Dev/improvements#22
Merged
romdalf merged 12 commits intobeezy-dev:mainfrom Aug 20, 2025
Merged
Conversation
Contributor
coding-gecko
commented
Aug 8, 2025
coding-gecko
commented
- go version update to 1.24.5
- adding "cert" method for vault authentication and it's related config example
- socket checking refactor
- adding retry to vault related operations
- updated to go 1.24.5 - image updated in containerfile
- k8s and cert auth now is supported as Vault authentication - selectable via config file field "authmethod" with values "cert" and "k8s"
- Encrypt/decrypt split into internal function - internal function called by Health()
- unix socket checking refactored - instead of Health(), it is being done in goroutine every 10s (from startprovider.go) - goroutine launched after grpc server is up&running
- based on error message, it decides whether to shut down plugin or not - currently only shuts down on "invalid token"
- retryVaultOp() retries the execution of failed read/write operation on Vault - if failure relates to token lease being invalid, tries to re-login
- added openssl config files to generate root ca, intermediate ca and kleidi client cert (used for authentication) - added simple sh script to launch Kleidi as standalone container in docker with cert auth - added config files
- added script to generate root ca, intermediate ca and client cert for cert auth
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
- fixed []byte conversion - removed authInfo
…eidi into dev/improvements
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the Vault provider with improved authentication methods, error handling, and infrastructure updates. The changes include updating Go to version 1.24.5, adding certificate-based authentication alongside the existing Kubernetes authentication, implementing retry logic for Vault operations, and refactoring socket monitoring.
- Updated Go version from 1.22.0 to 1.24.5 and related dependency updates
- Added certificate authentication method for Vault with configuration examples and documentation
- Implemented retry logic with automatic re-authentication for Vault operations
Reviewed Changes
Copilot reviewed 15 out of 16 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
scripts/prd/vault/vault/vault-config.json |
Updated configuration format with lowercase field names and added auth method parameters |
internal/utils/startprovider.go |
Refactored socket monitoring to use periodic checking and removed socket parameter from Vault service initialization |
internal/providers/hvault.go |
Major refactor adding retry logic, improved error handling, and support for multiple authentication methods |
internal/providers/hauthprovider.go |
New file implementing authentication method factory for Kubernetes and certificate auth |
go.mod |
Updated Go version and dependency versions |
configuration/kleidi/vault-config.json |
Updated configuration example with new auth parameters |
configuration/kleidi/cert-auth/* |
Added complete certificate authentication configuration examples and CA generation scripts |
Containerfile-* |
Updated base images to use Go 1.24.5 |
Collaborator
|
Moving to burning test for a 48-hour run. |
- custom error struct hVaultErr added. Vault errors processed and stored in this type - string comparison replaced with errors.Is - unit test added and dockerfiles updated
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.