LOG-1725 Summarize Recognized Auth Keys. #1182
Conversation
|
@alanconway: GitHub didn't allow me to request PR reviews from the following users: vimalkum. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
approved
|
/cc @vimalk78 |
alanconway
force-pushed
the
secret-keys
branch
from
ed01937
to
b66a78a
Compare
| // | ||
| // Simple Authentication Security Layer (SASL) | ||
| // | ||
| // `sasl.enable`: (boolean) Enable or disable SASL. |
There was a problem hiding this comment.
Do we need to explicitly "enable" or is it sufficient the presence of something else means it is enabled?
There was a problem hiding this comment.
I've clarified the doc:
// `sasl.enable`: (boolean) Explicitly enable or disable SASL.
// If missing, SASL is automatically enabled if any of the other `sasl.` keys are set.
// `sasl.mechanisms`: (array) List of allowed SASL mechanism names.
// If missing or empty, the system defaults are used.
// `sasl.allow_insecure`: (boolean) Allow mechanisms that send clear-text passwords.
// Default false.
We need sasl.enable because it is common for clients to enable SASL with no other config. There is a default set of mechanims and auto-negotiation with the server so clients often use the defaults and servers are configured to dicate the security policy by only accepting appropriate mechanisms.
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
We can deprecate the original one, honor both with preference of one over the other
Same here though I don't believe we currently support any SASL features.
|
| // For client authentication, set secret keys `tls.crt` and `tls.key` to the client certificate and private key. | ||
| // All sensitive authentication information is provided via a kubernetes Secret object. | ||
| // A Secret is a key:value map, common keys are described here. | ||
| // Some outputs support additional pecialized keys, documented with the output-specific configuration field. |
There was a problem hiding this comment.
pecialized -> specialized?
alanconway
force-pushed
the
secret-keys
branch
from
b66a78a
to
500480c
Compare
|
Updated the doc text, please re-review @jcantrill . I'm writing the backwards-compat code now.... |
alanconway
force-pushed
the
secret-keys
branch
3 times, most recently
from
aadbd61
to
352d1f2
Compare
openshift-ci
bot
added
the
midstream/Dockerfile
|
@jcantrill @vimalk78 hopefully final - please look it over.
|
alanconway
force-pushed
the
secret-keys
branch
from
352d1f2
to
e2e6470
Compare
|
/hold |
|
/hold |
Common keys are documented in the Secret section of the CLF Go spec.
apis/logging/v1/cluster_log_forwarder_types.go
Output-specific keys are documented in configuration field for that output.
apis/logging/v1/output_types.go
alanconway
force-pushed
the
secret-keys
branch
from
e2e6470
to
7b29d46
Compare
|
/unhold |
openshift-ci
bot
removed
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alanconway, jcantrill The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
LOG-1725 Summarize Recognized Auth Keys.
Common keys are documented in the Secret section of the CLF Go spec.
Output-specific keys are documented in configuration field for that output.
/hold
Open questions:
/assign @jcantrill
/cc @periklis
/cc @vimalkum