Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add Registry/Config Access token capability via Secret Provider #229

Merged
merged 2 commits into from
Apr 9, 2021
Merged

feat: Add Registry/Config Access token capability via Secret Provider #229

merged 2 commits into from
Apr 9, 2021

Conversation

lenny-goodell
Copy link
Member

closes

BREAKING CHANGE: When run with the secure Edgex Stack now need to have the SecretStore configured, a Vault token created and run with EDGEX_SECURITY_SECRET_STORE=true.
BREAKING CHANGE: Service key changed to app-<profile name>

Signed-off-by: lenny leonard.goodell@intel.com

PR Checklist

Please check if your PR fulfills the following requirements:

  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe:

What is the current behavior?

Registry/Config access tokens capability supported via files

Issue Number: #222

What is the new behavior?

Registry/Config access tokens capability now supported via SecretProvider
Non-standard mixed case service key name change to simplified lower case app-<profile name>
Removed previous file based access token config settings

Does this PR introduce a breaking change?

  • Yes
  • No

BREAKING CHANGE: When run with the secure Edgex Stack now need to have the SecretStore configured, a Vault token created and run with EDGEX_SECURITY_SECRET_STORE=true.
BREAKING CHANGE: Service key changed to app-<profile name>

Are there any new imports or modules? If so, what are they used for and why?

no

Are there any specific instructions or things that should be known prior to reviewing?

Other information

feat: Add Registry/Config Access token capability via Secret Provider
1b6b2e4 
Non-standard mixed case service key name change to simplified lower case `app-<profile name>`
Removed previous file based access token config settings

closes edgexfoundry#222

BREAKING CHANGE: When run with the secure Edgex Stack now need to have the SecretStore configured, a Vault token created and run with EDGEX_SECURITY_SECRET_STORE=true.
BREAKING CHANGE: Service key changed to `app-<profile name>`

Signed-off-by: lenny <leonard.goodell@intel.com>
@lenny-goodell
Copy link
Member Author

The TAF tests will need to be update for the change in service key names. Thus this PR is in draft mode until those changes can be made.

jim-wang-intel
jim-wang-intel requested changes Apr 7, 2021
View reviewed changes
Copy link
Contributor

@jim-wang-intel jim-wang-intel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some file-based leftover configuration to be removed

res/rules-engine/configuration.toml Show resolved Hide resolved
res/functional-tests/configuration.toml Show resolved Hide resolved
res/http-export/configuration.toml Show resolved Hide resolved
res/mqtt-export/configuration.toml Show resolved Hide resolved
res/push-to-core/configuration.toml Show resolved Hide resolved
res/rules-engine/configuration.toml Show resolved Hide resolved
refactor: Removed obsolete Access Token filepath config settings
5ff9e34 
Signed-off-by: lenny <leonard.goodell@intel.com>
@lenny-goodell lenny-goodell marked this pull request as ready for review April 8, 2021 17:42
@lenny-goodell lenny-goodell marked this pull request as draft April 8, 2021 17:43
jim-wang-intel
jim-wang-intel approved these changes Apr 8, 2021
View reviewed changes
Copy link
Contributor

@jim-wang-intel jim-wang-intel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lenny-goodell lenny-goodell linked an issue Apr 8, 2021 that may be closed by this pull request
[Secure Consul Ph2] App Service Configurable: Enable Registry/Config access tokens #222
Closed
@lenny-goodell lenny-goodell mentioned this pull request Apr 8, 2021
Merged
@lenny-goodell lenny-goodell marked this pull request as ready for review April 8, 2021 18:54
@lenny-goodell lenny-goodell merged commit 7b79720 into edgexfoundry:master Apr 9, 2021
@lenny-goodell lenny-goodell deleted the access-tokens branch April 9, 2021 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jim-wang-intel jim-wang-intel jim-wang-intel approved these changes

@bnevis-i bnevis-i Awaiting requested review from bnevis-i

@cherrycl cherrycl Awaiting requested review from cherrycl

@cloudxxx8 cloudxxx8 Awaiting requested review from cloudxxx8

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Secure Consul Ph2] App Service Configurable: Enable Registry/Config access tokens
2 participants
@lenny-goodell @jim-wang-intel