Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDH | Add Aliyun STS Token support for KMS #591

Merged
merged 3 commits into from
Jul 4, 2024
Merged

CDH | Add Aliyun STS Token support for KMS #591

merged 3 commits into from
Jul 4, 2024

Conversation

Xynnn007
Copy link
Member

1570005763
1570005763 reviewed Jun 18, 2024
View reviewed changes
Copy link
Contributor

@1570005763 1570005763 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work. Just curious, given that STS token is often a short-lived access credential, in what scenarios will 'sts_token_client' be used?

@Xynnn007
Copy link
Member Author

Yes. This is used in some scenarios where aliyun KMS will only be used at the launch time. In this scene a short-term token is enough.

1570005763
1570005763 suggested changes Jun 19, 2024
View reviewed changes
Copy link
Contributor

@1570005763 1570005763 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Once all checks have been passed, it can be merged.

@Xynnn007 Xynnn007 force-pushed the kms-aliyun-sts branch 3 times, most recently from 351c4c4 to 156fad0 Compare June 20, 2024 09:54
@Xynnn007
Copy link
Member Author

@1570005763 Yea. Also a commit to make aliyun kms suites statically built-able.

@Xynnn007
cdh/KMS: add support for aliyun STS token client
8c02f21 
This patch will add STS token support for aliyun KMS client. The part of
STS token code is also be reused by ecs_ram_role client. Also does some
refactoring work upon the code.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
@Xynnn007
lint: fix lint
64e1735 
Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
@Xynnn007
cdh/kms: get rid of openssl for aliyun kms plugin
b26d7eb 
Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
@Xynnn007 Xynnn007 marked this pull request as ready for review June 20, 2024 14:31
@Xynnn007 Xynnn007 requested a review from sameo as a code owner June 20, 2024 14:31
1570005763
1570005763 approved these changes Jun 21, 2024
View reviewed changes
Copy link
Contributor

@1570005763 1570005763 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Xynnn007 Xynnn007 mentioned this pull request Jun 24, 2024
Merged
@jialez0 jialez0 merged commit 4caee2f into confidential-containers:main Jul 4, 2024
15 checks passed
@Xynnn007 Xynnn007 deleted the kms-aliyun-sts branch July 4, 2024 03:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@1570005763 1570005763 1570005763 approved these changes

@jialez0 jialez0 jialez0 approved these changes

@sameo sameo Awaiting requested review from sameo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Xynnn007 @1570005763 @jialez0