Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix (kms): properly reconcile DEKs for existing scopes #1976

Merged
merged 4 commits into from
Apr 12, 2022
Merged

fix (kms): properly reconcile DEKs for existing scopes #1976

merged 4 commits into from
Apr 12, 2022

Conversation

jimlambrt
Copy link
Collaborator

When new DEKs are added to boundary we need to ensure that the keys
for existing scopes are reconciled.

This fix should address:
#1856

@jimlambrt
fix (kms): properly reconcile DEKs for existing scopes
bb3de33 
When new DEKs are added to boundary we need to ensure that the keys
for existing scopes are reconciled.

This fix should address:
#1856
@jimlambrt jimlambrt added this to the 0.8.0 milestone Apr 6, 2022
@jimlambrt jimlambrt requested review from jefferai and tmessi April 6, 2022 20:46
johanbrandhorst
johanbrandhorst previously approved these changes Apr 6, 2022
View reviewed changes
Copy link
Collaborator

@johanbrandhorst johanbrandhorst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reserve business logic judgment as I don't feel I have enough context.

jefferai
jefferai reviewed Apr 12, 2022
View reviewed changes
internal/kms/kms.go
//
// NOTE: don't add an audit key here since it can only be created in
// the global scope.
KeyPurposeOidc,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we already creating OIDC DEKs for non-global/org scopes? If not we may want a check here since this will be called with all scopes from the controller New function.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are calling kms.CreateKeysTx(...) every time we create a new scope.

jefferai
jefferai approved these changes Apr 12, 2022
View reviewed changes
Copy link
Member

@jefferai jefferai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved pending a check on if oidc keys are supposed to be getting created in project scopes.

@jimlambrt jimlambrt merged commit 8895bc0 into main Apr 12, 2022
@jimlambrt jimlambrt deleted the jimlambrt-kms-reconcile branch April 12, 2022 13:20
@jimlambrt jimlambrt mentioned this pull request Apr 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johanbrandhorst johanbrandhorst johanbrandhorst approved these changes

@tmessi tmessi tmessi approved these changes

@jefferai jefferai jefferai approved these changes

Assignees
No one assigned
Labels
core/kms core/servers core
Projects
None yet
Milestone
0.8.0
Development

Successfully merging this pull request may close these issues.
4 participants
@jimlambrt @jefferai @tmessi @johanbrandhorst