap time.

GRyall commented 2 years ago

Seems like something worth consulting the community about

tofu-rocketry commented 2 years ago

Seems like something worth consulting the community about

Yeah, it might need a community-wide coordinated change as the slash-separated format does seem to persist in other grid places.