feat: add compatibility check in KMP while fetching certs/keys [multi-tenancy PR 6] #1395

binbin-li · 2024-04-15T08:38:27Z

Description

What this PR does / why we need it:

This is the 6th PR for multi-tenancy support. Please review #1382 first. Check diff between PR 5 and PR 6 at: binbin-li#121

Add context.Context to GetCerts and GetKeys methods so that it can fetch the namespace and check the compatibility of verifier against trust store.
Add missing DeleteKeysFromMap step in controller.

Which issue(s) this PR fixes (optional, using `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when the PR gets merged):

Fixes #

Type of change

Please delete options that are not relevant.

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

Test A
Test B

Checklist:

Does the affected code have corresponding tests?
Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
Does this introduce breaking changes that would require an announcement or bumping the major version?
Do all new files have appropriate license header?

Post Merge Requirements

MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

codecov · 2024-04-15T08:42:43Z

Codecov Report

Attention: Patch coverage is 50.00000% with 8 lines in your changes are missing coverage. Please review.

❗ No coverage uploaded for pull request base (dev@c5f252d). Click here to learn what that means.

❗ Current head 05e34fa differs from pull request most recent head 5dc63d0. Consider uploading reports for the commit 5dc63d0 to get more accurate results

Files	Patch %	Lines
...kg/controllers/keymanagementprovider_controller.go	42.85%	4 Missing ⚠️
pkg/keymanagementprovider/keymanagementprovider.go	50.00%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@          Coverage Diff           @@
##             dev    #1395   +/-   ##
======================================
  Coverage       ?   65.53%           
======================================
  Files          ?      109           
  Lines          ?     5586           
  Branches       ?        0           
======================================
  Hits           ?     3661           
  Misses         ?     1568           
  Partials       ?      357

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

pkg/customresources/keymanagementproviders/api.go

pkg/customresources/keymanagementproviders/kmpcertmanager.go

pkg/verifier/notation/truststore.go

pkg/customresources/keymanagementproviders/kmpcertmanager.go

binbin-li · 2024-04-25T09:49:30Z

Rebased to resolve conflicts.

binbin-li · 2024-04-25T14:27:45Z

Added context to GetKeys so that namespace could be passed to trustPolicy.

binbin-li requested review from akashsinghal, jimmyraywv, luisdlp, susanshi and toddysm as code owners April 15, 2024 08:38

akashsinghal assigned binbin-li Apr 15, 2024

binbin-li force-pushed the multi-tenancy-pr-6 branch from 6596383 to a468944 Compare April 16, 2024 06:15

binbin-li changed the title ~~[WIP] feat: add KMPManager interface to wrap operations on namespaced kmp [multi-tenancy PR 5]~~ [WIP] feat: add KMPManager interface to wrap operations on namespaced kmp [multi-tenancy PR 6] Apr 16, 2024

binbin-li force-pushed the multi-tenancy-pr-6 branch from a468944 to 8bc8bed Compare April 16, 2024 09:13

binbin-li changed the title ~~[WIP] feat: add KMPManager interface to wrap operations on namespaced kmp [multi-tenancy PR 6]~~ feat: add KMPCertManager/KMPKeyManager interface to wrap operations on namespaced kmp [multi-tenancy PR 6] Apr 16, 2024

binbin-li force-pushed the multi-tenancy-pr-6 branch 3 times, most recently from e6eff7c to 226d4fc Compare April 17, 2024 06:27