-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Working minimal authn/authz configuration for blueapi #284
Conversation
Codecov Report
@@ Coverage Diff @@
## main #284 +/- ##
=======================================
Coverage 89.44% 89.44%
=======================================
Files 41 41
Lines 1412 1412
=======================================
Hits 1263 1263
Misses 149 149 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
CI failing for unrelated reason which would probably make it fail on main also. Investigating now. |
rebased on top of master after fixing the error. CI should now pass :) |
@@ -16,7 +16,7 @@ spec: | |||
{{- toYaml . | nindent 8 }} | |||
{{- end }} | |||
labels: | |||
{{- include "blueapi.selectorLabels" . | nindent 8 }} | |||
{{- include "blueapi.metadataLabels" . | nindent 8 }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
{{- include "blueapi.selectorLabels" . | nindent 8 }}
{{- include "blueapi.extraLabels . | nindent 8 }}
I think it'd make more sense to present the extraLabels alongside the selectorLabels, rather than folding both into a single function: there are selectorLabels which are used by this release to map between resources and extraLabels, which have some meaning in a wider context.
dependencies: | ||
- name: rabbitmq | ||
version: 11.16.2 | ||
repository: oci://registry-1.docker.io/bitnamicharts |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dependencies: | |
- name: rabbitmq | |
version: 11.16.2 | |
repository: oci://registry-1.docker.io/bitnamicharts | |
dependencies: | |
- name: rabbitmq | |
version: 11.16.2 | |
repository: oci://registry-1.docker.io/bitnamicharts | |
enabled: rabbitmq.enabled |
If we add this to the conditions, we can also add
rabbitmq:
enabled: false
to our values.yaml to disable rabbitmq (once we have BlueAPI not requiring a message bus)
passcode: guest | ||
host: rabbitmq | ||
username: foo | ||
passcode: bar |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to make a ticket for describing how to make SealedSecret for BlueAPI and RabbitMQ shared information, I think for this default/example config, we can keep guest/guest and add to the readme for deploying that these values will need to be overwritten if rabbitmq.enabled and not exposed on localhost
{{/* | ||
Metadata labels | ||
*/}} | ||
{{- define "blueapi.metadataLabels" -}} | ||
{{ include "blueapi.selectorLabels" . }} | ||
{{- range $key, $value := .Values.extraLabels }} | ||
{{- $key }}: {{ $value | quote }} # N.B. ensures your labels are correctly String->String | ||
{{- end }} | ||
{{- end }} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
{{/* | |
Metadata labels | |
*/}} | |
{{- define "blueapi.metadataLabels" -}} | |
{{ include "blueapi.selectorLabels" . }} | |
{{- range $key, $value := .Values.extraLabels }} | |
{{- $key }}: {{ $value | quote }} # N.B. ensures your labels are correctly String->String | |
{{- end }} | |
{{- end }} | |
{{/* | |
Metadata labels | |
*/}} | |
{{- define "blueapi.extraLabels" -}} | |
{{- range $key, $value := .Values.extraLabels }} | |
{{- $key }}: {{ $value | quote }} # N.B. ensures your labels are correctly String->String | |
{{- end }} | |
username: foo | ||
passcode: bar |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
username: foo | |
passcode: bar | |
username: guest | |
passcode: guest |
username: foo | ||
password: bar |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
username: foo | |
password: bar | |
username: guest | |
password: guest |
not sure what is this PR accomplishing at the moment, as the auth logic moved to deployments. petition to close @callumforrester |
I'll defer to @DiamondJoseph |
This PR seems to mostly be configuring RMQ, is outdated and doesn't have any Auth considerations. |
This adds some authentication/authorization config to the helm chart