Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes: set secret immutable by default for version >= 1.21 #1091

Merged
merged 1 commit into from
Nov 22, 2021
Merged

Kubernetes: set secret immutable by default for version >= 1.21 #1091

merged 1 commit into from
Nov 22, 2021

Conversation

Dentrax
Copy link
Member

@Dentrax Dentrax commented Nov 22, 2021

Fixes #1090

Signed-off-by: Furkan [email protected]
Co-authored-by: Batuhan [email protected]
Co-authored-by: Erkan [email protected]

@Dentrax Dentrax force-pushed the feature/immutable-secret branch from adb3e2c to 9e7ea70 Compare November 22, 2021 09:11
@Dentrax
Copy link
Member Author

Dentrax commented Nov 22, 2021
edited
Loading

Not sure whether setting immutable: true by default is good practice or not without passing smth like --immutable flag to trigger the condition. Feel free to drop your ideas.

@Dentrax Dentrax force-pushed the feature/immutable-secret branch from 9e7ea70 to ad93a8d Compare November 22, 2021 09:17
hectorj2f
hectorj2f reviewed Nov 22, 2021
View reviewed changes
pkg/cosign/kubernetes/client.go Outdated
@@ -57,3 +58,16 @@ func Client() (kubernetes.Interface, error) {
}
return kubernetes.NewForConfig(config)
}

func CheckImmutableSecretSupported(client kubernetes.Interface) (bool, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: It is been used internally in the package, func checkImm.....

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 here, otherwise LGTM!

@Dentrax @developer-guy @erkanzileli
feat(k8s): set secret immutable by default for 1.21
870fce8 
Fixes sigstore#1090

Signed-off-by: Furkan <[email protected]>
Co-authored-by: Batuhan <[email protected]>
Co-authored-by: Erkan <[email protected]>
@Dentrax Dentrax force-pushed the feature/immutable-secret branch from ad93a8d to 870fce8 Compare November 22, 2021 13:55
@dlorenc dlorenc merged commit 86bf37f into sigstore:main Nov 22, 2021
@github-actions github-actions bot added this to the v1.4.0 milestone Nov 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectorj2f hectorj2f hectorj2f left review comments

@dlorenc dlorenc dlorenc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.4.0
Development

Successfully merging this pull request may close these issues.

provide an option to enable creating immutable secrets while generating key pair with k8s scheme
3 participants
@Dentrax @dlorenc @hectorj2f