Working minimal authn/authz configuration for blueapi #284
Conversation
Codecov Report
@@ Coverage Diff @@
## main #284 +/- ##
=======================================
Coverage 89.44% 89.44%
=======================================
Files 41 41
Lines 1412 1412
=======================================
Hits 1263 1263
Misses 149 149 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
|
CI failing for unrelated reason which would probably make it fail on main also. Investigating now. |
|
rebased on top of master after fixing the error. CI should now pass :) |
| @@ -16,7 +16,7 @@ spec: | |||
| {{- toYaml . | nindent 8 }} | |||
| {{- end }} | |||
| labels: | |||
| {{- include "blueapi.selectorLabels" . | nindent 8 }} | |||
| {{- include "blueapi.metadataLabels" . | nindent 8 }} | |||
There was a problem hiding this comment.
{{- include "blueapi.selectorLabels" . | nindent 8 }}
{{- include "blueapi.extraLabels . | nindent 8 }}
I think it'd make more sense to present the extraLabels alongside the selectorLabels, rather than folding both into a single function: there are selectorLabels which are used by this release to map between resources and extraLabels, which have some meaning in a wider context.
| dependencies: | ||
| - name: rabbitmq | ||
| version: 11.16.2 | ||
| repository: oci://registry-1.docker.io/bitnamicharts |
There was a problem hiding this comment.
| dependencies: | |
| - name: rabbitmq | |
| version: 11.16.2 | |
| repository: oci://registry-1.docker.io/bitnamicharts | |
| dependencies: | |
| - name: rabbitmq | |
| version: 11.16.2 | |
| repository: oci://registry-1.docker.io/bitnamicharts | |
| enabled: rabbitmq.enabled |
If we add this to the conditions, we can also add
rabbitmq:
enabled: false
to our values.yaml to disable rabbitmq (once we have BlueAPI not requiring a message bus)
| passcode: guest | ||
| host: rabbitmq | ||
| username: foo | ||
| passcode: bar |
There was a problem hiding this comment.
I'm going to make a ticket for describing how to make SealedSecret for BlueAPI and RabbitMQ shared information, I think for this default/example config, we can keep guest/guest and add to the readme for deploying that these values will need to be overwritten if rabbitmq.enabled and not exposed on localhost
| {{/* | ||
| Metadata labels | ||
| */}} | ||
| {{- define "blueapi.metadataLabels" -}} | ||
| {{ include "blueapi.selectorLabels" . }} | ||
| {{- range $key, $value := .Values.extraLabels }} | ||
| {{- $key }}: {{ $value | quote }} # N.B. ensures your labels are correctly String->String | ||
| {{- end }} | ||
| {{- end }} | ||
|
|
There was a problem hiding this comment.
| {{/* | |
| Metadata labels | |
| */}} | |
| {{- define "blueapi.metadataLabels" -}} | |
| {{ include "blueapi.selectorLabels" . }} | |
| {{- range $key, $value := .Values.extraLabels }} | |
| {{- $key }}: {{ $value | quote }} # N.B. ensures your labels are correctly String->String | |
| {{- end }} | |
| {{- end }} | |
| {{/* | |
| Metadata labels | |
| */}} | |
| {{- define "blueapi.extraLabels" -}} | |
| {{- range $key, $value := .Values.extraLabels }} | |
| {{- $key }}: {{ $value | quote }} # N.B. ensures your labels are correctly String->String | |
| {{- end }} | |
| username: foo | ||
| passcode: bar |
There was a problem hiding this comment.
| username: foo | |
| passcode: bar | |
| username: guest | |
| passcode: guest |
| username: foo | ||
| password: bar |
There was a problem hiding this comment.
| username: foo | |
| password: bar | |
| username: guest | |
| password: guest |
|
not sure what is this PR accomplishing at the moment, as the auth logic moved to deployments. petition to close @callumforrester |
|
I'll defer to @DiamondJoseph |
|
This PR seems to mostly be configuring RMQ, is outdated and doesn't have any Auth considerations. |
This adds some authentication/authorization config to the helm chart