Skip to content

feat: add secret lifetime field #908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

feat: add secret lifetime field #908

wants to merge 4 commits into from
+64 −1

Conversation

razvan
Copy link
Member

@razvan razvan commented Nov 19, 2024
edited
Loading

Description

Part of: stackabletech/issues#586

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes
# Author
- [ ] Changes are OpenShift compatible
- [ ] CRD changes approved
- [ ] Integration tests passed (for non trivial changes)

# Reviewer
- [ ] Code contains useful comments
- [ ] (Integration-)Test cases added
- [ ] Documentation added or updated
- [ ] Changelog updated
- [ ] Cargo.toml only contains references to git tags (not specific commits or branches)

# Acceptance
- [ ] Feature Tracker has been updated
- [ ] Proper release label has been added

This was referenced Nov 20, 2024
Closed
Closed
Techassi
Techassi reviewed Nov 20, 2024
View reviewed changes
crates/stackable-operator/src/role_utils.rs
/// Currently this property covers self signed certificates but in the future it may be extended to other
/// secret types such as Kerberos keytabs.
#[serde(default = "default_min_secret_lifetime")]
pub min_secret_lifetime: Duration,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: Why do we use min_secret_lifetime here instead of just secret_lifetime to be inline with secrets.stackable.tech/backend.autotls.cert.lifetime?

question: Also, do we want it to be about all secrets? Or do we want to support scoped lifetimes for different types of (future) secrets? A more appropriate name would then be cert_lifetime for example.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the corresponding proposal I try to explain the reasoning for naming. Other suggestions are welcome though.

As you mention, the idea is that Pod restarts due to secret expiration should be easily understood and transparent from a user's perspective regardless of the type of secrets.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you mention, the idea is that Pod restarts due to secret expiration should be easily understood and transparent from a user's perspective regardless of the type of secrets.

Yeah that makes sense. On the other hand, I can see users wanting different lifetimes for different secrets (if there eventually will be multiple ones for a single group). So a less generic name might be something we have to think about.

Also, why do we prefix the field with min_? It is the lifetime of the secret, not a minimal lifetime which could be longer. Pods will get restarted at exactly at the lifetimes interval.

Copy link
Member

@Techassi Techassi Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: I'll link this discussion in the proposal.

@razvan
Copy link
Member Author

razvan commented Nov 27, 2024

closing as the corresponding proposal is rejected.

@razvan razvan closed this Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Techassi Techassi Techassi left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@razvan @Techassi