Skip to content

Fix PAM-backed store import, generated use cases, and lab CI#327

Open
spbsoluble wants to merge 18 commits intorelease-1.9from
fix/store-types-delete-all-pagination
Open

Fix PAM-backed store import, generated use cases, and lab CI#327
spbsoluble wants to merge 18 commits intorelease-1.9from
fix/store-types-delete-all-pagination

Conversation

@spbsoluble
Copy link
Copy Markdown
Collaborator

@spbsoluble spbsoluble commented May 1, 2026
edited
Loading

Summary

  • support certificate store CSV create/sync workflows for PAM-backed ServerUsername, ServerPassword, and store password values
  • preserve JSON-shaped secret values as secret strings during store CSV import
  • preserve PAM store password parameters during sync updates
  • add organized Certificate Store Operations use cases, including bulk create, bulk update, static-to-PAM migration, and generated per-store-type guides
  • add generated PAM Operations use cases from cmd/pam_types.json for PAM type and PAM provider creation
  • wire store-type and PAM operation doc generation into kfutil makedocs
  • remove date-based generated footers from command docs and normalize generated markdown whitespace
  • add login --skip-validate and the interactive validation prompt path for saving config without live credential validation
  • stabilize lab-backed CLI tests by resetting shared Cobra state, fixing JSON output for byte slices, and covering store-types pagination through the CLI path
  • replace dead GitHub test lab environment config with SES_2541
  • bump package version and changelog for v1.9.2

Validation

  • GOWORK=off GOCACHE=/tmp/kfutil-gocache go run . makedocs
  • GOWORK=off GOCACHE=/tmp/kfutil-gocache go test ./internal/... ./tools/...
  • GOWORK=off GOCACHE=/tmp/kfutil-gocache go test ./cmd -timeout 600s
  • GOWORK=off GOCACHE=/tmp/kfutil-gocache go test ./... -p 4 -timeout 900s
  • git diff --check
  • live lab: created and synced a PAM-backed K8SCluster store without mutation
  • live lab: migrated all exported stores to the test PAM provider and verified 43/43 ServerPassword rows exported with expected provider parameters
  • live lab: reversed exported stores back to direct kubeconfig credentials and verified JSON secret import handling
  • live lab: created 5 K8SSecret and 5 K8STLSSecr demo stores with mixed PAM-backed and direct/static credential rows
  • live lab: created all 9 embedded PAM types from cmd/pam_types.json and one PAM provider instance for each type using hydrated live IDs
  • live lab: created a K8SPKCS12 store with PAM-backed StorePassword using the test PAM provider and verified exported Password.ProviderId/Parameters

@spbsoluble spbsoluble changed the base branch from main to release-1.9 May 1, 2026 20:55
@spbsoluble spbsoluble changed the title Support PAM-backed certificate store CSV sync Fix PAM-backed store CSV import and add generated use-case docs May 1, 2026
@spbsoluble spbsoluble changed the title Fix PAM-backed store CSV import and add generated use-case docs Fix PAM-backed store import, generated use cases, and login skip validation May 2, 2026
@spbsoluble spbsoluble changed the title Fix PAM-backed store import, generated use cases, and login skip validation Fix PAM-backed store import, generated use cases, and lab CI May 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@spbsoluble