feat(credentials): Implement declarative stored credentials #857
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
needs-triage
andrewazores
removed
the
needs-triage
| private void createFromFile(java.nio.file.Path path) { | ||
| try (var is = new BufferedInputStream(Files.newInputStream(path))){ | ||
| var credential = mapper.readValue(is, Credential.class); | ||
| var exists = Credential.find("id", credential.id).count() != 0; |
There was a problem hiding this comment.
I'm not sure about checking for the IDs like this. The database will assign the IDs when the credentials are created, so I think this scheme can likely lead to duplicates getting created. If I manually create a Credential via API and it gets ID 1, then I shut the system down and put in a different declarative Credential definition with ID 1 into the directory, this will incorrectly reject the new declarative Credential even though it is actually new and different.
I think the right thing to do here is parse the declaratively defined Credentials, then check the database if any Credential exists with the exact same <username, password, matchExpression> - this tuple is what really defines the Credential.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses #728
Creates a new credentials volume that is scanned for json representations of stored credentials, persisting them to the database if they aren't a duplicate.
Opening as draft for the moment pending the corresponding helm/operator implementations.