Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

root: redis, make sure tlscacert isn't an empty string #12407

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ilpianista
Copy link

Details

I'm provisioning Authentik via the Helm chart and I want to use Redis over TLS without CA validation:

authentik:
  redis:
    host: master.XYZ.euw1.cache.amazonaws.com
    tls: true
    tls_reqs: none

However, it's failing with:

"error":"open : no such file or directory","event":"Failed to append  to RootCAs

It looks like it got an empty string as tls ca cert and it tries to append that empty string to the rootcas. I think you can avoid that by ensuring the tls ca cert isn't an empty string.


Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@ilpianista ilpianista requested a review from a team as a code owner December 19, 2024 08:04
Copy link

netlify bot commented Dec 19, 2024

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit 9b1639a
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/6763d399701dd50008e0ec4a

Copy link

netlify bot commented Dec 19, 2024

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 9b1639a
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/6763d399a76c1900083a3edc

@rissson
Copy link
Member

rissson commented Dec 19, 2024

Just tried this out, and indeed TLSCaCert is filled with an empty string instead of being nil. I'd rather find out why that happens instead of changing how we do the comparison. Otherwise, we can change the type to string instead of *string and compare to empty string.

@BeryJu thoughts?

@ilpianista
Copy link
Author

I'd rather find out why that happens instead of changing how we do the comparison.

I suspect this is caused by the overwrite field info when the env var isn't set.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants