Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[functions] Distribute the CA for KubernetesSecretsTokenAuthProvider #5398

Merged
merged 1 commit into from Oct 28, 2019

Conversation

@addisonj
Copy link
Contributor

addisonj commented Oct 16, 2019

Motivation

Currently, if a user has TLS enabled and is using a custom CA that isn't
baked into the image, when the functions worker starts, it won't have
the CA in order to validate the cert presented by the broker.

Modifications

This adds support to have the KubernetesSecretsTokenAuthProvider
also distribute the CA via the same kubernetes secret used for the
token.

Verifying this change

  • [x ] Make sure that the change passes the CI checks.

This change added tests and can be verified as follows:

  • Added tests to ensure that the code paths work with and without a CA
  • Added tests to ensure that the filename returned is as expected

Does this pull request potentially affect one of the following parts:

If yes was chosen, please highlight the changes

  • Dependencies (does it add or upgrade a dependency): no
  • The public API: no
  • The schema: no
  • The default values of configurations: no
  • The wire protocol: no
  • The rest endpoints: no
  • The admin cli options: no
  • Anything that affects deployment: no

Documentation

  • Does this pull request introduce a new feature? yes
  • If yes, how is the feature documented? not documented, but the KubernetesSecretsTokenAuthProvider is missing docs complete
  • If a feature is not applicable for documentation, explain why? It does need docs, but the functionality as a whole is missing docs
  • If a feature is not documented yet in this PR, please create a followup issue for adding the documentation
@addisonj

This comment has been minimized.

Copy link
Contributor Author

addisonj commented Oct 16, 2019

Added a follow up issue for docs: #5399

@addisonj

This comment has been minimized.

Copy link
Contributor Author

addisonj commented Oct 16, 2019

This conflicts with #5400, will need rebased if that is merged first

Copy link
Contributor

jerrypeng left a comment

@addisonj thanks for contributing this! I am also in process to make FunctionAuthProvider pluggable. Currently which one that is used is hard coded

@addisonj

This comment has been minimized.

Copy link
Contributor Author

addisonj commented Oct 21, 2019

rerun java8 tests
rerun integration tests

1 similar comment
@addisonj

This comment has been minimized.

Copy link
Contributor Author

addisonj commented Oct 21, 2019

rerun java8 tests
rerun integration tests

Currently, if a user has TLS enabled and is using a custom CA that isn't
baked into the image, when the functions worker starts, it won't have
the CA in order to validate the cert presented by the broker.

This adds support to have  the `KubernetesSecretsTokenAuthProvider`
also distribute the CA via the same kubernetes secret used for the
token.
@addisonj addisonj force-pushed the instructure:functions_ca branch from d06df2a to 60e2847 Oct 26, 2019
@addisonj

This comment has been minimized.

Copy link
Contributor Author

addisonj commented Oct 27, 2019

rerun java8 tests

1 similar comment
@addisonj

This comment has been minimized.

Copy link
Contributor Author

addisonj commented Oct 28, 2019

rerun java8 tests

@sijie
sijie approved these changes Oct 28, 2019
@sijie sijie added this to the 2.5.0 milestone Oct 28, 2019
@sijie sijie merged commit 28b0c3a into apache:master Oct 28, 2019
3 checks passed
3 checks passed
Jenkins: C++ / Python Tests SUCCESS
Details
Jenkins: Integration Tests SUCCESS
Details
Jenkins: Java 8 - Unit Tests SUCCESS
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.