-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to set initial_management token when using k8s secret store. Snapshot agent acceptance tests #1125
Ability to set initial_management token when using k8s secret store. Snapshot agent acceptance tests #1125
Commits on Mar 30, 2022
-
Enable ACL Client Token (#1093)
* Refactor ConsulLogin() to return the acltoken in addition to theerror. * Refactor createACLPolicyRoleAndBindingRule toappend datacenters for local tokens. Refactor updateOrCreateBindingRule to create binding rule if there are binding rules but this one does not exist * Rename -create-client-token flag to -client * set additional sans for consul server load balancer so that client will be able to use the certificate to talk to the load balancers rather than just an individual server. * Refactor server-acl-init command to create ACL Policy and Rule for client component so that client can call ConsulLogin and receive and ACL Token Call. * Enable client to talk to Consul Server to perform consul login. * Pass Auth Method to k8s al-init command. * Configure Consul address to be the Consul Server Load Balancer. * Configure CA Cert volume to be in memory rather than k8s secret when using vault. * Set consul/login volume and CONSUL_HTTP_TOKEN_FILE for use during logout. * Setup prestop command to perform consul logout. * Configure client-daemonset so that we can utilize the externalServers setting to configure clients to be able to call consul login on a server that is on a different partition. * Configuring partition-init to remove additional flags and use ones that already exist * adding missing comma * fix flakey tests by wrapping asserts in retries a la Iryna * Adding -use-https flag to client-daemonset.yaml when externalServers are enabled * Refactoring tests to cover client-acl-init changes * addressing PR comments * removing mounted tmpfs for consul-ca-cert when using vault and restoring datacenter logic because of breaking test. * addressing PR comments and only appending datacenters to a policy when its a local token, not global tokens. * completing additional dns names based on PR feedback * Do not ca-cert volume when using vault. * removing unused flagConsulCACert from partition-init command * PR Feedback. Removing unused envvars in acl-init container. changing ConsulLogin to return secretID, error instead ok token, error.
Configuration menu - View commit details
-
Copy full SHA for 67069cc - Browse repository at this point
Copy the full SHA 67069ccView commit details -
Configuration menu - View commit details
-
Copy full SHA for 938bc56 - Browse repository at this point
Copy the full SHA 938bc56View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7d36f31 - Browse repository at this point
Copy the full SHA 7d36f31View commit details -
Configuration menu - View commit details
-
Copy full SHA for 248e297 - Browse repository at this point
Copy the full SHA 248e297View commit details -
Configuration menu - View commit details
-
Copy full SHA for ae5dc60 - Browse repository at this point
Copy the full SHA ae5dc60View commit details -
Decoding vault secret using consul template function on the vault ann…
…otation. Able to remove the bash that decodes the file and changes the extension.
Configuration menu - View commit details
-
Copy full SHA for 77437f8 - Browse repository at this point
Copy the full SHA 77437f8View commit details -
Adding an acceptance test for snapshot agent. It currently fails beca…
…use of a bug with Consul where it does not recognize CONSUL_HTTP_TOKEN. Will need to refactor test to bootstrap, then create vault secret with embedded acl token, then helm upgrade to add snapshot agent. Then assert that a *.snap file is created.
Configuration menu - View commit details
-
Copy full SHA for 3c2f9f1 - Browse repository at this point
Copy the full SHA 3c2f9f1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 23547c0 - Browse repository at this point
Copy the full SHA 23547c0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6ed0018 - Browse repository at this point
Copy the full SHA 6ed0018View commit details -
Move vault test helpers into framework folder so we can use it more e…
…asily from other folders.
Configuration menu - View commit details
-
Copy full SHA for ceb81de - Browse repository at this point
Copy the full SHA ceb81deView commit details -
Configuration menu - View commit details
-
Copy full SHA for 776a9c4 - Browse repository at this point
Copy the full SHA 776a9c4View commit details -
Adding ability to set initial_management token when using k8s secrets…
…. Also working acceptance test for snapshot agent on k8s secrets.
Configuration menu - View commit details
-
Copy full SHA for db0019b - Browse repository at this point
Copy the full SHA db0019bView commit details -
Adding bats tests. Adding envvar for ACL_BOOTSTRAP_TOKEN. Removing vo…
…lume and volume mounts for bootstrap token.
Configuration menu - View commit details
-
Copy full SHA for 6c3d637 - Browse repository at this point
Copy the full SHA 6c3d637View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2b492d8 - Browse repository at this point
Copy the full SHA 2b492d8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 74c3ffc - Browse repository at this point
Copy the full SHA 74c3ffcView commit details -
Update acceptance/framework/consul/helm_cluster.go
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
Configuration menu - View commit details
-
Copy full SHA for 261c6a6 - Browse repository at this point
Copy the full SHA 261c6a6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 25e1eb4 - Browse repository at this point
Copy the full SHA 25e1eb4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4d2545b - Browse repository at this point
Copy the full SHA 4d2545bView commit details -
Update acceptance/framework/consul/helm_cluster.go
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Configuration menu - View commit details
-
Copy full SHA for 3b154c4 - Browse repository at this point
Copy the full SHA 3b154c4View commit details -
Update acceptance/framework/vault/helpers.go
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Configuration menu - View commit details
-
Copy full SHA for 5069bf2 - Browse repository at this point
Copy the full SHA 5069bf2View commit details -
Update acceptance/tests/snapshot-agent/snapshot_agent_vault_test.go
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Configuration menu - View commit details
-
Copy full SHA for e1e8894 - Browse repository at this point
Copy the full SHA e1e8894View commit details -
Configuration menu - View commit details
-
Copy full SHA for 61db48e - Browse repository at this point
Copy the full SHA 61db48eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 88bd510 - Browse repository at this point
Copy the full SHA 88bd510View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2977131 - Browse repository at this point
Copy the full SHA 2977131View commit details -
Configuration menu - View commit details
-
Copy full SHA for 868f524 - Browse repository at this point
Copy the full SHA 868f524View commit details