Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add command to consul-k8s-control-plane: gossip-encryption-autogenerate #772

Merged
merged 37 commits into from
Oct 15, 2021
Merged

Add command to consul-k8s-control-plane: gossip-encryption-autogenerate #772

merged 37 commits into from
Oct 15, 2021

Conversation

t-eckert
Copy link
Contributor

@t-eckert t-eckert commented Oct 8, 2021
edited
Loading

Changes proposed in this PR:

  • Add a command to consul-k8s-control-plane called gossip-encryption-autogenerate
    This command takes in a namespace and a secret-name, checks for a kubeconfig being passed in or uses the default for the system. It checks if a secret already exists with the given secret-name and fails safely with code 0 if so. Otherwise it generates a 32 byte random string and stores it in the Kubernetes secret store.

How I've tested this PR:

  • Unit tests

How I expect reviewers to test this PR:

  • Unit tests
  • Execute the command from ./control-plane with 
    go run . gossip-encryption-autogenerate -namespace default -secret-name my-special-secret
    If successful, check the secret with 
    kubectl get secrets my-special-secret -o yaml
    Check that the key value is a random base 64 encoded 32 byte string. Then run 
    go run . gossip-encryption-autogenerate -namespace default -secret-name my-special-secret
    and observe that this returns "A Kubernetes secret with the name my-special-secret already exists." without overwriting the secret at that location.

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

Thomas Eckert added 19 commits October 4, 2021 16:50
lkysow
lkysow reviewed Oct 8, 2021
View reviewed changes
Copy link
Member

@lkysow lkysow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking really good! I've got some suggestions to simplify things even further but overall things are excellent.

I'll probably not get back to this PR next week so feel free to merge once you've got the requisite approvals from others.

control-plane/subcommand/gossip-encryption-autogenerate/command.go Outdated Show resolved Hide resolved
control-plane/subcommand/gossip-encryption-autogenerate/command.go Outdated Show resolved Hide resolved
control-plane/subcommand/gossip-encryption-autogenerate/command.go Outdated Show resolved Hide resolved
control-plane/subcommand/gossip-encryption-autogenerate/command.go Outdated Show resolved Hide resolved
control-plane/subcommand/gossip-encryption-autogenerate/command.go Outdated Show resolved Hide resolved
control-plane/subcommand/gossip-encryption-autogenerate/command.go Outdated Show resolved Hide resolved
control-plane/subcommand/gossip-encryption-autogenerate/command.go Outdated Show resolved Hide resolved
control-plane/subcommand/gossip-encryption-autogenerate/command_test.go Outdated Show resolved Hide resolved
control-plane/subcommand/gossip-encryption-autogenerate/command_test.go Outdated Show resolved Hide resolved
control-plane/subcommand/gossip-encryption-autogenerate/command_test.go Outdated Show resolved Hide resolved
@t-eckert
Copy link
Contributor Author

@lkysow, thank you for a great review! I have implemented all of your suggestions.

@t-eckert t-eckert requested review from ndhanushkodi and removed request for ishustava October 11, 2021 19:07
kschoche
kschoche reviewed Oct 13, 2021
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@kschoche
Update CHANGELOG.md
c2267c8 
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
kschoche
kschoche approved these changes Oct 13, 2021
View reviewed changes
Copy link
Contributor

@kschoche kschoche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, I left a few comments but overall it's looking good.

One thing I'd like to sort out before merging is being consistent on using k8s vs kubernetes, especially in error messages.
(bonus points if we can clean it up to be consistent on data structure names, flags and function names)

kschoche
kschoche reviewed Oct 13, 2021
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
ndhanushkodi
ndhanushkodi approved these changes Oct 14, 2021
View reviewed changes
Copy link
Contributor

@ndhanushkodi ndhanushkodi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, Thomas!!

control-plane/subcommand/gossip-encryption-autogenerate/command.go Outdated Show resolved Hide resolved
@ndhanushkodi
Update control-plane/subcommand/gossip-encryption-autogenerate/comman…
5c0f64c 
…d.go

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
@t-eckert t-eckert merged commit 00082a0 into main Oct 15, 2021
@t-eckert t-eckert deleted the autogen-encryption-golang branch October 15, 2021 17:22
@t-eckert t-eckert mentioned this pull request Apr 18, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lkysow lkysow lkysow left review comments

@kschoche kschoche kschoche approved these changes

@thisisnotashwin thisisnotashwin thisisnotashwin left review comments

@ndhanushkodi ndhanushkodi ndhanushkodi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@t-eckert @lkysow @ndhanushkodi @kschoche @thisisnotashwin