Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: K8 operator authentication methods #1954

Merged
merged 31 commits into from
Jun 13, 2024
Merged

Feat: K8 operator authentication methods #1954

merged 31 commits into from
Jun 13, 2024

Conversation

DanielHougaard
Copy link
Collaborator

Description 📣

This PR adds support for all current Machine Identity authentication methods. We're also introducing some smaller structural changes to make the code scale with the new authentication methods. The authentication is primarily handled by our new official Go SDK. In the operator itself we've added a new method for deciding which auth strategy to use based on the users InfisicalSecret configuration.

Some smaller changes and remarks:

  1. We're now using the Go SDK to fetch secrets when a Machine Identity auth method is being used.
  2. We're now manually computing the E Tag on client-side as the Go Lang SDK doesn't have support for this (intentionally)
  3. The same function is used for all secrets fetching when the authentication method is of Machine Identity type. When we eventually deprecate service tokens & service account's, we can fully depend on a single function for secret fetching, regardless of the authentication method used.

Type ✨

  • Bug fix
  • New feature
  • Breaking change
  • Documentation

@DanielHougaard DanielHougaard self-assigned this Jun 12, 2024
maidul98
maidul98 reviewed Jun 12, 2024
View reviewed changes
Copy link
Collaborator

@maidul98 maidul98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some comments on the pr. I also left suggestions for the k8s auth in slack (you are already working on those)

k8-operator/controllers/infisicalsecret_helper.go Outdated Show resolved Hide resolved
k8-operator/controllers/infisicalsecret_helper.go Outdated Show resolved Hide resolved
k8-operator/controllers/infisicalsecret_helper.go Outdated Show resolved Hide resolved
maidul98
maidul98 previously approved these changes Jun 13, 2024
View reviewed changes
Copy link
Collaborator

@maidul98 maidul98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@DanielHougaard DanielHougaard merged commit 04456fe into main Jun 13, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maidul98 maidul98 maidul98 approved these changes

Assignees

@DanielHougaard DanielHougaard

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@DanielHougaard @maidul98