Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update zarf-managed secrets in all namespaces on a reinit #1898

Merged
merged 61 commits into from
Aug 15, 2023

Conversation

Racer159
Copy link
Contributor

Description

This updates the secret handling logic to update image pull secrets and git pull secrets in the event of a reinit.

Related Issue

Relates to #1715

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Checklist before merging

@netlify
Copy link

netlify bot commented Jul 11, 2023

Deploy Preview for zarf-docs canceled.

Name Link
🔨 Latest commit b614805
🔍 Latest deploy log https://app.netlify.com/sites/zarf-docs/deploys/64dbee813c2a530008a190c6

@Racer159 Racer159 added the needs-tests PR Label - Tests required to merge label Jul 11, 2023
@Racer159
Copy link
Contributor Author

Racer159 commented Jul 11, 2023

TODO:

  • - Implement the cred roll functionality in another command (not init)
  • - Check both agent ignore and zarf managed by labels
  • - Implement tests that test a re-init secret change scenario
  • - Change podAffinity to podAntiAffinity when RWX is the access mode for the registry
  • - Add access mode as an option to Gitea as well
  • - Add a test for the new command
  • - Refactor the new command into helpers to make it easier to read / maintain
  • - Fix --no-progress for tools commands
  • - Fix CodeQL

@Racer159 Racer159 requested a review from Madeline-UX as a code owner July 13, 2023 22:54
fmt.Println(state.LoggingSecret)
case GitKey:
Notef("Git Server push password (username: %s):", state.GitServer.PushUsername)
fmt.Println(state.GitServer.PushPassword)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data returned by an access to PushPassword](1) flows to a logging call.
fmt.Println(state.GitServer.PushPassword)
case GitReadKey:
Notef("Git Server (read-only) password (username: %s):", state.GitServer.PullUsername)
fmt.Println(state.GitServer.PullPassword)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data returned by an access to PullPassword](1) flows to a logging call.
fmt.Println(state.ArtifactServer.PushToken)
case RegistryKey:
Notef("Image Registry password (username: %s):", state.RegistryInfo.PushUsername)
fmt.Println(state.RegistryInfo.PushPassword)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data returned by an access to PushPassword](1) flows to a logging call.
fmt.Println(state.RegistryInfo.PushPassword)
case RegistryReadKey:
Notef("Image Registry (read-only) password (username: %s):", state.RegistryInfo.PullUsername)
fmt.Println(state.RegistryInfo.PullPassword)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data returned by an access to PullPassword](1) flows to a logging call.
@Racer159 Racer159 requested review from mike-winberry and a team as code owners August 10, 2023 18:01
cmwylie19
cmwylie19 previously approved these changes Aug 11, 2023
Copy link
Contributor

@cmwylie19 cmwylie19 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

docs/2-the-zarf-cli/100-cli-commands/zarf_init.md Outdated Show resolved Hide resolved
src/cmd/common/viper.go Outdated Show resolved Hide resolved
src/cmd/common/viper.go Outdated Show resolved Hide resolved
src/cmd/initialize.go Outdated Show resolved Hide resolved
src/cmd/package.go Outdated Show resolved Hide resolved
Co-authored-by: razzle <harry@razzle.cloud>
Copy link
Contributor

@cmwylie19 cmwylie19 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@Racer159 Racer159 requested a review from Noxsios August 15, 2023 22:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants