Closed izgeri closed 5 years ago
Just noting that when this issue was initially created, the issue wasn't that the ruby health check was passing and summon couldn't connect. There was a miscommunication and the ruby health check was never passing.
@izgeri Do we still need this given Micah's update? Sounds like the Ruby and Golang APIs are more likely to be in accord.
@micahlee what do you think? If I understand correctly, there still could be slight differences in how the two languages parse certificates - is this correct?
Correct, I don't recall or know the concrete details, but I did encounter a situation before when a certificate that was parseable by the Ruby OpenSSL X509 libraries threw an error when trying to load it with the golang equivalent.
I only saw it once, and it's possible it was a user error on my part. I don't know if it's a high risk, but it could be detected readily enough during the health check.
Currently the health check validates that the service broker is able to successfully authenticate with Conjur via the Ruby API, but the buildpack relies on the Go API to authenticate with Conjur and there are some minor differences in the upstream libraries that parse certificates, etc. The service broker should have a
buildpack-health-check.go
script that runs instart-service-broker.sh
and validates that the Go API will be able to successfully communicate with Conjur as well.