Skip to content
This repository was archived by the owner on Jul 11, 2023. It is now read-only.

feat(certs): get Vault token from Secret #4753

Merged
merged 3 commits into from
Jun 28, 2022
Merged

feat(certs): get Vault token from Secret #4753

merged 3 commits into from
Jun 28, 2022

Conversation

jaellio
Copy link
Contributor

@jaellio jaellio commented May 20, 2022

Description:

If the Vault token option is not set, the token will be obtained
from the secret referenced in the SecretKeyRef. Currently, the
Vault token must still be set as an option if Vault is the cert
provider. In a subsequent change, all cert provider flags will be
removed from the osm-bootstrap, osm-controller, and osm-injector.
These values will instead be obtained from the MRC created by the
osm-bootstrap and populated using the preset-mesh-root-certificate.

Testing done:

  • CI

Affected area:

Functional Area
New Functionality [x]
Certificate Management [x]

Please answer the following questions with yes/no.

  1. Does this change contain code from or inspired by another project? No

    • Did you notify the maintainers and provide attribution?

  2. Is this a breaking change? No

  3. Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)? No

@codecov-commenter
Copy link

Codecov Report

Merging #4753 (55da548) into main (0af42df) will decrease coverage by 0.22%.
The diff coverage is 82.60%.

@@            Coverage Diff             @@
##             main    #4753      +/-   ##
==========================================
- Coverage   69.08%   68.86%   -0.23%     
==========================================
  Files         227      227              
  Lines       16311    16442     +131     
==========================================
+ Hits        11269    11322      +53     
- Misses       4990     5068      +78     
  Partials       52       52
Flag Coverage Δ
unittests 68.86% <82.60%> (-0.23%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/certificate/providers/types.go 0.00% <ø> (ø)
pkg/certificate/providers/config.go 82.94% <80.00%> (-0.84%) ⬇️
pkg/certificate/providers/options.go 100.00% <100.00%> (ø)
pkg/cli/verifier/pod.go 52.55% <0.00%> (-27.04%) ⬇️
pkg/cli/verifier/control_plane.go 39.58% <0.00%> (-21.53%) ⬇️
cmd/cli/util.go 65.90% <0.00%> (ø)
cmd/cli/version.go 42.47% <0.00%> (ø)
pkg/cli/proxy_get.go 0.00% <0.00%> (ø)
pkg/injector/webhook.go 88.37% <0.00%> (ø)
pkg/validator/server.go 78.62% <0.00%> (ø)
... and 7 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0af42df...55da548. Read the comment docs.

@jaellio jaellio force-pushed the getVaultTokenSecret branch from 55da548 to 3ec9a72 Compare May 28, 2022 00:09
@jaellio jaellio marked this pull request as ready for review May 28, 2022 00:12
@jaellio jaellio marked this pull request as draft May 31, 2022 15:18
@jaellio jaellio force-pushed the getVaultTokenSecret branch from 3ec9a72 to 5faff82 Compare May 31, 2022 15:21
@jaellio jaellio marked this pull request as ready for review May 31, 2022 18:29
nojnhuh
nojnhuh reviewed May 31, 2022
View reviewed changes
shashankram
shashankram approved these changes Jun 21, 2022
View reviewed changes
jaellio added 2 commits June 27, 2022 13:47
@jaellio
feat(certs): get Vault token from Secret
de676d8 
If the Vault token option is not set, the token will be obtained
from the secret referenced in the SecretKeyRef. Currently, the
Vault token must still be set as an option if Vault is the cert
provider. In a subsquent change, all cert provider flags will be
removed from the osm-bootstrap, osm-controller, and osm-injector.
These values will instead be obtained from the MRC created by the
osm-bootstrap and populated using the preset-mesh-root-certificate

Signed-off-by: jaellio <jaellio@microsoft.com>
@jaellio
Update tests and logs based on PR feedback
ddecbe3 
Signed-off-by: jaellio <jaellio@microsoft.com>
@jaellio jaellio force-pushed the getVaultTokenSecret branch from 22c3a48 to 9c57a33 Compare June 28, 2022 00:40
@jaellio
Update tests after rebase/ PR feedback
1fba496 
Signed-off-by: jaellio <jaellio@microsoft.com>
@jaellio jaellio force-pushed the getVaultTokenSecret branch from 9c57a33 to 1fba496 Compare June 28, 2022 00:50
@jaellio jaellio merged commit baff85f into openservicemesh:main Jun 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@snehachhabria snehachhabria Awaiting requested review from snehachhabria

@draychev draychev Awaiting requested review from draychev

@trstringer trstringer Awaiting requested review from trstringer

4 more reviewers

@keithmattix keithmattix keithmattix approved these changes

@nojnhuh nojnhuh nojnhuh approved these changes

@shashankram shashankram shashankram approved these changes

@shalier shalier shalier approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jaellio @codecov-commenter @keithmattix @nojnhuh @shashankram @shalier