Skip to content

Enable simple TLS authentication #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
4 tasks
lfrancke opened this issue Feb 9, 2021 · 6 comments
Closed
4 tasks

Enable simple TLS authentication #25

lfrancke opened this issue Feb 9, 2021 · 6 comments

Comments

@lfrancke
Copy link
Member

lfrancke commented Feb 9, 2021
edited
Loading

This is for Client-Server communication

Acceptance Criteria

  • Operator has a canonical place where it looks up the keys
  • ZK authentication can be turned on/off via the ZK CRDs The default authn method is client TLS certificates.
  • When an agent presents a valid client TLS certificate, it is authenticated with ZK.
  • When an agent does not present a valid client TLS certificate or the certificate or owner is unkown to ZK, the user is blocked from accessing ZK (unless authn is turned of)
@lfrancke lfrancke added this to the Milestone #1 milestone Feb 9, 2021
@lfrancke lfrancke removed this from the Milestone #1 milestone Feb 12, 2021
@lfrancke lfrancke removed the size/M label May 25, 2021
@lfrancke lfrancke modified the milestones: Release #1, Release #2 Aug 10, 2021
@soenkeliebau
Copy link
Member

Left in release 2 with the assumption that keys and certificates are provided and we only need to configure them in the ZK config.

@soenkeliebau
Copy link
Member

possible duplicate of: stackabletech/issues#108

@soenkeliebau soenkeliebau modified the milestones: Release #2, Release #3 Sep 29, 2021
@lfrancke
Copy link
Member Author

Closing as a duplicate of stackabletech/issues#108
While this is older, the other one is in the correct repository already.

@lfrancke
Copy link
Member Author

No, damn. I mixed it up. I wanted to close the other one :)

@lfrancke lfrancke reopened this Oct 25, 2021
@lfrancke lfrancke mentioned this issue Oct 25, 2021
Closed
4 tasks
@lfrancke lfrancke removed this from the Release #3 milestone Nov 5, 2021
stackable-bot added a commit that referenced this issue Nov 30, 2021
@stackable-bot
Generated commit to update templated files based on rev 4b2e3ec in st…
683ce77 
…ackabletech/operator-templating repo.

Original commit message:
fixed yaml structure and shortened name (#25)
@stackable-bot stackable-bot mentioned this issue Nov 30, 2021
Merged
razvan pushed a commit that referenced this issue Nov 30, 2021
@stackable-bot @razvan
Generated commit to update templated files based on rev 4b2e3ec in st…
ef21446 
…ackabletech/operator-templating repo.

Original commit message:
fixed yaml structure and shortened name (#25)
@maltesander
Copy link
Member

@lfrancke this was done in #479 but referenced another issue...
Can we close this?
Quorum is always authenticated, client/agent can be encrypted and/or authenticated via crd settings.

@lfrancke
Copy link
Member Author

I believe we can! Thank you

@lfrancke lfrancke closed this as not planned Won't fix, can't repro, duplicate, stale Jul 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lfrancke @soenkeliebau @maltesander