Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support auth methods for the vault connect CA provider #11573

Merged
merged 12 commits into from
Nov 18, 2021
Merged

Support auth methods for the vault connect CA provider #11573

merged 12 commits into from
Nov 18, 2021

Conversation

ishustava
Copy link
Contributor

@ishustava ishustava commented Nov 15, 2021
edited
Loading

Changes proposed

  • Support vault auth methods for the Vault connect CA provider
  • Rotate the token (re-authenticate to vault using auth method) when the token can no longer be renewed

Notes

  • The unit tests only test auth methods that don't require an external system (like aws or kubernetes)
  • I've tested it manually on Kubernetes using the helm chart

@github-actions github-actions bot added the theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies label Nov 15, 2021
@ishustava ishustava force-pushed the ishustava/vault-provider-auth-method branch from 828164a to 3c1eb44 Compare November 15, 2021 19:26
@vercel vercel bot temporarily deployed to Preview – consul November 15, 2021 19:26 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 19:27 Inactive
@ishustava ishustava force-pushed the ishustava/vault-provider-auth-method branch from 3c1eb44 to e4e4ec2 Compare November 15, 2021 20:01
@vercel vercel bot temporarily deployed to Preview – consul November 15, 2021 20:01 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 20:01 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 20:21 Inactive
@ishustava ishustava force-pushed the ishustava/vault-provider-auth-method branch from 273ffa3 to 90f4968 Compare November 15, 2021 20:25
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 20:25 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 20:26 Inactive
@vercel vercel bot temporarily deployed to Preview – consul November 15, 2021 20:26 Inactive
@ishustava ishustava force-pushed the ishustava/vault-provider-auth-method branch from 4fab139 to cff1b8a Compare November 15, 2021 20:28
@vercel vercel bot temporarily deployed to Preview – consul November 15, 2021 20:29 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 20:29 Inactive
@vercel vercel bot temporarily deployed to Preview – consul November 15, 2021 20:32 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 20:32 Inactive
@vercel vercel bot temporarily deployed to Preview – consul November 15, 2021 20:40 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 20:40 Inactive
@ishustava ishustava marked this pull request as ready for review November 15, 2021 20:51
@ishustava ishustava requested a review from a team as a code owner November 15, 2021 20:51
@vercel vercel bot temporarily deployed to Preview – consul November 15, 2021 23:38 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 23:38 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 23:41 Inactive
@ishustava ishustava force-pushed the ishustava/vault-provider-auth-method branch from 6da44e4 to 8c5b111 Compare November 15, 2021 23:44
@vercel vercel bot temporarily deployed to Preview – consul November 15, 2021 23:44 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 23:44 Inactive
@ishustava ishustava force-pushed the ishustava/vault-provider-auth-method branch from 8c5b111 to a729a68 Compare November 15, 2021 23:45
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 15, 2021 23:45 Inactive
@vercel vercel bot temporarily deployed to Preview – consul November 16, 2021 00:28 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 16, 2021 00:28 Inactive
karl-cardenas-coding
karl-cardenas-coding approved these changes Nov 16, 2021
View reviewed changes
Copy link
Contributor

@karl-cardenas-coding karl-cardenas-coding left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from a document perspective. We just need to remove the 2nd warning box 👍🏼

@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 16, 2021 15:53 Inactive
kschoche
kschoche approved these changes Nov 16, 2021
View reviewed changes
Copy link
Contributor

@kschoche kschoche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great @ishustava !!

acpana
acpana approved these changes Nov 16, 2021
View reviewed changes
Copy link
Contributor

@acpana acpana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM overall! 🚀

If you had time, I think it be worth having some validation of the auth method (ie this is supported, this is not) from the vault CA provider side but other than that no other concerns!

Thanks for being open to some of my feedback 💯 !!

@vercel vercel bot temporarily deployed to Preview – consul November 17, 2021 06:22 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 17, 2021 06:22 Inactive
@ishustava ishustava merged commit 0ee4566 into main Nov 18, 2021
@ishustava ishustava deleted the ishustava/vault-provider-auth-method branch November 18, 2021 20:15
@hc-github-team-consul-core
Copy link
Collaborator

🍒 If backport labels were added before merging, cherry-picking will start automatically.

To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/505952.

@ishustava ishustava mentioned this pull request Nov 22, 2021
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kschoche kschoche kschoche approved these changes

@acpana acpana acpana approved these changes

@karl-cardenas-coding karl-cardenas-coding karl-cardenas-coding approved these changes

Assignees
No one assigned
Labels
theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ishustava @hc-github-team-consul-core @kschoche @acpana @karl-cardenas-coding