Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: introduce sso secret templating #276

Merged
merged 11 commits into from
Mar 22, 2024
Merged

Conversation

jeff-mccoy
Copy link
Member

@jeff-mccoy jeff-mccoy commented Mar 20, 2024

This PR introduces SSO secret templating within the UDS Operator. This allows dynamic property bindings for the secret and custom file types such as nested JSON, YAML, etc.

Fixes #263

Screenshot 2024-03-20 at 2 47 24 AM

@jeff-mccoy jeff-mccoy requested a review from a team March 21, 2024 02:27
Copy link
Contributor

@mjnagel mjnagel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only other comment - would be good to have some tests on this functionality, I think @TristanHoladay has some stuff in flight to add there.

@TristanHoladay
Copy link
Contributor

As discussed earlier today with @mjnagel and @rjferguson21 , i wanted to test from the top entrypoint -- keycloak() -- all the way down, but the blockers hit with all the different kinds of mocking made it not worth it. so exported generateSecretData() to just catch any changes to the regex that could break expected output.

@TristanHoladay TristanHoladay merged commit e0832ec into main Mar 22, 2024
7 checks passed
@TristanHoladay TristanHoladay deleted the sso-client-templating branch March 22, 2024 21:02
jeff-mccoy pushed a commit that referenced this pull request Mar 22, 2024
🤖 I have created a release *beep* *boop*
---


##
[0.17.0](v0.16.1...v0.17.0)
(2024-03-22)


### Features

* introduce sso secret templating
([#276](#276))
([e0832ec](e0832ec))


### Bug Fixes

* add keycloak to dev bundle and rename
([#262](#262))
([f9b905c](f9b905c))
* registration robot check form id
([#269](#269))
([c6419b9](c6419b9))
* sticky sessions for keycloak in ha
([#281](#281))
([5ccd557](5ccd557))


### Miscellaneous

* align mutation annotations
([#268](#268))
([f18ad4d](f18ad4d))
* **deps:** update loki
([#209](#209))
([03ca499](03ca499))
* **deps:** update pepr to v0.28.6
([#254](#254))
([54ef7de](54ef7de))
* **deps:** update zarf to v0.32.5
([#243](#243))
([ee93612](ee93612))
* typo fix in README.md
([#280](#280))
([f9727e0](f9727e0))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Comment on lines +55 to 56
Store.removeItem(ref);
await apiCall({ clientId }, "DELETE", token);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure which order of these is best, I think I would put Store.removeItem(ref); after await apiCall() and wrap both of these in a try/catch. It looks like there's no error handling at the moment and the error won't be caught.

Need to decide what behavior you want in case of Keycloak API errors. My suggestion would be to not drop the client from the store unless the DELETE succeeds. Unsure what's best, if it goes wrong someone may need to manually drop the item and I don't think it's really possible to hack the Pepr store directly. Deleting an item from the .spec manually is possible though, I don't think the client names are stored there though?

robmcelvenny pushed a commit to owen-grady/uds-core-slim-dev that referenced this pull request Jun 3, 2024
🤖 I have created a release *beep* *boop*
---


##
[0.17.0](defenseunicorns/uds-core@v0.16.1...v0.17.0)
(2024-03-22)


### Features

* introduce sso secret templating
([#276](defenseunicorns/uds-core#276))
([e0832ec](defenseunicorns/uds-core@e0832ec))


### Bug Fixes

* add keycloak to dev bundle and rename
([#262](defenseunicorns/uds-core#262))
([f9b905c](defenseunicorns/uds-core@f9b905c))
* registration robot check form id
([#269](defenseunicorns/uds-core#269))
([c6419b9](defenseunicorns/uds-core@c6419b9))
* sticky sessions for keycloak in ha
([#281](defenseunicorns/uds-core#281))
([5ccd557](defenseunicorns/uds-core@5ccd557))


### Miscellaneous

* align mutation annotations
([#268](defenseunicorns/uds-core#268))
([f18ad4d](defenseunicorns/uds-core@f18ad4d))
* **deps:** update loki
([#209](defenseunicorns/uds-core#209))
([03ca499](defenseunicorns/uds-core@03ca499))
* **deps:** update pepr to v0.28.6
([#254](defenseunicorns/uds-core#254))
([54ef7de](defenseunicorns/uds-core@54ef7de))
* **deps:** update zarf to v0.32.5
([#243](defenseunicorns/uds-core#243))
([ee93612](defenseunicorns/uds-core@ee93612))
* typo fix in README.md
([#280](defenseunicorns/uds-core#280))
([f9727e0](defenseunicorns/uds-core@f9727e0))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
rjferguson21 pushed a commit that referenced this pull request Jul 11, 2024
This PR introduces SSO secret templating within the UDS Operator. This
allows dynamic property bindings for the secret and custom file types
such as nested JSON, YAML, etc.

Fixes #263

![Screenshot 2024-03-20 at 2 47
24 AM](https://github.com/defenseunicorns/uds-core/assets/882485/3cf5e6d2-8b8f-484a-adc9-4d59c938c243)

---------

Co-authored-by: TristanHoladay <[email protected]>
rjferguson21 pushed a commit that referenced this pull request Jul 11, 2024
🤖 I have created a release *beep* *boop*
---


##
[0.17.0](v0.16.1...v0.17.0)
(2024-03-22)


### Features

* introduce sso secret templating
([#276](#276))
([e0832ec](e0832ec))


### Bug Fixes

* add keycloak to dev bundle and rename
([#262](#262))
([f9b905c](f9b905c))
* registration robot check form id
([#269](#269))
([c6419b9](c6419b9))
* sticky sessions for keycloak in ha
([#281](#281))
([5ccd557](5ccd557))


### Miscellaneous

* align mutation annotations
([#268](#268))
([f18ad4d](f18ad4d))
* **deps:** update loki
([#209](#209))
([03ca499](03ca499))
* **deps:** update pepr to v0.28.6
([#254](#254))
([54ef7de](54ef7de))
* **deps:** update zarf to v0.32.5
([#243](#243))
([ee93612](ee93612))
* typo fix in README.md
([#280](#280))
([f9727e0](f9727e0))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

SSO Secret Templating
4 participants