Azure-sdk-for-js: Setting certificate properties on import requires an issuer
In track 2 setting certificate properties via CertificatePolicy requires passing an issuer, when in track 1 that was not required.
To support import, define a default constructor but leave Issuer, Subject, and SubjectAlternativeNames read-only properties. The parameters in existing constructors should also continue to be asserted. issuer is optional during import, and subject is ignored - obtained from the X509 certificate anyway. We could also loosen restrictions in the future if needs be.
To note: if we did loosen restrictions later and allowed subject or SAN to be null, the service does return a pretty descriptive error that would help customers diagnose the issue:
{
"error": {
"code": "BadParameter",
"message": "Either subjectName or san must be present"
}
}
heaths
All 4 comments
@heaths Are we sure we need this in the current milestone which ends tomorrow?
ramya-rao-a
on 4 Feb 2021
I noted in our Teams channel I was merely adding it in this milestone if it could be done (should be small), but punting it to March is perfectly fine.
heaths
on 4 Feb 2021
Summarizing our conversation:
In TS land the scenario is a bit different:
- Issuer is already optional
- We do require either subject or SAN
To support import we need to provide a different type that allows users to omit all three when importing a certificate.
- Create: Issuer + (SAN | Subject)
- Import: everything optional
I _think_ we already GA'd with optional issuer so all we can do now is loosen restrictions on (SAN | Subject) when importing to support this scenario.
maorleger
on 17 Feb 2021
@maorleger that sounds good to me!
sadasant
on 17 Feb 2021
Related issues
nguerrera
路
3Comments
mitchdenny
路
4Comments
gmantri
路
3Comments
epomatti
路
4Comments
IDONTSUDO
路
4Comments