Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add remaining data store options #463

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add remaining data store options #463

wants to merge 5 commits into from
+101 −5

Conversation

kfox1111
Copy link
Collaborator

@kfox1111 kfox1111 commented Sep 18, 2024
edited
Loading

We dont support all the spire server datastore sql plugin options. Add the missing ones.

Before the change, we only support:

    ## @param dataStore.sql.databaseType Other supported databases are "postgres" and "mysql"
    databaseType: sqlite3
    ## @param dataStore.sql.databaseName Only used by "postgres" or "mysql"
    databaseName: spire
    ## @param dataStore.sql.host Only used by "postgres" or "mysql"
    host: ""
    ## @param dataStore.sql.port If 0 (default), it will auto set to 5432 for postgres and 3306 for mysql. Only used by those databases.
    port: 0
    ## @param dataStore.sql.username Only used by "postgres" or "mysql"
    username: spire
    ## @param dataStore.sql.password Only used by "postgres" or "mysql"
    password: ""
    ## @param dataStore.sql.options [array] Only used by "postgres" or "mysql"
    options: []

    ## @param dataStore.sql.plugin_data [object] Settings from https://github.com/spiffe/spire/blob/main/doc/plugin_server_datastore_sql.md go in this section
    plugin_data: {}

    ## When an external source creates the secret. The secret should reside in the same namespace as the spire server
    externalSecret:
      ## @param dataStore.sql.externalSecret.enabled Enable external secret for datastore creds
      enabled: false
      ## @param dataStore.sql.externalSecret.name The name of the secret object
      name: ""
      ## @param dataStore.sql.externalSecret.key The key of the secret object whose value is the dataStore.sql password
      key: ""

@kfox1111
Add remaining data store options
83a106f 
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
@kfox1111
Fix env var
283b47d 
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
@kfox1111 @faisal-memon
Update charts/spire/README.md
dd15fe0 
Co-authored-by: Faisal Memon <fymemon@yahoo.com>
Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
@faisal-memon faisal-memon added this to the 0.24.0 milestone Sep 18, 2024
kfox1111 and others added 2 commits September 18, 2024 15:34
@kfox1111 @faisal-memon
Update charts/spire/README.md
8a2e0d5 
Co-authored-by: Faisal Memon <fymemon@yahoo.com>
Signed-off-by: kfox1111 <Kevin.Fox@pnnl.gov>
@kfox1111
Merge branch 'main' into more-db-settings
95c1742
@kfox1111
Copy link
Collaborator Author

Needs support for:

connection_string="file:memdb?mode=memory&cache=shared"

@kfox1111
Copy link
Collaborator Author

Needs support for:

connection_string="file:memdb?mode=memory&cache=shared"

Moving to separate issue:
#465

edwbuck
edwbuck reviewed Sep 19, 2024
View reviewed changes
Copy link
Collaborator

@edwbuck edwbuck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally some document or unit test that ensures the sql plugin is configured to match the examples under https://github.com/spiffe/spire/blob/v1.10.0/doc/plugin_server_datastore_sql.md would be included, to ensure that we have the settings documented to correctly derive the examples.

charts/spire/README.md
@@ -88,6 +88,11 @@ kubectl delete crds clusterfederatedtrustdomains.spire.spiffe.io clusterspiffeid

We only support upgrading one major/minor version at a time. Version skipping isn't supported. Please see <https://spiffe.io/docs/latest/spire-helm-charts-hardened-about/upgrading/> for details.

### 0.24.X

We have added the remaining options needed for the SPIRE Server SQL data store plugin. We have removed `spire-server.dataStore.sql.plugin_data` section as it is no longer needed. If you are using it, please migrate
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Throw an error if spire-server.dataStore.sql.plugin_data exists with details they need to update the SQL plugin configuration.

charts/spire/charts/spire-server/templates/configmap.yaml
@@ -101,7 +101,22 @@ plugins:
DataStore:
sql:
plugin_data:
{{ include "spire-server.datastore-config" . | nindent 10 }}
{{ include "spire-server.datastore-config" . | nindent 8 }}
{{- if ne .Values.dataStore.sql.rootCAPath "" }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be suppressed, along without MySQL specific values, should be suppressed / errored if not set to mysql.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@faisal-memon faisal-memon faisal-memon left review comments

@edwbuck edwbuck edwbuck left review comments

@marcofranssen marcofranssen Awaiting requested review from marcofranssen marcofranssen is a code owner

@mrsabath mrsabath Awaiting requested review from mrsabath mrsabath is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@edwbuck edwbuck

Labels
None yet
Projects
None yet
Milestone
0.24.0
Development

Successfully merging this pull request may close these issues.
3 participants
@kfox1111 @faisal-memon @edwbuck