-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add vault-kv interface #97
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vault-kv reflects the interface purpose better than `secrets`
6 tasks
gruyaume
suggested changes
Aug 21, 2023
ghislainbourgeois
suggested changes
Aug 21, 2023
gruyaume
suggested changes
Aug 22, 2023
Vault documentation refers to kv_mountpoint as `mounts`, let's reflect that in the relation data. A `mount` shall respect the following pattern: charm-<requirer app>-<user provided suffix>
Credentials intermediate class is unnecessary. Fix typo in databag example
Looks like we need an entry in the top-level README too :) |
gruyaume
previously requested changes
Aug 24, 2023
Refactor credentials: role_id and role_secret_id will be passed as a Juju secret. Elaborate on egress_subnet: usage of role_id and role_secret_id is restricted to unit's egress_subnet, meaning only the designated can use this tuple of credentials. Change category: Move `vault-kv` from Storage to Security
Renaming role_id to role-id and role_secret_id to role-secret-id
gboutry
added a commit
to gboutry/vault-k8s-operator
that referenced
this pull request
Aug 25, 2023
Refactoring vault-kv interface based on comments from canonical/charm-relation-interfaces#97 Added unit tests for charm behavior Added unit tests for vault-kv interface
gruyaume
reviewed
Aug 25, 2023
simskij
requested changes
Aug 28, 2023
javacruft
reviewed
Aug 29, 2023
javacruft
reviewed
Aug 29, 2023
In case of CMRs, the provider will see an obfuscated name for an unit, which will cause the requiring to fail fetching its credentials from the relation. A requiring unit has to provide a unique string that will be used to store the secret in the relation data, allowing this unit to fetch the secret at a later time. Rename <user provided suffix> to <requirer provided suffix>.
ghislainbourgeois
approved these changes
Sep 6, 2023
simskij
approved these changes
Sep 13, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add vault-kv interface