Add digest for dex config #2573
Conversation
Hello teddyandrieux,My role is to assist you with the merge of this Status report is not available. |
ConflictA conflict has been raised during the creation of I have not created the integration branch. Here are the steps to resolve this conflict: $ git fetch
$ git checkout -B w/2.6/bugfix/GH-2569-add-digest-for-dex-config origin/development/2.6
$ git merge origin/bugfix/GH-2569-add-digest-for-dex-config
$ # <intense conflict resolution>
$ git commit
$ git push -u origin w/2.6/bugfix/GH-2569-add-digest-for-dex-config |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
There was a problem hiding this comment.
Those slots look cool 💯!
I'm a bit concerned of the flexibility however:
- Hashing string(s) in a slot is a good idea, could be reused for other sources (like local files), but not in the current approach which is tied to K8s
- Getting more than a single K8s object will very likely become a need, as workloads often consume data from both ConfigMap(s) and Secret(s)
I don't see why
Why ? For local file you already have
Then we will just need a new function that do several call on |
TeddyAndrieux
force-pushed
the
bugfix/GH-2569-add-digest-for-dex-config
branch
from
dbb25c4 to
e1f1cd1
Compare
History mismatchMerge commit #ca1c1585a65bec1e0d94c77e78cb9023de1c1002 on the integration branch It is likely due to a rebase of the branch Please use the |
|
/reset |
Reset completeI have successfully deleted this pull request's integration branches. |
ConflictA conflict has been raised during the creation of I have not created the integration branch. Here are the steps to resolve this conflict: $ git fetch
$ git checkout -B w/2.6/bugfix/GH-2569-add-digest-for-dex-config origin/development/2.6
$ git merge origin/bugfix/GH-2569-add-digest-for-dex-config
$ # <intense conflict resolution>
$ git commit
$ git push -u origin w/2.6/bugfix/GH-2569-add-digest-for-dex-config |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
TeddyAndrieux
force-pushed
the
bugfix/GH-2569-add-digest-for-dex-config
branch
from
e1f1cd1 to
2fa0e13
Compare
History mismatchMerge commit #981403740235cdba7971cc8f7d62d2090b78672c on the integration branch It is likely due to a rebase of the branch Please use the |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
TeddyAndrieux
force-pushed
the
bugfix/GH-2569-add-digest-for-dex-config
branch
from
2fa0e13 to
119a88d
Compare
History mismatchMerge commit #2fa0e1317e6f6057b4f931a273c35e940f02b126 on the integration branch It is likely due to a rebase of the branch Please use the |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
|
/approve |
TeddyAndrieux
dismissed stale reviews from alexandre-allard and gdemonet
via
f74e47d
TeddyAndrieux
force-pushed
the
bugfix/GH-2569-add-digest-for-dex-config
branch
from
119a88d to
f74e47d
Compare
History mismatchMerge commit #12028b4d4a80582f85874dd74a650204b31be2dd on the integration branch It is likely due to a rebase of the branch Please use the The following options are set: approve |
Currently Salt 3000.3 only support slots on root of salt states, but in MetalK8s context we need to render slot in nested dictionnary, for example in some kubernetes manifests. This commit add a really simple slot implementation for nested dictionnary
Use our `format_slots` implementation on the kubernetes manifest so that we can use simple salt slot in kubernetes manifest nested dictionnary
Simple helper to get a kubernetes object and then compute the digest from this object, it's mainly needed to use in slot call in manifest to get the digest from a config file in a config map or a secret
To change default user password we need it to be present in the default CSC ConfigMap so that you not need to get the user ID and other information from Dex Secret to change it in the CSC ConfigMap
We need Dex Pods to restart when secret content change, so use the
`checksum/config` annotation on the Dex Pods. This annotation is equal
to the digest of the secret content
This chart is re-rendered using:
```
./charts/render.py dex --namespace metalk8s-auth charts/dex.yaml \
--service-config dex metalk8s-dex-config \
charts/dex/ > salt/metalk8s/addons/dex/deployed/chart.sls
```
Fixes: #2569
(cherry picked from commit 1e110a3)
Add single `then` to handle Dex authentication success or fail, so that we can add a single `then` to check Dex authentication result, and move this `then` to conftest so that we can use it for other tests (like CSC)
Add ability to give int in the path so that we can take an element of the list `mydict.0` to get the first element of the list in `mydict`
Use CSC to change the password for the Admin static user and test login with this new password on Dex Refs: #2569
TeddyAndrieux
force-pushed
the
bugfix/GH-2569-add-digest-for-dex-config
branch
from
f74e47d to
9fa09f8
Compare
History mismatchMerge commit #945c524d165c7ec58926729df830cecd3bf71b8f on the integration branch It is likely due to a rebase of the branch Please use the The following options are set: approve |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following options are set: approve |
In the queueThe changeset has received all authorizations and has been added to the The changeset will be merged in:
The following branches will NOT be impacted:
There is no action required on your side. You will be notified here once IMPORTANT Please do not attempt to modify this pull request.
If you need this pull request to be removed from the queue, please contact a The following options are set: approve |
|
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue GH-2569. Goodbye teddyandrieux. |
Component:
'salt', 'authentication'
Context:
#2569
Summary:
metalk8s_kubernetesmodulechecksum/configannotation for Dex podskubectl rollout restartcommand from docFixes: #2569