Learn more about these different git repos.
Other Git URLs
Hi developers, We use ssl for authentication with koji. But when an user call koji add-notification --tag=foo and then koji list-notifications --mine the wrong email address is used. The mail address is build from the CN name of the certificate instant of the SAN attribute email. For example: "Jon doe@foo.foo" instant of "jonTheDoe@foo2.doo" from the SAN attribute email. This will result in an invalid mail address.
koji add-notification --tag=foo
koji list-notifications --mine
It is configurable. You can set DNUsernameComponent in kojihub conf. Default value is CN. E-mail itself is then combination of this value and configured domain from EmailDomain. So, we're not storing e-mail anywhere, it is always constructed. Adding separate e-mail is probably not something we want to do.
DNUsernameComponent
CN
EmailDomain
Metadata Update from @tkopecek: - Custom field Size adjusted to None
But when the filed is changed to something other then CN, then the web and build server can't authenticate to the hub, because only the certificates of the human users will have the SAN email filed. The certificates of the servers will only have the fqdn in the CN filed.
Metadata Update from @tkopecek: - Issue set to the milestone: 1.30
EmailDomain is used for creating notifications. Certificate is not used here at all (I don't know what I've read heare year ago). It simply <username>@<EmailDomain>. Is it ok to use this, or do you want to have different addresses based on their certs (which is bigger change)?
<username>@<EmailDomain>
The user name is not the same as the local part of the san mail address field. In the current case the user name is "Jon doe" but this is an invalid local part.
Hmm, I finally got it. Problem is that we see certificate only in sslLogin call and it is not available in other calls. So, we would need to store full email somewhere (user table) to be able to use it in different calls (it can't be even part of the session as notifications for build owner are not created this way). Such addresses could be inserted on first login. Anyway, some API would be needed to allow user to change it (not only admin via editUser extension).
sslLogin
editUser
Simpler option is to add email parameter for createNotification. It would leave it on user to put correct address there, but will still miss automatic recipients.
createNotification
@mikem ?
Metadata Update from @tkopecek: - Issue set to the milestone: 1.31 (was: 1.30)
Metadata Update from @tkopecek: - Issue set to the milestone: None (was: 1.31)
Login to comment on this ticket.