Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLOUDP-209691: Added OIDC and AWS IAM auth fields for AtlasDatabaseUser #1221

Merged
merged 7 commits into from
Jan 9, 2024
Merged

CLOUDP-209691: Added OIDC and AWS IAM auth fields for AtlasDatabaseUser #1221

merged 7 commits into from
Jan 9, 2024

Conversation

igor-karpukhin
Copy link
Collaborator

All Submissions:

Added OIDC and AWS IAM auth fields for AtlasDatabaseUser

  • Have you signed our CLA?
  • Put closes #XXXX in your comment to auto-close the issue that your PR fixes (if there is one).
  • Update docs/release-notes/release-notes.md if your changes should be included in the release notes for the next release.

@igor-karpukhin igor-karpukhin force-pushed the CLOUDP-209691/oidc-auth-support branch from bdcc22f to 3ce3a0f Compare December 7, 2023 17:02
@igor-karpukhin igor-karpukhin added the cloud-tests Run expensive Cloud Tests: Integration & E2E label Dec 7, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 7, 2023
edited
Loading

https://app.codecov.io/github/mongodb/mongodb-atlas-kubernetes/commit/5c26e03dc8b2c6cb8a1780acd8a9efb2f56f1a07

@igor-karpukhin igor-karpukhin marked this pull request as ready for review December 8, 2023 20:30
@igor-karpukhin
Copy link
Collaborator Author

Tests will be added today/tomorrow

@s-urbaniak
Copy link
Collaborator

@igor-karpukhin I see no explicit logic for handling these new fields on the Atlas side of things. Presumable this is because these fields are transparently copied via JSONCopy to Atlas fields?

josvazg
josvazg reviewed Dec 18, 2023
View reviewed changes
internal/featureflags/featureflag.go Outdated
featurePrefix = "FEATURE_"
featureSeparator = "="
//nolint:stylecheck
FeatureOIDC = "FEATURE_PREVIEW_OIDC_DB_ACCESS"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the only known feature flag so far?
If so. How do we know we will need this feature flags going forward for more values?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually this could be what we need if we go for a more controlled process for releasing features. Instead of a commit releasing a new feature or behaviour directly, a flag might control whether some of those are active and maybe even depend on what version value it is being built, the default feature flag value is different. One single codebase can release different operator versions without branching.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is the only feature flag so far. I implemented then as env variables as it is easier to configure for the k8s Deployment and/or Pod resource. We can also add flag processing if needed (e.g. --features=featureA,featureB.

@josvazg
Copy link
Collaborator

josvazg commented Dec 18, 2023

LGTM but waiting for other comments to be revisited and the tests to pass

@igor-karpukhin
Copy link
Collaborator Author

@igor-karpukhin I see no explicit logic for handling these new fields on the Atlas side of things. Presumable this is because these fields are transparently copied via JSONCopy to Atlas fields?

That's right. These values are just sent as is, without any processing.

s-urbaniak
s-urbaniak approved these changes Dec 22, 2023
View reviewed changes
Copy link
Collaborator

@s-urbaniak s-urbaniak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm modulo failing tests, great work! 🎉

s-urbaniak
s-urbaniak reviewed Dec 22, 2023
View reviewed changes
cmd/manager/main.go Outdated Show resolved Hide resolved
s-urbaniak
s-urbaniak approved these changes Dec 22, 2023
View reviewed changes
Copy link
Collaborator

@s-urbaniak s-urbaniak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, love it, thank you for the patience! 🙏

@igor-karpukhin igor-karpukhin force-pushed the CLOUDP-209691/oidc-auth-support branch from cf26f10 to ca4046a Compare January 3, 2024 15:28
@josvazg
Copy link
Collaborator

josvazg commented Jan 4, 2024

Seems it needs a rebase

josvazg
josvazg approved these changes Jan 4, 2024
View reviewed changes
Copy link
Collaborator

@josvazg josvazg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just needs a rebase it seems

@igor-karpukhin igor-karpukhin force-pushed the CLOUDP-209691/oidc-auth-support branch from 2eb9b66 to a30b7de Compare January 5, 2024 09:22
@igor-karpukhin igor-karpukhin force-pushed the CLOUDP-209691/oidc-auth-support branch from 2b6c94e to e16ef3f Compare January 8, 2024 08:55
josvazg
josvazg approved these changes Jan 9, 2024
View reviewed changes
Copy link
Collaborator

@josvazg josvazg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still LGTM 👍

@igor-karpukhin igor-karpukhin merged commit e0e042d into main Jan 9, 2024
43 checks passed
@igor-karpukhin igor-karpukhin deleted the CLOUDP-209691/oidc-auth-support branch January 9, 2024 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josvazg josvazg josvazg approved these changes

@s-urbaniak s-urbaniak s-urbaniak approved these changes

@helderjs helderjs Awaiting requested review from helderjs

Assignees
No one assigned
Labels
cloud-tests Run expensive Cloud Tests: Integration & E2E
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@igor-karpukhin @s-urbaniak @josvazg