Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes: set secret immutable by default for version >= 1.21 #1091

Merged
merged 1 commit into from
Nov 22, 2021
Merged

Kubernetes: set secret immutable by default for version >= 1.21 #1091

merged 1 commit into from
Nov 22, 2021

Conversation

Dentrax
Copy link
Member

@Dentrax Dentrax commented Nov 22, 2021

Fixes #1090

Signed-off-by: Furkan furkan.turkal@trendyol.com
Co-authored-by: Batuhan batuhan.apaydin@trendyol.com
Co-authored-by: Erkan erkan.zileli@trendyol.com

@Dentrax
Copy link
Member Author

Dentrax commented Nov 22, 2021
edited
Loading

Not sure whether setting immutable: true by default is good practice or not without passing smth like --immutable flag to trigger the condition. Feel free to drop your ideas.

hectorj2f
hectorj2f reviewed Nov 22, 2021
View reviewed changes
pkg/cosign/kubernetes/client.go Outdated
@@ -57,3 +58,16 @@ func Client() (kubernetes.Interface, error) {
}
return kubernetes.NewForConfig(config)
}

func CheckImmutableSecretSupported(client kubernetes.Interface) (bool, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: It is been used internally in the package, func checkImm.....

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 here, otherwise LGTM!

@Dentrax @developer-guy @erkanzileli
feat(k8s): set secret immutable by default for 1.21
870fce8 
Fixes sigstore#1090

Signed-off-by: Furkan <furkan.turkal@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Co-authored-by: Erkan <erkan.zileli@trendyol.com>
@dlorenc dlorenc merged commit 86bf37f into sigstore:main Nov 22, 2021
@github-actions github-actions bot added this to the v1.4.0 milestone Nov 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectorj2f hectorj2f hectorj2f left review comments

@dlorenc dlorenc dlorenc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.4.0
Development

Successfully merging this pull request may close these issues.

provide an option to enable creating immutable secrets while generating key pair with k8s scheme
3 participants
@Dentrax @dlorenc @hectorj2f