References for intermediate ca creation#40
Conversation
…ermediate ca certificate to a pki backend Signed-off-by: Tobias Schlaepfer <tobias.schlaepfer@4data.ch>
Signed-off-by: Tobias Schlaepfer <tobias.schlaepfer@4data.ch>
|
@tschlaepfer apologies for the delay in getting to this. If you're still interested in pushing this PR forward, would you mind rebasing this PR to resolve conflicts and validate it now that we've released v2.0.0 of the provider. |
|
@jeanduplessis Yes I'm happy to move this PR forward. However, I would need #50 to be merged first as I run into the same issue in my setup. |
|
@tschlaepfer #50 merged just now. |
|
@jeanduplessis, @sergenyalcin I have updated my branch with the latest code changes and have locally tested the provider. I can confirm that #50 fixes the authentication issue and my code is also working as expected with the latest changes. Please review the changes and let me know if there are any issues with my code. 
|
|
@tschlaepfer would you mind having a look at the conflicts. Yo might need to rebase your branch on the latest in main and run |
|
|
Signed-off-by: Tobias Schlaepfer <tobias.schlaepfer@4data.ch>
…ediate-ca-creation
|
@jeanduplessis Any chance this gets merged into the provider any time soon? |
|
@tschlaepfer it looks like you might need to run |
Signed-off-by: Tobias Schlaepfer <tobias.schlaepfer@iothentix.ch>
|
@jeanduplessis Thanks for the quick reply, I have updated the branch with the changes from |
|
@tschlaepfer I checked out your branch locally and ran Did you by any chance edit these generated files manually in your branch?
|
|
@jeanduplessis No I have not manually updated these files: I did run |
|
@sergenyalcin @turkenf any idea what could be happening here? |
|
@tschlaepfer, problems like this can usually be caused by incompatibilities between the project and the local environment. First, please check your go version. |
|
@jeanduplessis @turkenf I checked my environment, I have GOTOOLCHAIN set to go1.23.6 and on my host I also use go@1.23 (installed with brew). I'm not a Go expert please let me know if there is any other place I should check. Is it possible that the tests are using the wrong Go version? If I look at the output of the pipeline I see Go 1.21 used, but the Makefile specifies 1.23 as required. |
I don't think the problem stems from that, if it was, the diff wouldn't have been visible in Jean's local env. |
|
Replaced by #73 |
5 participants
Description of your changes
This change introduces a new reference parameter for the SecretBackendRootSignIntermediate and SecretBackendIntermediateSetSigned objects which enables the creation of a CA certificate chain using the HashiCorp Vault provider.
For the SecretBackendRootSignIntermediate object, the new parameter allows to reference a SecretBackendIntermediateCertRequest object, from which the "csr" parameter is fetched.
For the SecretBackendIntermediateSetSigned object, the new parameter allows to reference a SecretBackendIntermediateSetSigned object, from which the "certificate" parameter is fetched.
The MR also includes an example of creating a CA chain using the new reference parameters.
I have:
make reviewable testto ensure this PR is ready for review. -> But failed with golangci-lint error: panic: load embedded ruleguard rules: rules/rules.go:13: can't load fmtHow has this code been tested
I ran the provider locally against my k8s cluster, where I deployed the ca-chain.yaml example provided in the MR. The code works as expected, I've attached two screenshots from the SecretBackendRootSignIntermediate & SecretBackendIntermediateSetSigned objects using the new csrRef and certificateRef parameters.