New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LOG-1725 Summarize Recognized Auth Keys. #1182
LOG-1725 Summarize Recognized Auth Keys. #1182
Conversation
@alanconway: GitHub didn't allow me to request PR reviews from the following users: vimalkum. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cc @vimalk78 |
ed01937
to
b66a78a
Compare
// | ||
// Simple Authentication Security Layer (SASL) | ||
// | ||
// `sasl.enable`: (boolean) Enable or disable SASL. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to explicitly "enable" or is it sufficient the presence of something else means it is enabled?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've clarified the doc:
// `sasl.enable`: (boolean) Explicitly enable or disable SASL.
// If missing, SASL is automatically enabled if any of the other `sasl.` keys are set.
// `sasl.mechanisms`: (array) List of allowed SASL mechanism names.
// If missing or empty, the system defaults are used.
// `sasl.allow_insecure`: (boolean) Allow mechanisms that send clear-text passwords.
// Default false.
We need sasl.enable because it is common for clients to enable SASL with no other config. There is a default set of mechanims and auto-negotiation with the server so clients often use the defaults and servers are configured to dicate the security policy by only accepting appropriate mechanisms.
/hold |
We can deprecate the original one, honor both with preference of one over the other
Same here though I don't believe we currently support any SASL features.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Besides one small nit, looks good to me
// For client authentication, set secret keys `tls.crt` and `tls.key` to the client certificate and private key. | ||
// All sensitive authentication information is provided via a kubernetes Secret object. | ||
// A Secret is a key:value map, common keys are described here. | ||
// Some outputs support additional pecialized keys, documented with the output-specific configuration field. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pecialized
-> specialized
?
b66a78a
to
500480c
Compare
Updated the doc text, please re-review @jcantrill . I'm writing the backwards-compat code now.... |
aadbd61
to
352d1f2
Compare
@jcantrill @vimalk78 hopefully final - please look it over.
|
352d1f2
to
e2e6470
Compare
/hold |
/hold |
Common keys are documented in the Secret section of the CLF Go spec. apis/logging/v1/cluster_log_forwarder_types.go Output-specific keys are documented in configuration field for that output. apis/logging/v1/output_types.go
e2e6470
to
7b29d46
Compare
/unhold |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alanconway, jcantrill The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
LOG-1725 Summarize Recognized Auth Keys.
Common keys are documented in the Secret section of the CLF Go spec.
Output-specific keys are documented in configuration field for that output.
/hold
Open questions:
/assign @jcantrill
/cc @periklis
/cc @vimalkum