Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: feat(generate-config): create config with existing service account #1588

Merged
merged 4 commits into from
Jul 22, 2022
Merged

WIP: feat(generate-config): create config with existing service account #1588

merged 4 commits into from
Jul 22, 2022

Conversation

rkpattnaik780
Copy link
Contributor

@rkpattnaik780 rkpattnaik780 commented Jun 5, 2022
edited
Loading

rhoas generate-config should not create service-account.

Verification Steps

  1. Generate configuration by specifying --type to be configmap
rhoas generate-config --type=configmap
  1. It should create a configmap object.
  2. Unlike previous version, rhoas generate-config shouldn't create a service account.

ToDo:

  • Add validation for flag combinations
  • Add validation to check if the service account credentials provided are valid
  • Add a message for the breaking change

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation change
  • Other (please specify)

@wtrocki
Copy link
Collaborator

wtrocki commented Jun 5, 2022
edited
Loading

Service accounts (generally any credentials) cannot be passed thru flags due to them being saved in plain form to bash history. We had initial design for that case in docs. Idea was to use json file provided from service account command. WDYT?

@rkpattnaik780
Copy link
Contributor Author

We had initial design for that case in docs. Idea was to use json file provided from service account command. WDYT?

I was planning to go with it in the beginning, but it occurred to me that credntial can be in some other format too, for which user wll have to reconstruct it, that could be bit time taking, hence dropped the idea to have it as main method to get the credentials.

Service accounts (generally any credentials) cannot be passed thru flags due to them being saved in plain form to bash history.

I will agree, hence there are twoflags - --client-secret-stdin that will take up the secret from standard input and --client-secret to pass as argument for CI/CD environment. WDYT?

@wtrocki wtrocki closed this Jun 6, 2022
@wtrocki wtrocki reopened this Jun 6, 2022
@wtrocki
Copy link
Collaborator

wtrocki commented Jun 6, 2022

We can use json file as input and env variables presence(user running .env file) Do we need more options?

@wtrocki
Copy link
Collaborator

wtrocki commented Jun 6, 2022

some other format too

I would not be worried about it because:

  • Json is default
  • User will generate service account specifically for this purpose
  • We will add validation and description
  • guide/docs will reflect it

@wtrocki
Copy link
Collaborator

wtrocki commented Jun 6, 2022
edited
Loading

Since we designed that command many things changed:

we now have secret in service accounts create as output

I'm wondering if we actually approached problem right:

Do we really want to supply users service account?
We would have that already in user desired format. Maybe we just want to stop creating service account as part of generate command?

That will have numerous benefits:

  • Generate can be called many times without side effects and paired with service account file
  • We can better reflect openshift story:
    Credentials would be in secret but urls can be configmap

@wtrocki
Copy link
Collaborator

wtrocki commented Jun 10, 2022

@rkpattnaik780 we need to put some research on this as there are different opinions how we should do it.

Mainly there is big trend in current users to disable sa creation in context generate command.
Another option is to provide flag for that use case etc. We might need to drive some proper pros and cons and see how this affects our future roadmap (helm etc.)

@wtrocki
Copy link
Collaborator

wtrocki commented Jun 10, 2022

FYI (low priority) @jackdelahunt @dimakis

rkpattnaik780
rkpattnaik780 commented Jul 21, 2022
View reviewed changes
pkg/cmd/generate/templates.go
`)

templateSecret = heredoc.Doc(`
templateConfigMap = heredoc.Doc(`
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wtrocki
This PR changes generate-config command to skip creating a service account. And replaces secret with configmap.

@wtrocki
Copy link
Collaborator

wtrocki commented Jul 21, 2022

Is that good to be verified?

@rkpattnaik780
Copy link
Contributor Author

Is that good to be verified?

Yes, I will be updating help texts and examples in a while.

wtrocki
wtrocki reviewed Jul 21, 2022
View reviewed changes
pkg/cmd/generate/configurations.go Outdated
envConfig = template.Must(template.New(envFormat).Parse(templateEnv))
jsonConfig = template.Must(template.New(jsonFormat).Parse(templateJSON))
propertiesConfig = template.Must(template.New(propertiesFormat).Parse(templateProperties))
congMapTemplateConfig = template.Must(template.New(configmapFormat).Parse(templateConfigMap))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image
;)

Suggested change
congMapTemplateConfig = template.Must(template.New(configmapFormat).Parse(templateConfigMap))
kongMapTemplateConfig = template.Must(template.New(configmapFormat).Parse(templateConfigMap))

@wtrocki
Copy link
Collaborator

wtrocki commented Jul 21, 2022
edited
Loading

I think we might need to add some documentation/msg. Something like:

Generate config finished successfully. You can now create new service accounts in order to connect to the service

That will smoothen backwards compatibility issue

wtrocki
wtrocki reviewed Jul 22, 2022
View reviewed changes
pkg/core/localize/locales/en/cmd/generate_config.en.toml
Configurations successfully saved to "{{.FilePath}}"

You can now create new service accounts or use existing ones to connect to the service(s)
Copy link
Collaborator

@wtrocki wtrocki Jul 22, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As user I'm wondering how.
Can we be more specific?.

Run rhoas service-account create etc.

@wtrocki wtrocki marked this pull request as ready for review July 22, 2022 10:34
@jackdelahunt
Copy link
Contributor

Verification steps work 👍

@wtrocki wtrocki merged commit 3a558a9 into main Jul 22, 2022
@wtrocki wtrocki deleted the default_generate branch July 22, 2022 11:21
@rkpattnaik780 rkpattnaik780 mentioned this pull request Jul 25, 2022
Merged
5 tasks
rkpattnaik780 added a commit that referenced this pull request Jul 26, 2022
@rkpattnaik780
Revert "WIP: feat(generate-config): create config with existing servi…
28dec32 
…ce account (#1588)"

This reverts commit 3a558a9.
rkpattnaik780 added a commit that referenced this pull request Jul 26, 2022
@rkpattnaik780
Revert "WIP: feat(generate-config): create config with existing servi…
3446c44 
…ce account (#1588)"

This reverts commit 3a558a9.

Signed-off-by: Ramakrishna Pattnaik <[email protected]>
@rkpattnaik780 rkpattnaik780 mentioned this pull request Aug 1, 2022
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wtrocki wtrocki wtrocki approved these changes

@jackdelahunt jackdelahunt Awaiting requested review from jackdelahunt

Assignees
No one assigned
Labels
do-not-merge/work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rkpattnaik780 @wtrocki @jackdelahunt