Skip to content

Feat/add ca certification for sandbox#371

Open
BH4AWS wants to merge 3 commits into
openkruise:masterfrom
BH4AWS:feat/add_ca_certification_for_sandbox
Open

Feat/add ca certification for sandbox#371
BH4AWS wants to merge 3 commits into
openkruise:masterfrom
BH4AWS:feat/add_ca_certification_for_sandbox

Conversation

@BH4AWS
Copy link
Copy Markdown
Contributor

@BH4AWS BH4AWS commented May 13, 2026

Ⅰ. Describe what this PR does

Ⅱ. Does this pull request fix one issue?

Ⅲ. Describe how to verify it

Ⅳ. Special notes for reviews

BH4AWS added 3 commits May 13, 2026 10:45
@BH4AWS
feat: add security identity provider with FeatureGate-controlled toke…
e37df62 
…n issuance and propagation

Introduce the identityprovider package for sandbox access token management:
- Define IdentityProvider/TokenProvider interfaces with UUID-based community default
- Add fallbackTokenProvider for graceful degradation on external provider failures
- Add SecurityTokenPropagator registration mechanism for internal extensibility
- Integrate security token issuance into sandbox claim flow (Step 1.5) behind
  SecurityIdentityProviderGate (default: disabled)
- Propagate full TokenResponse to downstream via SecurityTokenOptions
- Add AccessTokenType enum (uuid/identity_provider) to track token generation method
- Add comprehensive table-driven tests for claim security token flows

Signed-off-by: jicheng.sk <jicheng.sk@alibaba-inc.com>
@BH4AWS
add gateway ca injection
378d06b 
Signed-off-by: jicheng.sk <jicheng.sk@alibaba-inc.com>
@BH4AWS
ca cert injection
f1fe944 
Signed-off-by: jicheng.sk <jicheng.sk@alibaba-inc.com>
@kruise-bot
Copy link
Copy Markdown

kruise-bot commented May 13, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign furykerry for approval by writing /assign @furykerry in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kruise-bot
Copy link
Copy Markdown

kruise-bot commented May 13, 2026

@BH4AWS: PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AiRanthem AiRanthem Awaiting requested review from AiRanthem

@furykerry furykerry Awaiting requested review from furykerry

@zmberg zmberg Awaiting requested review from zmberg

Assignees

No one assigned

Labels

needs-rebase size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BH4AWS @kruise-bot