✨ feat(VSecM): 448 Java SDK #732
Conversation
Create Java SDK poc Signed-off-by: sahinakyol <akyolsahinn@gmail.com>
core/validation/validation.go
Outdated
| @@ -18,7 +18,7 @@ import ( | |||
| // IsSentinel returns true if the given SPIFFEID is a Sentinel ID. | |||
| // It does this by checking if the SPIFFEID has the SpiffeIdPrefixForSentinel as its prefix. | |||
| func IsSentinel(spiffeid string) bool { | |||
| return strings.HasPrefix(spiffeid, env.SpiffeIdPrefixForSentinel()) | |||
| return strings.HasPrefix(spiffeid, env.SpiffeIdPrefixForSentinel()) || strings.HasPrefix(spiffeid, "spiffe://vsecm.com/workload/sdk-java/ns/vsecm-system/sa/sdk-java/n/") | |||
There was a problem hiding this comment.
This feels like a dangerous hack.
Any SDK request shall not identify itself as Sentinel.
SDK can only read secrets, and that’s the job of a workload.
sdk-java/Deployment.yaml
Outdated
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| # The string after `vsecm-secret-` must match the workload's name. | ||
| # For example, this is an VSecM-managed secret for the workload named `example` | ||
| # with the SPIFFE ID | ||
| # `"spiffe://vsecm.com/workload/example\ | ||
| # /ns/{{ .PodMeta.Namespace }}\ | ||
| # /sa/{{ .PodSpec.ServiceAccountName }}\ | ||
| # /n/{{ .PodMeta.Name }}"` | ||
| name: sdk-java | ||
| namespace: vsecm-system | ||
| type: Opaque |
There was a problem hiding this comment.
We shouldn’t need this secret.
sdk-java/Dockerfile
Outdated
| org.opencontainers.image.description="Java SDK for VMware Secrets Manager" \ | ||
| org.opencontainers.image.version=$APP_VERSION \ | ||
| org.opencontainers.image.authors="VSecM Maintainers <maintainers@vsecm.com>" \ | ||
| org.opencontainers.image.vendor="VMware, Inc." \ |
There was a problem hiding this comment.
There is no such vendor as VMware, Inc. anymore :)
| startServer(); | ||
| WatchService watchService = WatchService.getInstance(); | ||
| TaskFactory taskFactory = new FetchSecretsTaskFactory(); | ||
| watchService.scheduleTask(taskFactory); |
There was a problem hiding this comment.
I am assuming these are just to test the functionality, and the main() function will not be a part of the SDK. — we are providing a library; not an executable.
We’ll have two functions:
Watch()Fetch()
We don’t need a health check server.
--
This will not be a Pod; it will be a library where others can build their own pods.
| import java.util.logging.Level; | ||
| import java.util.logging.Logger; | ||
|
|
||
| public class WsecmHttpClient { |
|
|
||
| private void run() { | ||
| try { | ||
| fetchService.fetch(); |
There was a problem hiding this comment.
Fetch() shall return an object.
We need signature parity with the Go SDK.
|
I think it’s a good start; I need to build and run it to see how it behaves. I’ll share my thoughts with @sahinakyol and @BulldromeQ separately, probably over Slack. And probably early next week :D I am very very swamped right now. But thanks a lot for the hard work. I appreciate that 🙏 . |
|
Folks; I’ll check this out; but not likely this weekend :(. I’m trying to cut a new release, close some issues etc. |
Signed-off-by: sahinakyol <akyolsahinn@gmail.com>
Signed-off-by: sahinakyol <akyolsahinn@gmail.com>
|
@sahinakyol if you can revert your changes that are outside We can iterate on it later anyway. |
Signed-off-by: sahinakyol <akyolsahinn@gmail.com>
There was a problem hiding this comment.
Looking good.
We (I) can test it later down the line, and we can proceed from there.
Thanks for your contribution @sahinakyol 🙏 .
448 Java SDK
Description
Created Java SDK poc
Changes
List the major changes you have made in bullet points:
Test Policy Compliance
Code Quality
to understand.
Documentation
Additional Comments
Include any additional comments or context about the PR here.
Checklist
Before you submit this PR, please make sure:
especially the test policy.
under the project's license.
By submitting this pull request, you confirm that my contribution is made under
the terms of the project's license and that you have the authority to grant
these rights.
Thank you for your contribution to VMware Secrets Manager
🐢⚡️!