Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support vault auth config for alicloud ca provider #16224

Merged
merged 6 commits into from
Mar 7, 2023
Merged

support vault auth config for alicloud ca provider #16224

merged 6 commits into from
Mar 7, 2023

Conversation

eikenb
Copy link
Contributor

@eikenb eikenb commented Feb 9, 2023
edited
Loading

Add support for using existing vault auto-auth configurations as the provider configuration when using Vault's CA provider with AliCloud.

AliCloud requires 2 extra fields to enable it to use STS (it's preferred auth setup). Our vault-plugin-auth-alicloud package contained a method to help generate them as they require you to make an http call to a faked endpoint proxy to get them (url and headers base64 encoded).

PR Checklist

  • updated test coverage
  • external facing docs updated (not doing on purpose)
  • not a security concern

@eikenb eikenb added type/enhancement Proposed improvement or new feature theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies theme/consul-vault Relating to Consul & Vault interactions labels Feb 9, 2023
@github-actions github-actions bot added the pr/dependencies PR specifically updates dependencies of project label Feb 9, 2023
@eikenb eikenb force-pushed the eikenb/alicloud-vault-provider-auth branch 5 times, most recently from 686f459 to 6fde5be Compare February 13, 2023 19:43
@eikenb eikenb force-pushed the eikenb/alicloud-vault-provider-auth branch 2 times, most recently from e8fd763 to fed6eab Compare March 1, 2023 01:05
cthain
cthain reviewed Mar 6, 2023
View reviewed changes
Copy link
Contributor

@cthain cthain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good. I left a couple of minor suggestions/comments.

agent/connect/ca/provider_vault_auth_alicloud.go Outdated Show resolved Hide resolved
agent/connect/ca/provider_vault_auth_alicloud.go Outdated Show resolved Hide resolved
agent/connect/ca/provider_vault_auth_test.go Show resolved Hide resolved
agent/connect/ca/provider_vault_auth_alicloud.go Show resolved Hide resolved
cthain
cthain approved these changes Mar 6, 2023
View reviewed changes
Copy link
Contributor

@cthain cthain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

eikenb and others added 6 commits March 6, 2023 16:12
@eikenb
support vault auth config for alicloud ca provider
101fc0e 
Add support for using existing vault auto-auth configurations as the
provider configuration when using Vault's CA provider with AliCloud.

AliCloud requires 2 extra fields to enable it to use STS (it's preferred
auth setup). Our vault-plugin-auth-alicloud package contained a method
to help generate them as they require you to make an http call to
a faked endpoint proxy to get them (url and headers base64 encoded).
@eikenb
move parameter checks into New method
aaf4c4e 
Seems like it'd be better to return them sooner rather than later.
@eikenb
fix error case test
0a3a86b
@eikenb @cthain
Update agent/connect/ca/provider_vault_auth_alicloud.go
b2754b5 
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
@eikenb @cthain
Update agent/connect/ca/provider_vault_auth_alicloud.go
c6f1c30 
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
@eikenb
add legacyCheck + test
fcd8cbb
@eikenb eikenb force-pushed the eikenb/alicloud-vault-provider-auth branch from 94fc053 to fcd8cbb Compare March 7, 2023 00:37
@eikenb eikenb merged commit f5641ff into main Mar 7, 2023
@eikenb eikenb deleted the eikenb/alicloud-vault-provider-auth branch March 7, 2023 03:02
@p-linnane p-linnane mentioned this pull request Jun 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cthain cthain cthain approved these changes

Assignees
No one assigned
Labels
pr/dependencies PR specifically updates dependencies of project theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies theme/consul-vault Relating to Consul & Vault interactions type/enhancement Proposed improvement or new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eikenb @cthain