-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ feat(VSecM): 448 Java SDK #732
Conversation
Create Java SDK poc Signed-off-by: sahinakyol <akyolsahinn@gmail.com>
core/validation/validation.go
Outdated
@@ -18,7 +18,7 @@ import ( | |||
// IsSentinel returns true if the given SPIFFEID is a Sentinel ID. | |||
// It does this by checking if the SPIFFEID has the SpiffeIdPrefixForSentinel as its prefix. | |||
func IsSentinel(spiffeid string) bool { | |||
return strings.HasPrefix(spiffeid, env.SpiffeIdPrefixForSentinel()) | |||
return strings.HasPrefix(spiffeid, env.SpiffeIdPrefixForSentinel()) || strings.HasPrefix(spiffeid, "spiffe://vsecm.com/workload/sdk-java/ns/vsecm-system/sa/sdk-java/n/") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels like a dangerous hack.
Any SDK request shall not identify itself as Sentinel.
SDK can only read
secrets, and that’s the job of a workload.
sdk-java/Deployment.yaml
Outdated
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
# The string after `vsecm-secret-` must match the workload's name. | ||
# For example, this is an VSecM-managed secret for the workload named `example` | ||
# with the SPIFFE ID | ||
# `"spiffe://vsecm.com/workload/example\ | ||
# /ns/{{ .PodMeta.Namespace }}\ | ||
# /sa/{{ .PodSpec.ServiceAccountName }}\ | ||
# /n/{{ .PodMeta.Name }}"` | ||
name: sdk-java | ||
namespace: vsecm-system | ||
type: Opaque |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We shouldn’t need this secret.
sdk-java/Dockerfile
Outdated
org.opencontainers.image.description="Java SDK for VMware Secrets Manager" \ | ||
org.opencontainers.image.version=$APP_VERSION \ | ||
org.opencontainers.image.authors="VSecM Maintainers <maintainers@vsecm.com>" \ | ||
org.opencontainers.image.vendor="VMware, Inc." \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no such vendor as VMware, Inc. anymore :)
startServer(); | ||
WatchService watchService = WatchService.getInstance(); | ||
TaskFactory taskFactory = new FetchSecretsTaskFactory(); | ||
watchService.scheduleTask(taskFactory); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am assuming these are just to test the functionality, and the main()
function will not be a part of the SDK. — we are providing a library; not an executable.
We’ll have two functions:
Watch()
Fetch()
We don’t need a health check server.
--
This will not be a Pod; it will be a library where others can build their own pods.
import java.util.logging.Level; | ||
import java.util.logging.Logger; | ||
|
||
public class WsecmHttpClient { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: it’s VSecM, not Wsecm
|
||
private void run() { | ||
try { | ||
fetchService.fetch(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fetch()
shall return an object.
We need signature parity with the Go SDK.
I think it’s a good start; I need to build and run it to see how it behaves. I’ll share my thoughts with @sahinakyol and @BulldromeQ separately, probably over Slack. And probably early next week :D I am very very swamped right now. But thanks a lot for the hard work. I appreciate that 🙏 . |
Folks; I’ll check this out; but not likely this weekend :(. I’m trying to cut a new release, close some issues etc. |
Signed-off-by: sahinakyol <akyolsahinn@gmail.com>
Signed-off-by: sahinakyol <akyolsahinn@gmail.com>
@sahinakyol if you can revert your changes that are outside We can iterate on it later anyway. |
Signed-off-by: sahinakyol <akyolsahinn@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good.
We (I) can test it later down the line, and we can proceed from there.
Thanks for your contribution @sahinakyol 🙏 .
448 Java SDK
Description
Created Java SDK poc
Changes
List the major changes you have made in bullet points:
Test Policy Compliance
Code Quality
to understand.
Documentation
Additional Comments
Include any additional comments or context about the PR here.
Checklist
Before you submit this PR, please make sure:
especially the test policy.
under the project's license.
By submitting this pull request, you confirm that my contribution is made under
the terms of the project's license and that you have the authority to grant
these rights.
Thank you for your contribution to VMware Secrets Manager
🐢⚡️!