Skip to content

[Merged by Bors] - Added TlsAuthenticationProvider to be used in AuthenticationClass #387

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

[Merged by Bors] - Added TlsAuthenticationProvider to be used in AuthenticationClass #387

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
75cce68
added TlsAuthenticationProvider to be used in AuthenticationClass
maltesander May 2, 2022
54bb439
updated CHANGELOG.md
maltesander May 2, 2022
730a838
Update src/commons/tls.rs
maltesander May 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@ All notable changes to this project will be documented in this file.

### Added

- New commons::s3 module with common S3 connection structs ([#377])
- New commons::s3 module with common S3 connection structs ([#377]).
- New `TlsAuthenticationProvider` for `AuthenticationClass` ([#387]).

[#377]: https://github.com/stackabletech/operator-rs/issues/377
[#387]: https://github.com/stackabletech/operator-rs/pull/387

## [0.17.0] - 2022-04-14

Expand Down
4 changes: 3 additions & 1 deletion src/commons/authentication.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use serde::{Deserialize, Serialize};

use crate::commons::ldap::LdapAuthenticationProvider;
use crate::commons::{ldap::LdapAuthenticationProvider, tls::TlsAuthenticationProvider};
use kube::CustomResource;
use schemars::JsonSchema;

Expand All @@ -24,6 +24,8 @@ pub struct AuthenticationClassSpec {

#[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
#[serde(rename_all = "camelCase")]
#[allow(clippy::large_enum_variant)]
pub enum AuthenticationClassProvider {
Ldap(LdapAuthenticationProvider),
Tls(TlsAuthenticationProvider),
}
12 changes: 10 additions & 2 deletions src/commons/tls.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@ pub enum TlsVerification {
None {},
/// Use TLS and ca certificate to verify the server
Server(TlsServerVerification),
/// Use TLS and ca certificate to verify the server and the client
Mutual(TlsMutualVerification),
}

#[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
Expand Down Expand Up @@ -43,3 +41,13 @@ pub enum CaCert {
/// So if you got provided with a ca cert but don't have access to the key you can still use this method.
SecretClass(String),
}

#[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct TlsAuthenticationProvider {
/// See `<https://docs.stackable.tech/home/contributor/adr/ADR016-tls-authentication.html>`.
/// If `client_cert_secret_class` is not set, the TLS settings may also be used for client authentication.
/// If `client_cert_secret_class` is set, the [SecretClass](https://docs.stackable.tech/secret-operator/secretclass.html)
/// will be used to provision client certificates.
pub client_cert_secret_class: Option<String>,
}