-
Notifications
You must be signed in to change notification settings - Fork 981
feat: add keys to organization provision daemons #14627
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 1 commit
e5b9cc9
683876b
7192df7
c0beed9
4082678
6a19014
1e88381
0f60bc9
f676ba4
c0ae056
56373ce
174f02a
9f59974
bdb5f57
dde933c
8283329
f7f6ab1
3814ff1
5e457f4
607638b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
- Loading branch information
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
INSERT INTO provisioner_keys (id, created_at, name, public_key, organization_id) VALUES (gen_random_uuid(), NOW(), 'built-in', '', (SELECT id FROM organizations WHERE is_default = true)); | ||
INSERT INTO provisioner_keys (id, created_at, name, public_key, organization_id) VALUES (gen_random_uuid(), NOW(), 'psk', '', (SELECT id FROM organizations WHERE is_default = true)); | ||
INSERT INTO provisioner_keys (id, created_at, organization_id, name, hashed_secret, tags) VALUES ('11111111-1111-1111-1111-111111111111'::uuid, NOW(), (SELECT id FROM organizations WHERE is_default = true), 'built-in', ''::bytea, '{}'); | ||
INSERT INTO provisioner_keys (id, created_at, organization_id, name, hashed_secret, tags) VALUES ('22222222-2222-2222-2222-222222222222'::uuid, NOW(), (SELECT id FROM organizations WHERE is_default = true), 'user-auth', ''::bytea, '{}'); | ||
INSERT INTO provisioner_keys (id, created_at, organization_id, name, hashed_secret, tags) VALUES ('33333333-3333-3333-3333-333333333333'::uuid, NOW(), (SELECT id FROM organizations WHERE is_default = true), 'psk', ''::bytea, '{}'); | ||
|
||
ALTER TABLE provisioner_daemons ADD COLUMN key_id UUID NOT NULL REFERENCES provisioner_keys(id) DEFAULT (SELECT id FROM provisioner_keys WHERE name = 'built-in'); | ||
ALTER TABLE provisioner_daemons ADD COLUMN key_id UUID REFERENCES provisioner_keys(id) ON DELETE CASCADE DEFAULT '11111111-1111-1111-1111-111111111111'::uuid NOT NULL; | ||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -283,6 +283,12 @@ type ProvisionerKey struct { | |
// HashedSecret - never include the access token in the API response | ||
} | ||
|
||
const ( | ||
ProvisionerKeyIDBuiltIn = "11111111-1111-1111-1111-111111111111" | ||
ProvisionerKeyIDUserAuth = "22222222-2222-2222-2222-222222222222" | ||
ProvisionerKeyIDPSK = "33333333-3333-3333-3333-333333333333" | ||
) | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. These will probably need to be hardcoded on the frontend as well, since this doesn't seem to get generated. |
||
type CreateProvisionerKeyRequest struct { | ||
Name string `json:"name"` | ||
Tags map[string]string `json:"tags"` | ||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have external provisioners running today on some customer deployments. Will this be ok if they are assigned to the built in?
Should we assign the existing rows to the
psk
at33333333-3333-3333-3333-33333333333
, and have the startup code fix the built in rows?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I did try to consider the outputs here and picked this one since it felt like the least impact, but let me know if you feel otherwise:
333...
id.So basically with this migration the external provisioners will be incorrectly labeled as built-in until the provisioners reconnect. Because we only show recent provisioners the ones that do not connect again (and stay incorrectly labeled) will only be shown for a short while before being removed from the list we show users.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also worth noting that right now this key reference is only for grouping in read operations, no mutation logic is performed based on this value today.