Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: make default WorkloadSecretIDs unique per k8s object #1127

Merged
merged 2 commits into from
Jan 9, 2025
Merged

cli: make default WorkloadSecretIDs unique per k8s object #1127

merged 2 commits into from
Jan 9, 2025

Conversation

burgerdev
Copy link
Contributor

@burgerdev burgerdev commented Jan 8, 2025
edited by katexochen
Loading

Contrast configures the manifest with a default WorkloadSecretID per k8s object. The current default is simply the object name, which can be problematic if multiple objects (e.g. different kinds) share a name.

Combining the default workload secret ID from group, version, kind, namespace and name should ensure different k8s objects get different workload secrets.

@burgerdev burgerdev added the breaking change A user-affecting breaking change label Jan 8, 2025
@burgerdev burgerdev requested a review from katexochen January 8, 2025 11:34
@burgerdev burgerdev added no changelog PRs not listed in the release notes backport release/v1.2 and removed breaking change A user-affecting breaking change labels Jan 8, 2025
@burgerdev burgerdev changed the title cli: don't assign default WorkloadSecretIDs cli: make default WorkloadSecretIDs unique per k8s object Jan 8, 2025
@burgerdev burgerdev added bug fix Fixing a user facing bug and removed no changelog PRs not listed in the release notes labels Jan 8, 2025
@burgerdev burgerdev requested a review from jmxnzo January 9, 2025 09:26
@burgerdev burgerdev marked this pull request as ready for review January 9, 2025 09:26
katexochen
katexochen approved these changes Jan 9, 2025
View reviewed changes
Copy link
Member

@katexochen katexochen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks! remember to squash the fixup.

@burgerdev burgerdev merged commit 59cacc3 into main Jan 9, 2025
10 checks passed
@burgerdev burgerdev deleted the burgerdev/secrets branch January 9, 2025 12:12
@edgelessci
Copy link
Contributor

Backport failed for release/v1.2, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release/v1.2
git worktree add -d .worktree/backport-1127-to-release/v1.2 origin/release/v1.2
cd .worktree/backport-1127-to-release/v1.2
git switch --create backport-1127-to-release/v1.2
git cherry-pick -x 399ac4bc47adb8655595847ae246ea50a2cc12d7 59cacc33bfa24576604d71b8d3de819b0bba82be

@burgerdev burgerdev mentioned this pull request Jan 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katexochen katexochen katexochen approved these changes

@jmxnzo jmxnzo Awaiting requested review from jmxnzo

Assignees
No one assigned
Labels
backport release/v1.2 bug fix Fixing a user facing bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@burgerdev @edgelessci @katexochen