search

OctopusSolutionsEngineering / OctopusTerraformExport

Apache License 2.0
8 stars 2 forks source link

Error when exporting certificates with chains #9

Closed riallatar closed 11 months ago

riallatar commented 11 months ago

Octopus version

2023.2 (Build 13151)

Octoterra version

0.1.823

What happened

We are receiving an error during export with some certificates which seems to be related to the certificate chain. I'm not entirely sure if this is all certs of this type. We were able to work around this by exporting and reimporting the certificate without the chain, but we need the chain to be present in Octopus in order for applications to trust deployments with these certificates.

error json: cannot unmarshal object into Go struct field Certificate.CertificateChain of type string

Octoterra log output

error   {
  "Id": "Certificates-22",
  "Name": "DOMAIN CA Wildcard",
  "Notes": "",
  "CertificateData": {
    "HasValue": true,
    "NewValue": null,
    "Hint": null
  },
  "Password": {
    "HasValue": true,
    "NewValue": null,
    "Hint": null
  },
  "EnvironmentIds": [],
  "TenantedDeploymentParticipation": "TenantedOrUntenanted",
  "TenantIds": [
    "Tenants-1",
    "Tenants-10",
    "Tenants-11",
    "Tenants-12",
    "Tenants-3",
    "Tenants-4",
    "Tenants-5",
    "Tenants-6",
    "Tenants-7",
    "Tenants-8",
    "Tenants-9"
  ],
  "TenantTags": [],
  "CertificateDataFormat": "Pkcs12",
  "Archived": "2023-08-25T14:35:04.000-04:00",
  "ReplacedBy": null,
  "SubjectDistinguishedName": "CN=*.DOMAIN.com",
  "SubjectCommonName": "*.DOMAIN.com",
  "SubjectOrganization": null,
  "IssuerDistinguishedName": "CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\\, Inc.,L=Scottsdale,ST=Arizona,C=US",
  "IssuerCommonName": "Starfield Secure Certificate Authority - G2",
  "IssuerOrganization": "Starfield Technologies, Inc.",
  "SelfSigned": false,
  "Thumbprint": "THUMBPRINT",
  "NotAfter": "2024-07-27T06:40:52.000-04:00",
  "NotBefore": "2023-06-26T06:40:52.000-04:00",
  "IsExpired": false,
  "HasPrivateKey": true,
  "Version": 3,
  "SerialNumber": "SERIALNUMBER",
  "SignatureAlgorithmName": "SHA-256withRSA",
  "SubjectAlternativeNames": [
    "DNS Name=*.DOMAIN.com",
    "DNS Name=DOMAIN.com"
  ],
  "CertificateChain": [
    {
      "SubjectDistinguishedName": "CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\\, Inc.,L=Scottsdale,ST=Arizona,C=US",
      "IssuerDistinguishedName": "CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\\, Inc.,L=Scottsdale,ST=Arizona,C=US",
      "Thumbprint": "STARFIELDTHUMBPRINT",
      "NotAfter": "2031-05-03T03:00:00.000-04:00",
      "NotBefore": "2011-05-03T03:00:00.000-04:00",
      "Version": 3,
      "SerialNumber": "07",
      "SignatureAlgorithmName": "SHA-256withRSA"
    },
    {
      "SubjectDistinguishedName": "CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\\, Inc.,L=Scottsdale,ST=Arizona,C=US",
      "IssuerDistinguishedName": "CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\\, Inc.,L=Scottsdale,ST=Arizona,C=US",
      "Thumbprint": "STARFIELDTHUMBPRINT",
      "NotAfter": "2037-12-31T18:59:59.000-05:00",
      "NotBefore": "2009-08-31T20:00:00.000-04:00",
      "Version": 3,
      "SerialNumber": "00",
      "SignatureAlgorithmName": "SHA-256withRSA"
    }
  ],
  "SpaceId": "Spaces-1",
  "Links": {
    "Self": "/api/Spaces-1/certificates/Certificates-22",
    "Export": "/api/Spaces-1/certificates/Certificates-22/export{?format,password,includePrivateKey,pemOptions}",
    "Archive": "/api/Spaces-1/certificates/Certificates-22/archive",
    "Unarchive": "/api/Spaces-1/certificates/Certificates-22/unarchive",
    "Usages": "/api/Spaces-1/certificates/Certificates-22/usages",
    "Replace": "/api/Spaces-1/certificates/Certificates-22/replace"
  }
}

Reproduction steps

Run the tool on an octopus instance with a certificate with an embedded chain.

More Information

No response

mcasperson commented 11 months ago

The issue here was the model used to deserialize certificates did not have the correct structure for certificate chains, and was trying to push them into a string.

mcasperson commented 11 months ago

This is fixed in version 0.1.829