Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

References for intermediate ca creation #40

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

tschlaepfer
Copy link

Description of your changes

This change introduces a new reference parameter for the SecretBackendRootSignIntermediate and SecretBackendIntermediateSetSigned objects which enables the creation of a CA certificate chain using the HashiCorp Vault provider.

For the SecretBackendRootSignIntermediate object, the new parameter allows to reference a SecretBackendIntermediateCertRequest object, from which the "csr" parameter is fetched.

For the SecretBackendIntermediateSetSigned object, the new parameter allows to reference a SecretBackendIntermediateSetSigned object, from which the "certificate" parameter is fetched.

The MR also includes an example of creating a CA chain using the new reference parameters.

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable test to ensure this PR is ready for review. -> But failed with golangci-lint error: panic: load embedded ruleguard rules: rules/rules.go:13: can't load fmt

How has this code been tested

I ran the provider locally against my k8s cluster, where I deployed the ca-chain.yaml example provided in the MR. The code works as expected, I've attached two screenshots from the SecretBackendRootSignIntermediate & SecretBackendIntermediateSetSigned objects using the new csrRef and certificateRef parameters.

Screenshot 2024-07-09 at 08 56 07

Screenshot 2024-07-09 at 08 55 46

Tobias Schlaepfer added 2 commits July 9, 2024 08:51
…ermediate ca certificate to a pki backend

Signed-off-by: Tobias Schlaepfer <[email protected]>
Signed-off-by: Tobias Schlaepfer <[email protected]>
@jeanduplessis
Copy link
Contributor

@tschlaepfer apologies for the delay in getting to this. If you're still interested in pushing this PR forward, would you mind rebasing this PR to resolve conflicts and validate it now that we've released v2.0.0 of the provider.

@tschlaepfer
Copy link
Author

@jeanduplessis Yes I'm happy to move this PR forward. However, I would need #50 to be merged first as I run into the same issue in my setup.

@sergenyalcin
Copy link
Member

@tschlaepfer #50 merged just now.

@tschlaepfer
Copy link
Author

@jeanduplessis, @sergenyalcin I have updated my branch with the latest code changes and have locally tested the provider. I can confirm that #50 fixes the authentication issue and my code is also working as expected with the latest changes.

Please review the changes and let me know if there are any issues with my code.

Screenshot 2025-01-10 at 17 22 21 Screenshot 2025-01-10 at 17 23 05

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants