Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

GKE Default Credentials and Temporary Access Tokens #136

Merged
merged 6 commits into from
Aug 8, 2023
Merged

GKE Default Credentials and Temporary Access Tokens #136

merged 6 commits into from
Aug 8, 2023

Conversation

bradkwadsworth-mw
Copy link

Signed-off-by: Brad Wadsworth brad.wadsworth@mavenwave.com

Description of your changes

Allow the default credential source to be used for authenticating to a GKE cluster.

A prerequisite for this change is crossplane/crossplane-runtime#337 in order for InjectedIdentity to be used as an option for the CommonCredentialExtractor function.

Fixes #135

I have:

  • [X ] Read and followed Crossplane's contribution process.
  • [X ] Run make reviewable to ensure this PR is ready for review.

How has this code been tested

Tested forked controller on a GKE cluster which was successful in applying the helm chart to a remote GKE cluster that had the appropriate IAM permissions for the provider-helm workload identity service account.

@turkenh
Copy link
Collaborator

turkenh commented Aug 18, 2022

A prerequisite for this change is crossplane/crossplane-runtime#337 in order for InjectedIdentity to be used as an option for the CommonCredentialExtractor function.

@bradkwadsworth-mw thanks a lot for your contribution 🙌
I left a comment to the runtime PR which suggests only making a change here without any prerequisite there.

@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/allow-gke-default-creds branch from cf7c2ee to b8143f4 Compare August 25, 2022 03:20
@bradkwadsworth-mw
Copy link
Author

Modified my PR to not require changes to the other package.

@bradkwadsworth-mw
Copy link
Author

@turkenh Just wondering if you could take another look at this when you get a chance? Thanks.

@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/allow-gke-default-creds branch from b8143f4 to 09044d0 Compare September 14, 2022 15:38
@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/allow-gke-default-creds branch 2 times, most recently from 998cb79 to 135bbbd Compare October 10, 2022 16:21
@bradkwadsworth-mw bradkwadsworth-mw changed the title GKE Default Credentials GKE Default Credentials and Temporary Access Tokens Oct 12, 2022
@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/allow-gke-default-creds branch from 135bbbd to 01ec75c Compare October 12, 2022 20:55
@bradkwadsworth-mw
Copy link
Author

@turkenh just wondering if I could get this looked at. This will mimic the functionality of this crossplane-contrib/provider-gcp#461.

turkenh
turkenh approved these changes Jul 25, 2023
View reviewed changes
Copy link
Collaborator

@turkenh turkenh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bradkwadsworth-mw apologizes for the delay here; I missed your comments.

This looks good to me, just left a non-blocking comment.
Please rebase your PR by resolving conflicts so that we can merge it.

pkg/clients/gke/gke.go Outdated Show resolved Hide resolved
@turkenh
Copy link
Collaborator

turkenh commented Jul 31, 2023

@bradkwadsworth-mw there is an interest in this feature, would you be able to continue working on this?

I tried to resolve conflicts but failed to push to the branch of this PR due to the lack of permissions.

@bradkwadsworth-mw
Copy link
Author

bradkwadsworth-mw commented Jul 31, 2023 via email

@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/allow-gke-default-creds branch from 01ec75c to f693c5a Compare August 1, 2023 16:59
turkenh
turkenh reviewed Aug 2, 2023
View reviewed changes
pkg/clients/gke/gke.go Show resolved Hide resolved
pkg/clients/gke/gke.go Show resolved Hide resolved
@turkenh
Copy link
Collaborator

turkenh commented Aug 7, 2023

@bradkwadsworth-mw, could you also fix the DCO action so that we can merge this PR?

Brad Wadsworth added 6 commits August 8, 2023 09:21
GKE Default Credentials
858d39a 
Allow the default credential source to be used
for authenticated to a GKE cluster.

Signed-off-by: Brad Wadsworth <brad.wadsworth@mavenwave.com>
Allow use of credentials without runtime
99c87f3 
Signed-off-by: Brad Wadsworth <brad.wadsworth@mavenwave.com>
Added ability to use access tokens for secret
abdc050 
Signed-off-by: Brad Wadsworth <brad.wadsworth@mavenwave.com>
Added check for access token
8943c12 
Signed-off-by: Brad Wadsworth <brad.wadsworth@mavenwave.com>
removed else statements
9bc4509 
Signed-off-by: Brad Wadsworth <brad.wadsworth@mavenwave.com>
added returns
5fc9240 
Signed-off-by: Brad Wadsworth <brad.wadsworth@mavenwave.com>
@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/allow-gke-default-creds branch from 7e7c224 to 5fc9240 Compare August 8, 2023 14:21
@bradkwadsworth-mw
Copy link
Author

DCO fixed.

turkenh
turkenh approved these changes Aug 8, 2023
View reviewed changes
Copy link
Collaborator

@turkenh turkenh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @bradkwadsworth-mw 🙌

@turkenh turkenh merged commit 6d20e07 into crossplane-contrib:master Aug 8, 2023
@turkenh turkenh mentioned this pull request Aug 18, 2023
Closed
2 tasks
@JonathanO JonathanO mentioned this pull request Jan 20, 2024
Merged
2 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@turkenh turkenh turkenh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow Use of GKE Default Credentials
2 participants
@bradkwadsworth-mw @turkenh