Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ACME] Fix account registration on issuer secret update #81

Merged
merged 1 commit into from
Jul 26, 2021
Merged

[ACME] Fix account registration on issuer secret update #81

merged 1 commit into from
Jul 26, 2021

Conversation

MartinWeindel
Copy link
Member

@MartinWeindel MartinWeindel commented Jul 22, 2021
edited
Loading

What this PR does / why we need it:
Update of the account registration in the issuer status is not handled correctly if the issuer secret of type ACME is updated.
Besides, the default behaviour is unsuitable for secret rotation, as it triggers an immediate renewal of all certificates.
To allow secret rotation without immediate renewals, all certificate secret hashes are migrated. The new hash includes the issuer key instead of the issuer secret.

Additionally the error handling has been harmonised by replacing Wrap´ from github.com/pkg/errorswithfmt.Errorf("...: %w", err)`

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:

[ACME] Fix account registration on issuer secret update and allow secret rotation without immediate renewal of certificates.

@MartinWeindel MartinWeindel requested a review from a team as a code owner July 22, 2021 14:43
@gardener-robot gardener-robot added needs/review Needs review size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 22, 2021
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jul 22, 2021
@gardener-robot gardener-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. needs/second-opinion Needs second review by someone else and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 23, 2021
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jul 23, 2021
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 23, 2021
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 23, 2021
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jul 23, 2021
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 26, 2021
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 26, 2021
@MartinWeindel
recognize change of issuer secret, no renewal on issuer secret change…
1fc8b05 
…, migrate certificate hash, stop using pkg/errors
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 26, 2021
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 26, 2021
@MartinWeindel MartinWeindel merged commit ddc3af4 into master Jul 26, 2021
@MartinWeindel MartinWeindel deleted the fix-replace-issuer-secret branch July 26, 2021 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/review Needs review needs/second-opinion Needs second review by someone else size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@MartinWeindel @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot