Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reimplement certificate controller #506

Merged
merged 51 commits into from Sep 24, 2017

Conversation

@sadlil
Copy link
Contributor

commented Sep 19, 2017

Fixes #505
Fixes #370
Fixes #382
Fixes #526
Fixes #366
Fixes #393
Fixes #356

@sadlil sadlil added this to the 4.0.0 milestone Sep 19, 2017
@sadlil sadlil self-assigned this Sep 19, 2017
@sadlil sadlil requested review from tamalsaha and diptadas Sep 19, 2017
@sadlil sadlil changed the title WIP: ReDesign Certificate Spec. WIP: Redesign Certificate Spec. Sep 19, 2017
@tamalsaha

This comment has been minimized.

Copy link
Member

commented Sep 21, 2017

  • Fix RBACs Role.
  • Migrate existing certs (omitempty)
  • Add to Certificate.Status : SerialNumber, NotBefore, NotAfter, Signature https://golang.org/pkg/crypto/x509/#Certificate
  • If the tlsmounter/volume is just a copy of kloader, use it from there. We can also move it to appscode/go, if needed.
@tamalsaha tamalsaha removed the breaking label Sep 23, 2017
@tamalsaha

This comment has been minimized.

Copy link
Member

commented Sep 23, 2017

What purpose does

	CertURL       string      `json:"certURL"`
	CertStableURL string      `json:"certStableURL"`
	AccountRef    string      `json:"accountRef,omitempty"`

fields serve?

@tamalsaha tamalsaha changed the title WIP: Redesign Certificate Spec. Reimplement certificate controller Sep 23, 2017
@tamalsaha tamalsaha changed the title Reimplement certificate controller WIP: Reimplement certificate controller Sep 23, 2017
@@ -70,14 +81,14 @@ func (c *controller) ensureRoles() error {
APIGroups: []string{api.GroupName},
Resources: []string{"ingresses"},
ResourceNames: []string{c.Ingress.Name},
Verbs: []string{"get"},
Verbs: []string{"get", "list", "watch"},
})
case api_v1beta1.APISchemaIngress:
defaultRole.Rules = append(defaultRole.Rules, rbac.PolicyRule{
APIGroups: []string{extensions.GroupName},
Resources: []string{"ingresses"},
ResourceNames: []string{c.Ingress.Name},

This comment has been minimized.

Copy link
@tamalsaha

tamalsaha Sep 24, 2017

Member

Can you define ResourceName and watch Ingress at the same time?

tamalsaha added 2 commits Sep 24, 2017
Notably, if resourceNames are set, then the verb must not be list, watch, create, or deletecollection. Because resource names are not present in the URL for create, list, watch, and deletecollection API requests, those verbs would not be allowed by a rule with resourceNames set, since the resourceNames portion of the rule would not match the request.
@tamalsaha tamalsaha changed the title WIP: Reimplement certificate controller Reimplement certificate controller Sep 24, 2017
@tamalsaha tamalsaha merged commit cd3d9af into master Sep 24, 2017
@tamalsaha tamalsaha deleted the certificate-redesign branch Sep 24, 2017
tamalsaha added a commit that referenced this pull request Dec 13, 2017
Fixes #505
Fixes #370
Fixes #382
Fixes #526 
Fixes #366 
Fixes #393 
Fixes #356
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.