Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: add -jwks-ca-file to Vault/Consul setup commands #20518

Merged
merged 1 commit into from
May 3, 2024
Merged

cli: add -jwks-ca-file to Vault/Consul setup commands #20518

merged 1 commit into from
May 3, 2024

Conversation

tgross
Copy link
Member

@tgross tgross commented May 2, 2024

When setting up auth methods for Consul and Vault in production environments, we can typically assume that the CA certificate for the JWKS endpoint will be in the host certificate store (as part of the usual configuration management cluster admins needs to do). But for quick demos with -dev agents, this won't be the case.

Add a -jwks-ca-file parameter to the setup commands so that we can use this tool to quickly setup WI with -dev agents running TLS.

@tgross tgross force-pushed the jwks-setup-cacert branch from 6815427 to c1494b9 Compare May 2, 2024 19:57
@tgross
cli: add -jwks-ca-file to Vault/Consul setup commands
c5b6e48 
When setting up auth methods for Consul and Vault in production environments, we
can typically assume that the CA certificate for the JWKS endpoint will be in
the host certificate store (as part of the usual configuration management
cluster admins needs to do). But for quick demos with `-dev` agents, this won't
be the case.

Add a `-jwks-ca-file` parameter to the setup commands so that we can use this
tool to quickly setup WI with `-dev` agents running TLS.
@tgross tgross force-pushed the jwks-setup-cacert branch from c1494b9 to c5b6e48 Compare May 2, 2024 20:14
@tgross tgross marked this pull request as ready for review May 2, 2024 20:25
@tgross tgross added this to the 1.8.0 milestone May 2, 2024
@tgross tgross mentioned this pull request May 2, 2024
Merged
pkazmierczak
pkazmierczak approved these changes May 3, 2024
View reviewed changes
Copy link
Contributor

@pkazmierczak pkazmierczak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tgross tgross added the backport/1.7.x backport to 1.7.x release line label May 3, 2024
@tgross tgross merged commit f9dd120 into main May 3, 2024
21 checks passed
@tgross tgross deleted the jwks-setup-cacert branch May 3, 2024 12:26
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request May 3, 2024
Merged
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 10, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@pkazmierczak pkazmierczak pkazmierczak approved these changes

@Juanadelacuesta Juanadelacuesta Awaiting requested review from Juanadelacuesta

@angrycub angrycub Awaiting requested review from angrycub

@gulducat gulducat Awaiting requested review from gulducat

Assignees
No one assigned
Labels
backport/1.7.x backport to 1.7.x release line theme/cli theme/consul theme/vault
Projects
None yet
Milestone
1.8.0
Development

Successfully merging this pull request may close these issues.
2 participants
@tgross @pkazmierczak