Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to set initial_management token when using k8s secret store. Snapshot agent acceptance tests #1125

Merged
merged 25 commits into from
Mar 30, 2022
Merged

Ability to set initial_management token when using k8s secret store. Snapshot agent acceptance tests #1125

merged 25 commits into from
Mar 30, 2022

Commits on Mar 30, 2022

  1. Enable ACL Client Token (#1093) 

    * Refactor ConsulLogin() to return the acltoken in addition to theerror.

* Refactor createACLPolicyRoleAndBindingRule toappend datacenters for local tokens.  Refactor updateOrCreateBindingRule to create binding rule if there are binding rules but this one does not exist

* Rename -create-client-token flag to -client

* set additional sans for consul server load balancer so that client will be able to use the certificate to talk to the load balancers rather than just an individual server.

* Refactor server-acl-init command to create ACL Policy and Rule for client component so that client can call ConsulLogin and receive and ACL Token Call.

* Enable client to talk to Consul Server to perform consul login.

* Pass Auth Method to k8s al-init command.
* Configure Consul address to be the Consul Server Load Balancer.
* Configure CA Cert volume to be in memory rather than k8s secret when using vault.
* Set consul/login volume and CONSUL_HTTP_TOKEN_FILE for use during logout.
* Setup prestop command to perform consul logout.

* Configure client-daemonset so that we can utilize the externalServers setting to configure clients to be able to call consul login on a server that is on a different partition.

* Configuring partition-init to remove additional flags and use ones that already exist

* adding missing comma

* fix flakey tests by wrapping asserts in retries a la Iryna

* Adding -use-https flag to client-daemonset.yaml when externalServers are enabled

* Refactoring tests to cover client-acl-init changes

* addressing PR comments

* removing mounted tmpfs for consul-ca-cert when using vault and restoring datacenter logic because of breaking test.

* addressing PR comments and only appending datacenters to a policy when its a local token, not global tokens.

* completing additional dns names based on PR feedback

* Do not ca-cert volume when using vault.

* removing unused flagConsulCACert from partition-init command

* PR Feedback.  Removing unused envvars in acl-init container.  changing ConsulLogin to return secretID, error instead ok token, error.
    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    67069cc View commit details
    Browse the repository at this point in the history

  2. Enable snapshot agent configuration to be retrieved from vault

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    938bc56 View commit details
    Browse the repository at this point in the history

  3. Adding CHANGELOG entry

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    7d36f31 View commit details
    Browse the repository at this point in the history

  4. Changing the decoding of snapshot agent config in vault to platform a… 

    …gnostic
    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    248e297 View commit details
    Browse the repository at this point in the history

  5. Fixing the way we write the encoded vault secret out to a decoded jso… 

    …n file
    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    ae5dc60 View commit details
    Browse the repository at this point in the history

  6. Decoding vault secret using consul template function on the vault ann… 

    …otation. Able to remove the bash that decodes the file and changes the extension.
    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    77437f8 View commit details
    Browse the repository at this point in the history

  7. Adding an acceptance test for snapshot agent. It currently fails beca… 

    …use of a bug with Consul where it does not recognize CONSUL_HTTP_TOKEN. Will need to refactor test to bootstrap, then create vault secret with embedded acl token, then helm upgrade to add snapshot agent. Then assert that a *.snap file is created.
    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    3c2f9f1 View commit details
    Browse the repository at this point in the history

  8. Adding acceptance test for snapshot agent on vault.

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    23547c0 View commit details
    Browse the repository at this point in the history

  9. renaming test and removing extra file

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    6ed0018 View commit details
    Browse the repository at this point in the history

  10. Move vault test helpers into framework folder so we can use it more e… 

    …asily from other folders.
    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    ceb81de View commit details
    Browse the repository at this point in the history

  11. Adding snapshot agent test for k8s secret

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    776a9c4 View commit details
    Browse the repository at this point in the history

  12. Adding ability to set initial_management token when using k8s secrets… 

    …. Also working acceptance test for snapshot agent on k8s secrets.
    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    db0019b View commit details
    Browse the repository at this point in the history

  13. Adding bats tests. Adding envvar for ACL_BOOTSTRAP_TOKEN. Removing vo… 

    …lume and volume mounts for bootstrap token.
    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    6c3d637 View commit details
    Browse the repository at this point in the history

  14. Adding CHANGELOG entry for ability to pre-set bootstrap ACL token

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    2b492d8 View commit details
    Browse the repository at this point in the history

  15. Fixing bats tests

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    74c3ffc View commit details
    Browse the repository at this point in the history

  16. Update acceptance/framework/consul/helm_cluster.go 

    Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
    @jmurret
    jmurret and Thomas Eckert committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    261c6a6 View commit details
    Browse the repository at this point in the history

  17. Fixing broken unit tests

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    25e1eb4 View commit details
    Browse the repository at this point in the history

  18. Lowering snapshot interval from 1mto15s for tests

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    4d2545b View commit details
    Browse the repository at this point in the history

  19. Update acceptance/framework/consul/helm_cluster.go 

    Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
    @jmurret @ndhanushkodi
    jmurret and ndhanushkodi committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    3b154c4 View commit details
    Browse the repository at this point in the history

  20. Update acceptance/framework/vault/helpers.go 

    Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
    @jmurret @ndhanushkodi
    jmurret and ndhanushkodi committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    5069bf2 View commit details
    Browse the repository at this point in the history

  21. Update acceptance/tests/snapshot-agent/snapshot_agent_vault_test.go 

    Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
    @jmurret @ndhanushkodi
    jmurret and ndhanushkodi committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    e1e8894 View commit details
    Browse the repository at this point in the history

  22. PR Feedback - clarify comments on Vault helper functions

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    61db48e View commit details
    Browse the repository at this point in the history

  23. PR Feedback - clarify comments on Vault helper functions

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    88bd510 View commit details
    Browse the repository at this point in the history

  24. Modifying tests to not incidentally send an encoded file

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    2977131 View commit details
    Browse the repository at this point in the history

  25. Removing logging token in acceptance test code.

    @jmurret
    jmurret committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    868f524 View commit details
    Browse the repository at this point in the history