Allow specification of client_id by env var #608
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Specifying client_id by env var allows us to pre-populate a namespace
with all the relevant authentication details.
Currently, we have to populate a secret with a private key, and then
create a deployment given the client id. Specifying via an env var would
allow us to create/rotate deployments and credentials independently of each
other.
e.g.
```
env:
- name: CLIENT_ID
valueFrom:
configMapKeyRef:
name: venafi-agent-svc-account
key: client_id
```
Signed-off-by: Adrian Lai <adrian.lai@jetstack.io>
|
@aidy I don't think it's well documented, but you can set the defaults for all the command line flags using PREFLIGHT_INSTALL_NAMESPACE=venafi \
PREFLIGHT_CLIENT_ID=foo \
PREFLIGHT_PRIVATE_KEY_PATH=/dev/null \
./preflight agentI1108 09:13:21.387671 341204 run.go:57] "Starting" logger="Run" version="development" commit=""
I1108 09:13:21.389308 341204 config.go:395] "Using the Venafi Cloud Key Pair Service Account auth mode since --client-id and --private-key-path were specified." logger="Run"
I1108 09:13:21.389392 341204 config.go:479] "ignoring the venafi-cloud.uploader_id field in the config file. This field is not needed in Venafi Cloud Key Pair Service Account mode." logger="Run"
I1108 09:13:21.389408 341204 config.go:531] "Using period from config" logger="Run" period="1m0s"
I1108 09:13:21.389454 341204 config.go:737] "Loading upload_path from \"venafi-cloud\" configuration." logger="Run"
E1108 09:13:21.389576 341204 root.go:53] "Exiting due to error" err=<
While evaluating configuration: validating creds: failed loading config using the Venafi Cloud Key Pair Service Account mode: 1 error occurred:
* while parsing private key file: while decoding the PEM-encoded private key /dev/null, its content were:
> exit-code=1Does that solve your problem? See Lines 37 to 54 in 1f00f09 |
|
I wasn't aware of these env variable either. Thanks for pointing them out, Richard. @aidy Does (We should somehow have these env vars documented somewhere, though) |
|
Hey, I'll close this PR for now. @aidy let me know if you want to re-open it 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Specifying client_id by env var allows us to pre-populate a namespace with all the relevant authentication details.
Currently, we have to populate a secret with a private key, and then create a deployment given the client id. Specifying via an env var would allow us to create/rotate deployments and credentials independently of each other.
e.g.