Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[KO-290] Allow enabling security in the existing deployed cluster #273

Merged
merged 14 commits into from
Mar 21, 2024
Merged

[KO-290] Allow enabling security in the existing deployed cluster #273

merged 14 commits into from
Mar 21, 2024

Conversation

tanmayja
Copy link
Contributor

No description provided.

abhishekdwivedi3060
abhishekdwivedi3060 approved these changes Feb 22, 2024
View reviewed changes
controllers/reconciler.go Outdated Show resolved Hide resolved
controllers/reconciler.go Outdated Show resolved Hide resolved
controllers/reconciler.go Outdated Show resolved Hide resolved
sud82
sud82 reviewed Mar 15, 2024
View reviewed changes
api/v1/aerospikecluster_types.go Outdated
@@ -871,6 +871,9 @@ type AerospikePodStatus struct { //nolint:govet // for readability

// PodSpecHash is ripemd160 hash of PodSpec used by this pod
PodSpecHash string `json:"podSpecHash"`

// SecurityEnabled is true if security is enabled in the pod
SecurityEnabled bool `json:"securityEnabled"`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a better name would be IsSecurityEnabled

controllers/access_control.go

enabled, newErr = asdbv1.IsSecurityEnabled(
incomingVersion, incomingVersionErr := asdbv1.GetImageVersion(desiredState.Image)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we check for the enable security from spec by default? If it is not enabled then look into the status.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea here was to send Aerospike credentials if security is enabled in either the spec or status. Following that, we check for AerospikeAccessControl in the status to determine whether to use user-provided credentials or the default admin credentials.

@sud82 sud82 merged commit 8330d82 into master Mar 21, 2024
9 checks passed
@sud82 sud82 deleted the enablesec branch April 24, 2024 06:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhishekdwivedi3060 abhishekdwivedi3060 abhishekdwivedi3060 approved these changes

@sud82 sud82 sud82 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tanmayja @sud82 @abhishekdwivedi3060