Don't duplicate user-provided Enterprise Search encryption keys when reusing them #4052
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit fixes a bug in the operator when users provide their own encryption keys. When we retrieved existing encryption keys (to ensure we don't generate a new one), we retrieved *all of them* including user-provided ones. We then merge the user-provided configuration, which also includes user-provided encryption keys. So everytime we reconcile the configuration, we duplicate the user-provided encryption keys into the reconciled config secret. Because this secret changes, all Pods get rotated automatically. This results in a never-ending config update (growing forever) and pod rotation. This commit fixes it by ensuring the operator always manages the first encryption key. This first key is the only one that gets reused. User-provided keys are then appended to the list of keys. This allows the following use case: - deploy ent search with no encryption key: you get a generated one - add your own custom encryption keys: it is appended to the array after the generated one. Transition is smooth. If we were to replace the generated one in that case, Enterprise Search would not be able to decrypt data.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit fixes a bug in the operator when users provide their own
encryption keys.
When we retrieved existing encryption keys (to ensure we don't generate a new
one), we retrieved all of them including user-provided ones.
We then merge the user-provided configuration, which also includes user-provided
encryption keys. So everytime we reconcile the configuration, we duplicate
the user-provided encryption keys into the reconciled config secret. Because this
secret changes, all Pods get rotated automatically.
This results in a never-ending config update (growing forever) and pod rotation.
This commit fixes it by ensuring the operator always manages the first encryption key.
This first key is the only one that gets reused. User-provided keys are then appended
to the list of keys.
This allows the following use case:
the generated one. Transition is smooth. If we were to replace the generated
one in that case, Enterprise Search would not be able to decrypt data.
Fixes #4051.