Skip to content

TrustStore CRD #557

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 99 commits into from
May 7, 2025
Merged

TrustStore CRD #557

merged 99 commits into from
May 7, 2025

Conversation

nightkr
Copy link
Member

@nightkr nightkr commented Jan 29, 2025
edited by siegfriedweber
Loading

Description

Fixes #410.

rust/p12 is imported from hjiayz/p12@9983420 (fff63d1), can't really do much about CLA failures from before that point (and beyond that I've kept the changes fairly minimal to enable our use case). Discussed at https://stackable-workspace.slack.com/archives/C033A863YPL/p1741869321744189.

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes
# Author
- [x] Changes are OpenShift compatible
- [x] CRD changes approved
- [x] CRD documentation for all fields, following the [style guide](https://docs.stackable.tech/home/nightly/contributor/docs/style-guide).
- [x] Helm chart can be installed and deployed operator works
- [x] Integration tests passed (for non trivial changes)
- [x] Changes need to be "offline" compatible

# Reviewer
- [x] Code contains useful comments
- [x] Code contains useful logging statements
- [x] (Integration-)Test cases added
- [x] Documentation added or updated. Follows the [style guide](https://docs.stackable.tech/home/nightly/contributor/docs/style-guide).
- [x] Changelog updated
- [x] Cargo.toml only contains references to git tags (not specific commits or branches)

# Acceptance
- [ ] Feature Tracker has been updated
- [ ] Proper release label has been added
- [ ] [Roadmap](https://github.com/orgs/stackabletech/projects/25/views/1) has been updated

hjiayz and others added 30 commits April 11, 2020 09:46
first commit
f44e0f1
first commit
9ab36c8
allow parse not support type
157460f
allow parse not support type
ed6fdd0
allow parse not support type
8762bd0
allow parse not support type
3585bc3
0.1.2
4be4e3c
update pbepkcs12
55f4ead
update pbepkcs12
810faa0
sdsi cert
49c79c1
0.1.3
88a4226
@hjiayz
fix
e2a7503
@Keruspe
switch to RustCrypto HmacSha1
d750eae 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
switch to getrandom
5ef132e 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
update RustCrypto deps
464e982 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
drop unused block-cipher-trait
de4272f 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
block-modes: update to 0.5.0
b5e2e50 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
rustfmt
2e8a35a 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
update rustcrypto
017b50e 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
Merge pull request #1 from Keruspe/master
6ad0857 
Drop ring dependency and update RustCrypto
@hjiayz
version 0.2.0
f48e223
@Keruspe
update crypto dependencies
02c5c97 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
update crypto dependencies
e372089 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
update yasna
f30063c 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
rename to pkcs-12
1c6f637 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
version 0.3.0
1d3fbd9 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
require yasna with std feature
5c0018e 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
version 0.3.1
885484a 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@Keruspe
add CI
dc0fad4 
Signed-off-by: Marc-Antoine Perennou <[email protected]>
@hjiayz
Merge pull request #2 from Keruspe/crypto
5e3179a 
update crypto dependencies
siegfriedweber
siegfriedweber requested changes Mar 27, 2025
View reviewed changes
Copy link
Member

@siegfriedweber siegfriedweber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The following questions are open:

I did not review the complete p12 directory, but only the changes to v0.6.3.

nightkr added 3 commits April 10, 2025 12:27
@nightkr
Switch truststore.adoc to line-per-sentence
6769659
@nightkr
Normalize FULL_CONTROLLER_NAME
b969a76
@nightkr
Propagate secondary_object information through backends
dfe6427 
This is currently only used by the TrustStore controller, but would also
be a step towards exposing the same info for the CSI endpoints in the future.
@nightkr nightkr requested a review from siegfriedweber April 11, 2025 13:19
siegfriedweber
siegfriedweber requested changes Apr 14, 2025
View reviewed changes
@nightkr
Copy link
Member Author

nightkr commented Apr 14, 2025

Ah didn't see #410 (comment) - replying to that in there.

siegfriedweber
siegfriedweber previously approved these changes Apr 14, 2025
View reviewed changes
Copy link
Member

@siegfriedweber siegfriedweber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nightkr nightkr enabled auto-merge April 14, 2025 09:08
@sbernauer sbernauer requested a review from lfrancke April 28, 2025 07:05
@lfrancke
Copy link
Member

I'm not super happy mixing licenses in a single repo (I do understand that we already implicitly do by having dependencies to otherwise licensed items but tooling wise that is different).
I looked at it and it looks like we follow the license properly, haven't removed anything, attribution etc. is there but I see the danger of someone accidentally cleaning something up at some point....

I'm unsure.

@soenkeliebau Opinions?

@soenkeliebau
Copy link
Member

I'm inclined to vote with "perfect is the enemy of done" here and leave it as is..
Otherwise we'd have to move the fork into a repo of its own, patch the toml and have one more thing we need to version .. not terrible probably, but neither is the risk I see by having it in here.

One other idea I had was to use something like https://github.com/itmettkeDE/cargo-patch but that'll probably play havoc with SBOMs etc..

As I said, I struggle to have a strong opinion.

@lfrancke lfrancke disabled auto-merge May 7, 2025 10:07
@lfrancke lfrancke merged commit 294fd97 into main May 7, 2025
16 of 17 checks passed
@lfrancke lfrancke deleted the feature/truststore-crd branch May 7, 2025 10:07
@sbernauer sbernauer mentioned this pull request May 8, 2025
Open
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@siegfriedweber siegfriedweber siegfriedweber approved these changes

@lfrancke lfrancke Awaiting requested review from lfrancke

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow customers to request CA cert (e.g. for external clients)
9 participants
@nightkr @stackable-bot @lfrancke @soenkeliebau @siegfriedweber @hjiayz @Keruspe @ubamrein @jcaesar