Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of auth/kubernetes: support for dynamically reloading short-lived tokens into release/1.9.x #13698

Merged
merged 5 commits into from
Jan 22, 2022
Merged

Backport of auth/kubernetes: support for dynamically reloading short-lived tokens into release/1.9.x #13698

merged 5 commits into from
Jan 22, 2022

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #13595 to be assessed for backporting due to the inclusion of the label backport/1.9.x.

WARNING automatic cherry-pick of commits failed. Commits will require human attention.

The below text is copied from the body of the original PR.

This change is continuation to hashicorp/vault-plugin-auth-kubernetes#122 where support was added for dynamically reloading Kubernetes short-lived tokens for better Kubernetes 1.21+ compatibility. This change takes the feature into use in Vault.

  • Uplift new version of Kubernetes auth plugin that does not store the service account token persistently to Vault storage.
  • Update the documentation to recommend local token again when running Vault inside cluster.

Fixes #12855

Signed-off-by: Tero Saarni [email protected]

@hashicorp-cla
Copy link

hashicorp-cla commented Jan 19, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@vercel vercel bot temporarily deployed to Preview – vault-storybook January 19, 2022 00:34 Inactive
@vercel vercel bot temporarily deployed to Preview – vault January 19, 2022 00:36 Inactive
@tvoran tvoran added this to the 1.9.3 milestone Jan 19, 2022
@tvoran
Copy link
Member

tvoran commented Jan 19, 2022

Just waiting on backporting to the kubernetes plugin's release branch, then I'll update this one.

@vercel vercel bot temporarily deployed to Preview – vault January 19, 2022 21:26 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook January 19, 2022 21:26 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook January 19, 2022 21:28 Inactive
tsaarni and others added 3 commits January 19, 2022 13:50
@tsaarni @tvoran
auth/kubernetes: support for dynamically reloading short-lived tokens (
f30e438 
…#13595)

* auth/kubernetes: support for short-lived tokens

* Uplift new version of Kubernetes auth plugin that does not store the
  service account token persistently to Vault storage.

* Update the documentation to recommend local token again when running
  Vault inside cluster.

Signed-off-by: Tero Saarni <[email protected]>

* Added changelog entry

Signed-off-by: Tero Saarni <[email protected]>

* clarification to changelog entry, executed go mod tidy

* clarifications and added targeted release version
@tvoran
update available version to 1.9.3+ and changelog
e625b7e 
renamed changelog file to the backport pr number.
@tvoran
update go.mod to [email protected]
5cbc6de 
go get github.com/hashicorp/[email protected]
go mod tidy
@tvoran tvoran force-pushed the backport/tsaarni/issue12855/similarly-rare-dove branch from ceae8da to 5cbc6de Compare January 19, 2022 22:51
@vercel vercel bot temporarily deployed to Preview – vault-storybook January 19, 2022 22:51 Inactive
@vercel vercel bot temporarily deployed to Preview – vault January 19, 2022 22:51 Inactive
@tvoran tvoran requested review from tomhjp and imthaghost January 19, 2022 23:29
@vercel vercel bot temporarily deployed to Preview – vault-storybook January 21, 2022 06:56 Inactive
@tvoran tvoran force-pushed the backport/tsaarni/issue12855/similarly-rare-dove branch from 999be69 to b68a204 Compare January 21, 2022 07:04
@vercel vercel bot temporarily deployed to Preview – vault-storybook January 21, 2022 07:04 Inactive
@tvoran
Copy link
Member

tvoran commented Jan 21, 2022

Ok, I think this one is ready to go.

@tvoran tvoran merged commit 38c074a into release/1.9.x Jan 22, 2022
@tvoran tvoran deleted the backport/tsaarni/issue12855/similarly-rare-dove branch January 22, 2022 00:30
@sudermanjr
Copy link

Is there a way to use this currently via publicly-available images? I seem to see it should be available when 1.9.3 is released, but I got myself into a bit of a bind and could definitely use the fix sooner if there's an image available. I would also be very happy to test out a release candidate if one becomes available.

@tvoran
Copy link
Member

tvoran commented Jan 27, 2022

Hi @sudermanjr, unfortunately I don't think we're publishing any pre-release images yet. And yes, this change will be included in the 1.9.3 release, which should come out soon.

@tvoran tvoran mentioned this pull request Jan 31, 2022
Merged
@thiskevinwang thiskevinwang mentioned this pull request Apr 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomhjp tomhjp tomhjp approved these changes

@tvoran tvoran Awaiting requested review from tvoran

@taoism4504 taoism4504 Awaiting requested review from taoism4504

@imthaghost imthaghost Awaiting requested review from imthaghost

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.9.3
Development

Successfully merging this pull request may close these issues.
6 participants
@hc-github-team-secure-vault-core @hashicorp-cla @tvoran @sudermanjr @tomhjp @tsaarni