Removes legacy SPIFFE TLS clients and servers in favour of the new SPIRE TLS clients and servers. #7037
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #7037 +/- ##
==========================================
- Coverage 61.88% 61.83% -0.06%
==========================================
Files 246 245 -1
Lines 22519 22414 -105
==========================================
- Hits 13937 13860 -77
+ Misses 7415 7393 -22
+ Partials 1167 1161 -6 ☔ View full report in Codecov by Sentry. |
|
/test-version-skew |
Dapr Version Skew test (dapr-sidecar-master - 1.12.0)Commit ref: af4dc0b ❌ Version Skew tests failedPlease check the logs for details on the error. |
Dapr Version Skew test (control-plane-master - 1.12.0)Commit ref: af4dc0b ❌ Version Skew tests failedPlease check the logs for details on the error. |
|
/test-version-skew |
Dapr Version Skew test (control-plane-master - 1.12.0)Commit ref: 083fd25 ✅ Version Skew tests passed |
Dapr Version Skew test (dapr-sidecar-master - 1.12.0)Commit ref: 083fd25 ❌ Version Skew tests failedPlease check the logs for details on the error. |
JoshVanL
added
the
autoupdate
The failures seem related to some setup steps, not code changes? |
| // TODO: @joshvanl: included for backwards compatibility with v1.11 daprd's | ||
| // which request these environment variables to be present when running in | ||
| // Kubernetes. Should be removed in v1.13. | ||
| container.Env = append(container.Env, |
There was a problem hiding this comment.
Are we ok dropping support for 1.11 in 1.13? That is not the usual "N-2" compatibility we offer.
There was a problem hiding this comment.
N-2 is best effort and not guaranteed.
There was a problem hiding this comment.
We support N-1 compatibility, N-2 support is for users running with N-2 and not mixing N-2 with N. Anyway, 1.11 is N-3 from 1.14, so we are OK to remove it either way.
JoshVanL
force-pushed
the
sentry-remove-legacy-tls-client-servers
branch
from
d312b27
to
53e381b
Compare
JoshVanL
force-pushed
the
sentry-remove-legacy-tls-client-servers
branch
from
ebedd4c
to
8c623ea
Compare
JoshVanL
force-pushed
the
sentry-remove-legacy-tls-client-servers
branch
2 times, most recently
from
7905cd4
to
010214a
Compare
JoshVanL
force-pushed
the
sentry-remove-legacy-tls-client-servers
branch
from
1397637
to
e7e16e4
Compare
JoshVanL
force-pushed
the
sentry-remove-legacy-tls-client-servers
branch
2 times, most recently
from
2fb4e9c
to
244b483
Compare
|
/test-version-skew |
Signed-off-by: joshvanl <me@joshvanl.dev>
|
/test-version-skew |
Dapr Version Skew e2e test (control-plane-master - 1.13.0)Commit ref: 7b44354 ✅ Version Skew tests passed |
Dapr Version Skew integration test (dapr-sidecar-master - 1.13.0)Commit ref: 7b44354 ❌ Version Skew tests failedPlease check the logs for details on the error. |
Dapr Version Skew e2e test (dapr-sidecar-master - 1.13.0)Commit ref: 7b44354 ✅ Version Skew tests passed |
Dapr Version Skew integration test (control-plane-master - 1.13.0)Commit ref: 7b44354 ❌ Version Skew tests failedPlease check the logs for details on the error. |
Signed-off-by: joshvanl <me@joshvanl.dev>
|
/test-version-skew |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
✅ Version Skew tests passed |
✅ Version Skew tests passed |
✅ Version Skew tests passed |
✅ Version Skew tests passed |
Signed-off-by: joshvanl <me@joshvanl.dev>
artursouza
approved these changes
Mar 26, 2024
cicoyle
pushed a commit
to cicoyle/dapr
that referenced
this pull request
May 24, 2024
…IRE TLS clients and servers. (dapr#7037) * Removes legacy SPIFFE TLS clients and servers in favour of the new SPIRE TLS clients and servers. Signed-off-by: joshvanl <me@joshvanl.dev> * Fix sentry int tests, and adds test to ensure legacy ID is not longer accepted Signed-off-by: joshvanl <me@joshvanl.dev> * String match on sentry Kubernetes validator longname test Signed-off-by: joshvanl <me@joshvanl.dev> * Fix namespace of sentry in operator tests Signed-off-by: joshvanl <me@joshvanl.dev> * Linting Signed-off-by: joshvanl <me@joshvanl.dev> * Update integration kubernetes process to use leaf certificate with cluster.local Signed-off-by: joshvanl <me@joshvanl.dev> * Fix setting correct control plane trust domain on daprd Signed-off-by: joshvanl <me@joshvanl.dev> * Remove SENTRY_LOCAL_IDENTITY form expected env var Signed-off-by: joshvanl <me@joshvanl.dev> * Fix control plane trust domain setting in test Signed-off-by: joshvanl <me@joshvanl.dev> * Fixes int version skew tests using legacy client/server Signed-off-by: joshvanl <me@joshvanl.dev> * Fix int version-skew patch on v1.13.0 Signed-off-by: joshvanl <me@joshvanl.dev> * Use correct namespace for sentry in injector integration tests Signed-off-by: joshvanl <me@joshvanl.dev> --------- Signed-off-by: joshvanl <me@joshvanl.dev> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com> Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
jfreeland
pushed a commit
to jfreeland/dapr
that referenced
this pull request
Jun 3, 2024
…IRE TLS clients and servers. (dapr#7037) * Removes legacy SPIFFE TLS clients and servers in favour of the new SPIRE TLS clients and servers. Signed-off-by: joshvanl <me@joshvanl.dev> * Fix sentry int tests, and adds test to ensure legacy ID is not longer accepted Signed-off-by: joshvanl <me@joshvanl.dev> * String match on sentry Kubernetes validator longname test Signed-off-by: joshvanl <me@joshvanl.dev> * Fix namespace of sentry in operator tests Signed-off-by: joshvanl <me@joshvanl.dev> * Linting Signed-off-by: joshvanl <me@joshvanl.dev> * Update integration kubernetes process to use leaf certificate with cluster.local Signed-off-by: joshvanl <me@joshvanl.dev> * Fix setting correct control plane trust domain on daprd Signed-off-by: joshvanl <me@joshvanl.dev> * Remove SENTRY_LOCAL_IDENTITY form expected env var Signed-off-by: joshvanl <me@joshvanl.dev> * Fix control plane trust domain setting in test Signed-off-by: joshvanl <me@joshvanl.dev> * Fixes int version skew tests using legacy client/server Signed-off-by: joshvanl <me@joshvanl.dev> * Fix int version-skew patch on v1.13.0 Signed-off-by: joshvanl <me@joshvanl.dev> * Use correct namespace for sentry in injector integration tests Signed-off-by: joshvanl <me@joshvanl.dev> --------- Signed-off-by: joshvanl <me@joshvanl.dev> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com> Co-authored-by: Yaron Schneider <schneider.yaron@live.com> Signed-off-by: Joey Freeland <joey@free.land>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
E2E tests are currently failing on N-2 version skew, though it was my understanding that this was best effort and not guaranteed. Perhaps we need to be skipping this test for now.
Part of #5756