-
Notifications
You must be signed in to change notification settings - Fork 83
Add verification certificate key auto rotation #1614
Conversation
/retest |
resource "google_cloud_scheduler_job" "realm-key-rotation-worker" { | ||
name = "realm-key-rotation-worker" | ||
region = var.cloudscheduler_location | ||
schedule = "2,32 * * * *" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2,32... those are oddly specific minutes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
offsetting it from the token rotation (which is every 5 minutes)
fb7caae
to
d558ead
Compare
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mikehelmick, whaught The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@@ -277,6 +277,8 @@ func (i *TestInstance) NewDatabase(tb testing.TB, cacher cache.Cacher) (*Databas | |||
tb.Fatalf("failed to load database configuration: %s", err) | |||
} | |||
db.keyManager = keys.TestKeyManager(tb) | |||
db.config.CertificateSigningKeyRing = "certificates" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This introduced a data race
Fixes #1567
Proposed Changes
New enable screen
Confirmation dialog
Status when enabled
New keys are created in inactive state to allow for propagation of public key
Release Note