Ku 510/vault kv/encryption at rest #342
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mateoflorido
requested changes
May 16, 2024
mateoflorido
approved these changes
May 27, 2024
addyess
commented
May 29, 2024
requirements.txt
Outdated
| charm-lib-kubernetes-snaps @ git+https://github.com/charmed-kubernetes/charm-lib-kubernetes-snaps@main | ||
| charm-lib-kubernetes-snaps @ git+https://github.com/charmed-kubernetes/charm-lib-kubernetes-snaps@KU-510/vault-kv/encryption-at-rest |
There was a problem hiding this comment.
DO no merge without this
charmed-kubernetes/charm-lib-kubernetes-snaps#16
There was a problem hiding this comment.
Will also need this library backported
addyess
force-pushed
the
KU-510/vault-kv/encryption-at-rest
branch
from
9386f4d
to
7806297
Compare
kwmonroe
approved these changes
May 29, 2024
addyess
added a commit
that referenced
this pull request
May 31, 2024
* Vendor ops version of layer-vault-kv into the charm * Completed unit tests of vault-kv library * begin testing of vaultlocker layer replacement * Begin testing of reactive upgrade * Completed unit tests and docs to support vaultlocker encryption * Passing jenkins validation testing * woke ignore operator libs * Improve testing, improved security, validated upgrades * Address review comments * pin hvac requirements
addyess
added a commit
that referenced
this pull request
May 31, 2024
* Vendor ops version of layer-vault-kv into the charm * Completed unit tests of vault-kv library * begin testing of vaultlocker layer replacement * Begin testing of reactive upgrade * Completed unit tests and docs to support vaultlocker encryption * Passing jenkins validation testing * woke ignore operator libs * Improve testing, improved security, validated upgrades * Address review comments * pin hvac requirements
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allows the control-plane charm to relate to vault over the vault-kv relation. This unlocks an encryption-at-rest using vault-kv to store the encryption key used to encrypt secrets in etcd
This PR creates two new libraries from existing charmhelpers/reactive based layers
There's also quite a bit of code lift from charmhelpers as well (see fstab.py)
Those libraries could VERY likely be externalized and pip imported -- but they're here in this draft PR in order to accelerate producing the feature.