Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new role parameter to specify the k8s role ref type #49

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add new role parameter to specify the k8s role ref type #49

wants to merge 1 commit into from

Conversation

refucktor
Copy link

Overview

What is the change?

  • Add a new parameter to the vault k8s secrets role allowing to specify the type (Role / ClusterRole) of the role reference used in the final RoleBinding / ClusterRoleBinding

Why is the change needed?
The reasons are explained in this issue hashicorp/vault/issues/25579
As a summary, if I want to use a k8s ClusterRole in the kubernetes_role_name but the vault secrets role has the parameter kubernetes_role_type set to Role, then the final RoleBinding is using a Role in the ref, therefore the binding is incorrect

Design of Change

How was this change implemented?

  • Add a new parameter to the Vault K8s Secrets Role called kubernetes_role_ref_type with possible values Role or ClusterRole
  • During secrets role creation, the value for the new parameter will be set to match the parameter kubernetes_role_type
  • During the credentials creation for the workflow where the kubernetes_role_name is specified, the RoleRef used in the binding take the new parameter (kubernetes_role_ref_type) to populate the type

Related Issues/Pull Requests

[x] hashicorp/vault Issue #25579
[x] hashicorp/vault-plugin-secrets-kubernetes Issue #48

Contributor Checklist

[x] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
Vault Docs PR
[ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
[x] Backwards compatible

@hashicorp-cla
Copy link

hashicorp-cla commented Feb 22, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@refucktor refucktor mentioned this pull request Feb 22, 2024
Merged
@refucktor
Copy link
Author

any update on this topic???

@refucktor refucktor force-pushed the feature/customize-rolebinding-reference branch from 8744ea2 to ce33ace Compare March 11, 2024 23:30
Merged
@refucktor refucktor force-pushed the feature/customize-rolebinding-reference branch from 0f04682 to d7cf5c4 Compare September 13, 2024 13:53
@refucktor refucktor requested a review from a team as a code owner September 13, 2024 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@refucktor @hashicorp-cla