-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support user-provided client certs for Vault #578
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
atye
requested review from
abhi16394,
mbasha-dell,
alikdell,
bharathsreekanth,
chimanjain,
coulof,
Deepak-Ghivari,
gallacher,
HarishH-DELL,
JacobGros,
jooseppi-luna,
karthikk92,
kumarkgosa,
bandak2,
mjsdell,
nitesh3108,
Prabhu-Dell,
rajendraindukuri,
rajkumar-palani,
shefali-malhotra and
panigs7
as code owners
May 30, 2024 16:29
atye
requested review from
tdawe,
shaynafinocchiaro,
sharmilarama and
shanmydell
as code owners
May 30, 2024 16:29
alikdell
approved these changes
Jun 3, 2024
shaynafinocchiaro
approved these changes
Jun 3, 2024
EvgenyUglov
reviewed
Jun 3, 2024
EvgenyUglov
added a commit
that referenced
this pull request
Jun 25, 2024
* Support OpenShifts ingress controller in Authorization (#554) * refactor CR and add support for certs, annotations, and ocp for ingress * update types * update ingress and cert yamls for all versions * update controller-gen version and crds * fix yaml formatting errors * create ingress dynamically * create self signed certificates dynamically * encode custom tls cert * update CRs for e2e tests * add unit tests and update versioning to v2.0.0-alpha * update csm controller test * fix formatting, linting, and unit tests * fix linting * fix wording in CR * fix CRs * PR edits * fix formatting * Support Multiple Replicas for Redis deployment in Authorization (#553) * Changes for Auth * add new changes as per helm * Updating CRDs * Resolving yaml errors * Resolving script issues and removing hardcoded values * Empty Config Map * Values changes * Resolving formatting issues * Resolving formatting checks * Resolving rebase issues * Getting the sentinel values dynamically * Addressed review comments * Changes from v1.1.10 to v2.0.0-alpha * Resolving Unit test errors * Removing Hardcoded values * Addressing review comments * Adding Vault as separate component * Moving the ConfigMap * Moving ConfigMap t0 v2.0.0-alpha * Remving extra newline * [KRV-17784] Auth CRD support (#556) * [KRV-17784] Add auth crds and new version * [KRV-17784] Fix version in tests * [KRV-17784] Unit test * [KRV-17784] Fix comment * [KRV-17784] Fix PR comments * [KRV-17784] Fix PR comments * Adding Vault Role for Authorization (#560) * Add Vault Role * Updating test files * Adressing review comments * Update the deployment with Controller for Authorization (#563) * Adding deployment for controller * Using Controller image dynamically * Addressing review comments * Addressing review comments - Making replicas configurable * Addressing review comments & making namespace configurable * Remove Karavi Storage Secret for v2 (#567) * remove storage secret * remove print * update tls name * add rediscommander password and username (#570) * Add storage cluster roles (#568) * Fix cert-manager deployment, go mod updates (#571) * Add authorization snapshot policies (#573) * [KRV-17785] Auth CRD e2e (#572) * [KRV-17785] Auth CRD e2e * [KRV-17785] Update go mod * Added sentinel retry logic (#576) * file changes for proxy server certificate (#577) * Update lease permissions for authorization-controller (#580) * Support user-provided client certs for Vault (#578) * start vault user certs * updates * add cert authority * fix deployment * remove storage-service from all deployments * add certs to sample * support v1 * remove vault cert manifests * remove todo * fix formatting * fix crd deploy check * add test for v1 * add tests * add fail test * bad vautl ca * add more error tests * add test for ingress certs * add openshift test * add type meta to v1 * refactor storage service deployment * refactor self-signed cert * fix sentinel timeout (#586) * Remove OpenShift parameter from config and discover it on runtime (#589) * Programatically detect ocp cluster env for ingress configuration * Add storage poll interval * add yaml files changes from make manifests * change error return to warning log * PR edits --------- Co-authored-by: Kerry_Kovacevic <Kerry.Kovacevic@Dell.com> * [KRV-24554] Auth proxy e2e (#595) * [KRV-17785] Auth CRD e2e * [KRV-17785] Update go mod * [KRV-24554] Fix proxy e2e test * [KRV-24554] Add auth CRDs step to the scenarios * [KRV-24554] Remove array data from test files * Sentinel fix, remove hardcoded sentinel svc port, fix operator deploy… (#597) * Sentinel fix, remove hardcoded sentinel svc port, fix operator deployment * Add configurable controller reconcile interval (#598) * Add configurable controller reconcile interval * Update test yamls * fix linting check * fix linting * [KRV-25132] Auth CR changes * update files for new CR format for auth * [KRV-25132] Default images * pr review changes * [KRV-25132] Fix e2e scenarios --------- Co-authored-by: shaynafinocchiaro <shayna_finocchiaro@dell.com> Co-authored-by: Harshita Pandey <88329939+harshitap26@users.noreply.github.com> Co-authored-by: EvgenyUglov <63835199+EvgenyUglov@users.noreply.github.com> Co-authored-by: Aaron Tye <tyeaaron@gmail.com> Co-authored-by: Luna Xu <10015938+xuluna@users.noreply.github.com> Co-authored-by: Fernando Alfaro Campos <falfarocampos@outlook.com> Co-authored-by: Bharath Sreekanth <93715158+bharathsreekanth@users.noreply.github.com> Co-authored-by: Trevor Dawe <trevor.dawe@dell.com> Co-authored-by: Kerry_Kovacevic <Kerry.Kovacevic@Dell.com> Co-authored-by: Evgeny Uglov <evgeny.uglov@dell.com>
ChristianAtDell
added a commit
that referenced
this pull request
Oct 15, 2024
* Support OpenShifts ingress controller in Authorization (#554) * refactor CR and add support for certs, annotations, and ocp for ingress * update types * update ingress and cert yamls for all versions * update controller-gen version and crds * fix yaml formatting errors * create ingress dynamically * create self signed certificates dynamically * encode custom tls cert * update CRs for e2e tests * add unit tests and update versioning to v2.0.0-alpha * update csm controller test * fix formatting, linting, and unit tests * fix linting * fix wording in CR * fix CRs * PR edits * fix formatting * Support Multiple Replicas for Redis deployment in Authorization (#553) * Changes for Auth * add new changes as per helm * Updating CRDs * Resolving yaml errors * Resolving script issues and removing hardcoded values * Empty Config Map * Values changes * Resolving formatting issues * Resolving formatting checks * Resolving rebase issues * Getting the sentinel values dynamically * Addressed review comments * Changes from v1.1.10 to v2.0.0-alpha * Resolving Unit test errors * Removing Hardcoded values * Addressing review comments * Adding Vault as separate component * Moving the ConfigMap * Moving ConfigMap t0 v2.0.0-alpha * Remving extra newline * [KRV-17784] Auth CRD support (#556) * [KRV-17784] Add auth crds and new version * [KRV-17784] Fix version in tests * [KRV-17784] Unit test * [KRV-17784] Fix comment * [KRV-17784] Fix PR comments * [KRV-17784] Fix PR comments * Adding Vault Role for Authorization (#560) * Add Vault Role * Updating test files * Adressing review comments * Update the deployment with Controller for Authorization (#563) * Adding deployment for controller * Using Controller image dynamically * Addressing review comments * Addressing review comments - Making replicas configurable * Addressing review comments & making namespace configurable * Remove Karavi Storage Secret for v2 (#567) * remove storage secret * remove print * update tls name * add rediscommander password and username (#570) * Add storage cluster roles (#568) * Fix cert-manager deployment, go mod updates (#571) * Add authorization snapshot policies (#573) * [KRV-17785] Auth CRD e2e (#572) * [KRV-17785] Auth CRD e2e * [KRV-17785] Update go mod * Added sentinel retry logic (#576) * file changes for proxy server certificate (#577) * Update lease permissions for authorization-controller (#580) * Support user-provided client certs for Vault (#578) * start vault user certs * updates * add cert authority * fix deployment * remove storage-service from all deployments * add certs to sample * support v1 * remove vault cert manifests * remove todo * fix formatting * fix crd deploy check * add test for v1 * add tests * add fail test * bad vautl ca * add more error tests * add test for ingress certs * add openshift test * add type meta to v1 * refactor storage service deployment * refactor self-signed cert * fix sentinel timeout (#586) * Remove OpenShift parameter from config and discover it on runtime (#589) * Programatically detect ocp cluster env for ingress configuration * Add storage poll interval * add yaml files changes from make manifests * change error return to warning log * PR edits --------- Co-authored-by: Kerry_Kovacevic <Kerry.Kovacevic@Dell.com> * [KRV-24554] Auth proxy e2e (#595) * [KRV-17785] Auth CRD e2e * [KRV-17785] Update go mod * [KRV-24554] Fix proxy e2e test * [KRV-24554] Add auth CRDs step to the scenarios * [KRV-24554] Remove array data from test files * Sentinel fix, remove hardcoded sentinel svc port, fix operator deploy… (#597) * Sentinel fix, remove hardcoded sentinel svc port, fix operator deployment * Add configurable controller reconcile interval (#598) * Add configurable controller reconcile interval * Update test yamls * fix linting check * fix linting * [KRV-25132] Auth CR changes * update files for new CR format for auth * [KRV-25132] Default images * pr review changes * [KRV-25132] Fix e2e scenarios --------- Co-authored-by: shaynafinocchiaro <shayna_finocchiaro@dell.com> Co-authored-by: Harshita Pandey <88329939+harshitap26@users.noreply.github.com> Co-authored-by: EvgenyUglov <63835199+EvgenyUglov@users.noreply.github.com> Co-authored-by: Aaron Tye <tyeaaron@gmail.com> Co-authored-by: Luna Xu <10015938+xuluna@users.noreply.github.com> Co-authored-by: Fernando Alfaro Campos <falfarocampos@outlook.com> Co-authored-by: Bharath Sreekanth <93715158+bharathsreekanth@users.noreply.github.com> Co-authored-by: Trevor Dawe <trevor.dawe@dell.com> Co-authored-by: Kerry_Kovacevic <Kerry.Kovacevic@Dell.com> Co-authored-by: Evgeny Uglov <evgeny.uglov@dell.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
GitHub Issues
List the GitHub issues impacted by this PR:
Checklist:
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration
New unit tests covering v1 and v2 flow and passing in vault client certificates.
Manual installation of v2 with self-signed certs for Vault and user-proved certs to validate the Vault server. Manual installation of v1.