feat: allow usage of existing secret for preshared keys#196
Closed
bogirstc wants to merge 1 commit intoopenfga:mainfrom
bogirstc:feat/preshared-keys-secret
Closed
feat: allow usage of existing secret for preshared keys#196bogirstc wants to merge 1 commit intoopenfga:mainfrom bogirstc:feat/preshared-keys-secret
bogirstc wants to merge 1 commit intoopenfga:mainfrom
bogirstc:feat/preshared-keys-secret
Conversation
| "string", | ||
| "null" | ||
| ], | ||
| "description": "the secret name where to get the preshared keys, it expects a key named 'presharedKeys' to exist in the secret containing a comma-separated list of keys" |
Contributor
There was a problem hiding this comment.
I would clarify in the description that if authn.method=preshared we need either this or the other property, it would be good to update the description of preshared.keys as well to reflect that there are two ways to pass them with this change.
| valueFrom: | ||
| secretKeyRef: | ||
| name: "{{ .Values.authn.preshared.keysSecret }}" | ||
| key: "presharedKeys" |
Contributor
There was a problem hiding this comment.
to be consistent, I would name the key in the secret keys since the secret's purpose is already to pass preshared keys, what do you think?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Allow usage of existing secret that contains the pre-shared keys.
Description
Extending the Helm chart with the option to read the pre-shared keys from a Kubernetes secret.
The secret is expected to have the
presharedKeyskey which will contain the keys themselves.The functionality is the same as for
datastore.uriSecret.References
#175
#188