Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct annotations for certificates generated via vault intermediate CA #1544

Merged
merged 20 commits into from
Feb 6, 2024
Merged

Correct annotations for certificates generated via vault intermediate CA #1544

merged 20 commits into from
Feb 6, 2024

Conversation

mr-miles
Copy link
Contributor

This closes #1540

Note to reviewers: remember to look at the commits in this PR and consider if they can be squashed

Summary Of Changes

  • Add an optional PKIRootPath field to RabbitMqCluster.SecretsBackend.Vault.VaultTLSSpec
  • Generate vault server certificate templates that handle intermediate certificates
  • Add to unit tests

Local Testing

Please ensure you run the unit, integration and system tests before approving the PR.

To run the unit and integration tests:

$ make unit-tests integration-tests

You will need to target a k8s cluster and have the operator deployed for running the system tests.

For example, for a Kubernetes context named dev-bunny:

$ kubectx dev-bunny
$ make destroy deploy-dev
# wait for operator to be deployed
$ make system-tests

@Zerpet Zerpet self-assigned this Jan 31, 2024
@Zerpet
Copy link
Collaborator

Zerpet commented Jan 31, 2024

hey @mr-miles, thank you for this contribution. This looks good to me as is. Do you have any further work in mind before marking this as ready for review?

@Zerpet
Copy link
Collaborator

Zerpet commented Jan 31, 2024

CI failed in go vet ./...

go vet ./...
# github.com/rabbitmq/cluster-operator/v2/api/v1beta1
Error: vet: api/v1beta1/rabbitmqcluster_types_test.go:454:27: fetchedRabbit.SecretBackend undefined (type *RabbitmqCluster has no field or method SecretBackend)

@mr-miles
Copy link
Contributor Author

HI @Zerpet

Sorry, needed to rebuild my laptop halfway through so it was not an easy ride for such a small change! Tests now all pass so I am marking this as ready for review.

Thanks for following up!

@mr-miles mr-miles marked this pull request as ready for review January 31, 2024 22:31
Zerpet
Zerpet approved these changes Feb 6, 2024
View reviewed changes
Copy link
Collaborator

@Zerpet Zerpet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you!

@Zerpet Zerpet merged commit be674d6 into rabbitmq:main Feb 6, 2024
@Zerpet Zerpet added this to the 2.8.0 milestone Feb 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zerpet Zerpet Zerpet approved these changes

Assignees

@Zerpet Zerpet

Labels
None yet
Projects
None yet
Milestone
2.8.0
Development

Successfully merging this pull request may close these issues.

Vault secret backend templates break when using certs issued by an intermediate CA
2 participants
@mr-miles @Zerpet