hydra icon indicating copy to clipboard operation
hydra copied to clipboard

Published 20 hours ago verified publisher icon ory

feat: TLS certs auto-reload

Open StarAurryon opened this issue 3 years ago • 9 comments
trafficstars

Kubernetes is able to auto-renew certificates with cert-manager and update files in the container. I would be cool if Ory Hydra could support auto certificate update on file change.

Related issue(s)

#2568

Checklist

  • [X] I have read the contributing guidelines.
  • [X] I have referenced an issue containing the design document if my change introduces a new feature.
  • [X] I am following the contributing code guidelines.
  • [X] I have read the security policy.
  • [X] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security. vulnerability, I confirm that I got green light (please contact [email protected]) from the maintainers to push the changes.
  • [ ] I have added tests that prove my fix is effective or that my feature works.
  • [ ] I have added or changed the documentation.

Further Comments

Adds dependencies to fsnotify to support Mac/Windows/Linux.

This is an example of a working PoC. I need feedback ;-)

StarAurryon avatar Dec 30 '21 02:12 StarAurryon

Codecov Report

Merging #2910 (45a4254) into master (ff10e17) will decrease coverage by 0.79%. The diff coverage is 8.98%.

:exclamation: Current head 45a4254 differs from pull request most recent head 4019d10. Consider uploading reports for the commit 4019d10 to get more accurate results

@@            Coverage Diff             @@
##           master    #2910      +/-   ##
==========================================
- Coverage   79.40%   78.60%   -0.80%     
==========================================
  Files         112      112              
  Lines        7889     7971      +82     
==========================================
+ Hits         6264     6266       +2     
- Misses       1223     1302      +79     
- Partials      402      403       +1
Impacted Files Coverage Δ
cmd/server/helper_cert.go 15.78% <4.81%> (-32.79%) :arrow_down:
driver/config/tls.go 91.66% <60.00%> (-8.34%) :arrow_down:
cmd/server/handler.go 63.76% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 00100a1...4019d10. Read the comment docs.

codecov[bot] avatar Dec 30 '21 03:12 codecov[bot]

Cool. I will wait to see things that have changed. In the meantime, if you have any recommendation on the coding style, please let me know. ;-)

StarAurryon avatar Jan 04 '22 23:01 StarAurryon

May I propose sth similar for kratos?

StarAurryon avatar Jan 04 '22 23:01 StarAurryon

Sure! :) You can also work on kratos first and then port this here

aeneasr avatar Jan 05 '22 06:01 aeneasr

In the meanwhile (while this is work in progress), I'll mark this as draft!

aeneasr avatar Jan 11 '22 13:01 aeneasr

Hi @aeneasr ,

Github seems quite buggy today. A lot of 500 are occurring, maybe because of Ukraine IDK. I have push the update synced with the latest master commit.

I also added a small 2 second wait until all changes are made to avoid spam reload in the logs.

As PR #2625 is merged and if it is ok for you we could avoid considering this as a Draft.

;-)

StarAurryon avatar Mar 17 '22 14:03 StarAurryon

@StarAurryon is this good for review now? :)

aeneasr avatar Apr 11 '22 20:04 aeneasr

@aeneasr Yes that's ok. But as you mention part of the code is shared with the Kratos PR too. Merging it to the right ory/x could be better.

I am waiting for more instructions.

StarAurryon avatar Apr 12 '22 03:04 StarAurryon

Merging it to the right ory/x could be better.

I think that's the way to go forward :)

aeneasr avatar Apr 17 '22 17:04 aeneasr

#3265 was merged. There is no more need for this PR

StarAurryon avatar Oct 06 '23 09:10 StarAurryon