Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(conf): allow *_cert and *_cert_key to be stored in environment variables and vaults #9253

Merged
merged 7 commits into from
Oct 4, 2022
Merged

feat(conf): allow *_cert and *_cert_key to be stored in environment variables and vaults #9253

merged 7 commits into from
Oct 4, 2022

Commits on Oct 4, 2022

  1. feat(conf): allow *_cert and *_cert_key to be stored in environment v… 

    …ariables and vaults

### Summary

Allow several `kong.conf` values to be stored in vaults or environment variables:

- `ssl_cert`
- `ssl_cert_key`
- `admin_ssl_cert`
- `admin_ssl_cert_key`
- `status_ssl_cert`
- `status_ssl_cert_key`
- `cluster_cert`
- `cluster_cert_key`
- `client_ssl_cert`
- `client_ssl_cert_key`

#### Usage

The following is possible after this is commit is merged:

```bash
CERT=$(<cert.crt)                  \ # normal environment variable intialized from file
KONG_SSL_CERT="{vault://env/cert}" \ # a secret reference using env vault
KONG_SSL_CERT_KEY="$(<cert.key)"   \ # reading content of file to env var
kong start
```
    @bungle
    bungle committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    85773e3 View commit details
    Browse the repository at this point in the history

  2. feat(conf): add support for remaining variables (#9352) 

    * move creation of certificate and key files in a separate block
* add file creation for the remaining certs and keys: cluster_ and client_
* update configuration with generated path for cluster_* and client_*
    @samugi @bungle
    samugi authored and bungle committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    75ed6bb View commit details
    Browse the repository at this point in the history

  3. feat(conf): support base64 encoded *_cert and *_cert_key (#9367) 

    * support base64 encoded *_cert and *_cert_key
* support base64url encoding

This adds a test case to ensure base64 encoded properties are corectly
parsed and decoded.
    @samugi @bungle
    samugi authored and bungle committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    026b86b View commit details
    Browse the repository at this point in the history

  4. feat(conf): add cluster_ca_cert, ssl_dhparam, lua_ssl_trusted_certifi… 

    …cate

This adds  to
the supported properties that can be assigned via environment variables
or vault.
    @samugi @bungle
    samugi authored and bungle committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    9dd92c2 View commit details
    Browse the repository at this point in the history

  5. feat(conf): more test cases 

    * test all base64 decodings
* test that properties passed as content result in files being stored
    @samugi @bungle
    samugi authored and bungle committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    c52d0f9 View commit details
    Browse the repository at this point in the history

  6. feat(conf): safe base64 and tests 

    * base64 conversion is moved later in the flow in order to make
  it safer, so that values like system are not attempted to
  be decoded
* test coverage for the content of the created files
* refactoring
    @samugi @bungle
    samugi authored and bungle committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    bb9fcb1 View commit details
    Browse the repository at this point in the history

  7. docs(conf): kong.conf.default and CHANGELOG.md updates 

    Update kong.conf.default to reflect the fact some properties
can be configured directly via content or base64
    @samugi @bungle
    samugi authored and bungle committed Oct 4, 2022
    Configuration menu
    Copy the full SHA
    f87af24 View commit details
    Browse the repository at this point in the history