Support multiple LTPA keys across operator versions using a decision tree where each leaf represents a resource (LTPA key) combination.
Use keys across versions by following instructions in and updating the controllers/assets/ltpa-decision-tree.yaml file and implementing reconcileLTPAMetadata() in ltpa_keys_sharing.go.
Adds the tree folder and package tests which provides the decision tree impl. that can be extended to be used for a variety Kubernetes resources
Adds the controllers/encryption_key_sharing.go which treats a password encryption key Secret (provided by user) as a namespace-shared singleton, injected into each Liberty application within the same namespace.
Securely mount and load LTPA key from /output/security/liberty-operator by using <include location="..."> in /config/configDropins/overrides
Securely mount and load password encryption key from /output/security/liberty-operator by using <include location="..."> in /config/configDropins/overrides
controllers/assets/ltpa-decision-tree.yaml
file and implementingreconcileLTPAMetadata()
inltpa_keys_sharing.go
.tree
folder and package tests which provides the decision tree impl. that can be extended to be used for a variety Kubernetes resourcescontrollers/encryption_key_sharing.go
which treats a password encryption key Secret (provided by user) as a namespace-shared singleton, injected into each Liberty application within the same namespace./output/security/liberty-operator
by using<include location="...">
in/config/configDropins/overrides
/output/security/liberty-operator
by using<include location="...">
in/config/configDropins/overrides