Implement known_keys_file support for PubKey authentication#2211
Implement known_keys_file support for PubKey authentication#2211WaterWhisperer wants to merge 1 commit into
Conversation
|
PR missing one of the required labels: {'internal', 'api-sync', 'bug', 'documentation', 'dependencies', 'breaking-change', 'new feature', 'ci', 'enhancement'} |
|
@fuzzypixelz Hi maintainers — I'm a first-time contributor and don't have permission to add labels. The workflow failed because required labels are missing. Could someone please add the appropriate label(s) to this PR so CI can pass? Thank you! |
There was a problem hiding this comment.
Pull request overview
This PR adds support for the transport/auth/pubkey/known_keys_file configuration option in the unicast transport PubKey authenticator, addressing the prior TODO/ignored configuration noted in issue #1339.
Changes:
- Loads RSA public keys from
known_keys_fileand uses them to populate the PubKey authenticator lookup set. - Refactors
AuthPubKey::from_configto be async to support async file I/O. - Updates the auth extension config initialization to await PubKey config loading.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| io/zenoh-transport/src/unicast/establishment/ext/auth/pubkey.rs | Makes from_config async and implements parsing/loading of known_keys_file into the PubKey lookup set. |
| io/zenoh-transport/src/unicast/establishment/ext/auth/mod.rs | Awaits the PubKey authenticator initialization to accommodate the new async from_config. |
Comments suppressed due to low confidence (1)
io/zenoh-transport/src/unicast/establishment/ext/auth/mod.rs:72
- The PR description includes a bug-fix checklist (root cause + regression test), but it isn’t completed and there’s no new test referenced/added for
transport/auth/pubkey/known_keys_file. Please document the root cause in the PR description and add a regression test that fails on main and passes with this change (e.g., a config-based test that verifies a connection is accepted/rejected according to the loaded known keys).
impl Auth {
pub(crate) async fn from_config(config: &Config) -> ZResult<Self> {
let auth = config.transport().auth();
Ok(Self {
#[cfg(feature = "auth_pubkey")]
pubkey: AuthPubKey::from_config(auth.pubkey())
.await?
.map(RwLock::new),
#[cfg(feature = "auth_usrpwd")]
usrpwd: AuthUsrPwd::from_config(auth.usrpwd())
.await?
.map(RwLock::new),
})
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@WaterWhisperer Thanks for your contribution :) After identifying multiple issues with the implementation, @milyin and @oteffahi are discussing and improving your patch in #2590, please feel free to add a review there. And if you approve those changes we can close this pull request and move all discussion there. Note that your commit is of course preserved in @milyin's branch and I can see that you already signed the ECA so it may be merged with no issue. |
Thanks, of course no problem. |
Description
Implements support for the
transport/auth/pubkey/known_keys_fileconfiguration option, which was previously ignored (marked with a TODO comment).fixes: #1339
🏷️ Label-Based Checklist
Based on the labels applied to this PR, please complete these additional requirements:
Labels:
bug🐛 Bug Fix Requirements
Since this PR is labeled as a bug fix, please ensure:
Why this matters: Bugs without tests often reoccur.
Instructions:
- [ ]to- [x])This checklist updates automatically when labels change, but preserves your checked boxes.