Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve
ServiceAccount
Signing Key Rotation Procedure (#7313)
* Add `lastInitiationFinishedTime` and `lastCompletionTriggeredTime` to API So far, it was not possible to get to know when the initiation has been finished nor when the completion has been triggered. This was only done for those rotation structs which feature a 'Phase' field (for the other's it's useless, hence not added). * [make generate] * Make use of new fields * Drop assumptions about "old service account secrets" Earlier, the code implicitly assumed that all secrets except the first on in the `ServiceAccount.secrets[]` list are old. However, this is not true when the user interferes while the rotation is running. This commit improves the code to REALLY check whether the secret is old by comparing its creation timestamp with the timestamp when the last rotation initiation has finished. All secrets created after this time have definitely been signed with the new key, all others not or not necessarily. * Address PR review feedback
- Loading branch information
Showing
28 changed files
with
2,688 additions
and
1,686 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.