Skip to content

feat: enable authservice integration#201

Merged
mjnagel merged 177 commits into
mainfrom
authservice-pepr
Jul 11, 2024
Merged

feat: enable authservice integration#201
mjnagel merged 177 commits into
mainfrom
authservice-pepr

Conversation

@rjferguson21

@rjferguson21 rjferguson21 commented Feb 22, 2024

Copy link
Copy Markdown
Contributor

Description

  • Enable Authservice integration via
enableAuthserviceSelector:
        app: httpbin
  • Update to use authservice-go
  • Creates per application AuthorizationPolicies to enable authservice

To test:
See https://github.com/defenseunicorns/uds-core/blob/authservice-pepr/docs/IDAM.md

Related Issues

N/A

@rjferguson21
rjferguson21 marked this pull request as ready for review July 10, 2024 16:10

@mjnagel mjnagel left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Working my way through the meat of the authservice code, a few small nits up front though.

Comment thread docs/configuration/uds-operator.md Outdated
Comment thread pepr.ts Outdated
Comment thread src/pepr/operator/controllers/keycloak/authservice/authorization-policy.ts Outdated
Comment thread src/pepr/operator/controllers/keycloak/authservice/authservice.ts Outdated
Comment thread src/pepr/operator/controllers/keycloak/authservice/authservice.ts
Comment thread src/pepr/operator/controllers/keycloak/authservice/config.ts
Comment thread src/pepr/operator/controllers/keycloak/client-sync.ts Outdated
Comment thread src/pepr/operator/controllers/keycloak/client-sync.ts Outdated
Comment thread src/pepr/operator/controllers/keycloak/client-sync.ts
Comment thread src/pepr/operator/crd/index.ts Outdated
Comment thread src/pepr/operator/controllers/keycloak/authservice/authorization-policy.ts Outdated
Comment thread src/authservice/chart/values.yaml Outdated
Comment thread src/pepr/operator/controllers/keycloak/authservice/authorization-policy.ts Outdated
mjnagel
mjnagel previously approved these changes Jul 11, 2024
Rob Ferguson and others added 2 commits July 11, 2024 11:55
additional path to configure CA_CERT

remove old line for setting resource name
@rjferguson21
rjferguson21 force-pushed the authservice-pepr branch 2 times, most recently from 957503c to 4c76a84 Compare July 11, 2024 17:05
rjferguson21 pushed a commit that referenced this pull request Jul 11, 2024
## Description
Improve / Add validations for package deployments and testing.

Keycloak validations are captured on this
[branch](https://github.com/defenseunicorns/uds-core/tree/authservice-pepr)
/ this [PR](#201).


## Related Issue
Fixes # [109](#109)

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed
rjferguson21 pushed a commit that referenced this pull request Jul 11, 2024
## Description
The main goal is to be able to have pepr maintain one level of logging (
info ) and uds logs at another level ( debug ).

There are some log changes in the package output to decrease extra
noise, as well as a few logs moved from debug to trace level.

This change also addresses a comment on another PR about JWT's being
logged, which was part of pepr logs at the debug level.

Definitely open to discussions about at what level we want to log the
childLog subproject.

## Related Issue

Fixes #526
Relates to #201

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed

---------

Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
@rjferguson21
rjferguson21 dismissed mjnagel’s stale review July 11, 2024 17:08

The merge-base changed after approval.

@mjnagel
mjnagel merged commit 1d4df64 into main Jul 11, 2024
@mjnagel
mjnagel deleted the authservice-pepr branch July 11, 2024 17:49
mjnagel pushed a commit that referenced this pull request Jul 12, 2024
🤖 I have created a release *beep* *boop*
---


##
[0.24.0](v0.23.0...v0.24.0)
(2024-07-12)


### ⚠ BREAKING CHANGES

* set istio passthrough gateway as optional component
(#547)

### Features

* add unicorn flavor to uds-core
([#507](#507))
([a412581](a412581))
* added standalone dns service for loki
([#548](#548))
([e2efdf9](e2efdf9))
* enable authservice integration
([#201](#201))
([1d4df64](1d4df64))
* set istio passthrough gateway as optional component
(#547)
([e1cab61](e1cab61))
* update to using default scrapeclass for tls config
([#517](#517))
([258bb6b](258bb6b))


### Bug Fixes

* decouple `devMode` and postgres egress
([#554](#554))
([1a98779](1a98779))
* grafana logout not working in some environments
([#559](#559))
([ccb9d9e](ccb9d9e))
* initial creation of child logging
([#533](#533))
([00a5140](00a5140))
* podmonitor mTLS mutations
([#566](#566))
([eb613e1](eb613e1))


### Miscellaneous

* add util function for purging orphans
([#565](#565))
([e84229a](e84229a))
* allow istio proxy injection in zarf ignored namespaces
(#513)
([8921b58](8921b58))
* **deps:** update githubactions upload-artifact to v4.3.4
([#543](#543))
([20889f2](20889f2))
* **deps:** update grafana helm chart to v8.3.2
([#542](#542))
([8ec260c](8ec260c))
* **deps:** update pepr dependencies (jest, uds-common)
([#537](#537))
([547c0bf](547c0bf))
* **deps:** update promtail helm chart to v6.16.3
([#538](#538))
([48b3fea](48b3fea))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
mjnagel pushed a commit to BagelLab/uds-core that referenced this pull request Nov 14, 2025
## Description
Improve / Add validations for package deployments and testing.

Keycloak validations are captured on this
[branch](https://github.com/defenseunicorns/uds-core/tree/authservice-pepr)
/ this [PR](defenseunicorns#201).


## Related Issue
Fixes # [109](defenseunicorns#109)

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed
mjnagel added a commit to BagelLab/uds-core that referenced this pull request Nov 14, 2025
## Description
The main goal is to be able to have pepr maintain one level of logging (
info ) and uds logs at another level ( debug ).

There are some log changes in the package output to decrease extra
noise, as well as a few logs moved from debug to trace level.

This change also addresses a comment on another PR about JWT's being
logged, which was part of pepr logs at the debug level.

Definitely open to discussions about at what level we want to log the
childLog subproject.

## Related Issue

Fixes defenseunicorns#526
Relates to defenseunicorns#201

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed

---------

Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
mjnagel added a commit to BagelLab/uds-core that referenced this pull request Nov 14, 2025
## Description
* Enable Authservice integration via 
```
enableAuthserviceSelector:
        app: httpbin
```
* Update to use authservice-go
* Creates per application AuthorizationPolicies to enable authservice
 
To test:
See
https://github.com/defenseunicorns/uds-core/blob/authservice-pepr/docs/IDAM.md

## Related Issues

N/A

---------

Co-authored-by: Jeff McCoy <code@jeffm.us>
Co-authored-by: Blake Burkhart <blake@defenseunicorns.com>
Co-authored-by: zamaz <71521611+zachariahmiller@users.noreply.github.com>
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
Co-authored-by: UnicornChance <chance@defenseunicorns.com>
Co-authored-by: Tristan Holaday <40547442+TristanHoladay@users.noreply.github.com>
mjnagel pushed a commit to BagelLab/uds-core that referenced this pull request Nov 14, 2025
🤖 I have created a release *beep* *boop*
---


##
[0.24.0](defenseunicorns/uds-core@v0.23.0...v0.24.0)
(2024-07-12)


### ⚠ BREAKING CHANGES

* set istio passthrough gateway as optional component
(defenseunicorns#547)

### Features

* add unicorn flavor to uds-core
([defenseunicorns#507](defenseunicorns#507))
([a412581](defenseunicorns@a412581))
* added standalone dns service for loki
([defenseunicorns#548](defenseunicorns#548))
([e2efdf9](defenseunicorns@e2efdf9))
* enable authservice integration
([defenseunicorns#201](defenseunicorns#201))
([1d4df64](defenseunicorns@1d4df64))
* set istio passthrough gateway as optional component
(defenseunicorns#547)
([e1cab61](defenseunicorns@e1cab61))
* update to using default scrapeclass for tls config
([defenseunicorns#517](defenseunicorns#517))
([258bb6b](defenseunicorns@258bb6b))


### Bug Fixes

* decouple `devMode` and postgres egress
([defenseunicorns#554](defenseunicorns#554))
([1a98779](defenseunicorns@1a98779))
* grafana logout not working in some environments
([defenseunicorns#559](defenseunicorns#559))
([ccb9d9e](defenseunicorns@ccb9d9e))
* initial creation of child logging
([defenseunicorns#533](defenseunicorns#533))
([00a5140](defenseunicorns@00a5140))
* podmonitor mTLS mutations
([defenseunicorns#566](defenseunicorns#566))
([eb613e1](defenseunicorns@eb613e1))


### Miscellaneous

* add util function for purging orphans
([defenseunicorns#565](defenseunicorns#565))
([e84229a](defenseunicorns@e84229a))
* allow istio proxy injection in zarf ignored namespaces
(defenseunicorns#513)
([8921b58](defenseunicorns@8921b58))
* **deps:** update githubactions upload-artifact to v4.3.4
([defenseunicorns#543](defenseunicorns#543))
([20889f2](defenseunicorns@20889f2))
* **deps:** update grafana helm chart to v8.3.2
([defenseunicorns#542](defenseunicorns#542))
([8ec260c](defenseunicorns@8ec260c))
* **deps:** update pepr dependencies (jest, uds-common)
([defenseunicorns#537](defenseunicorns#537))
([547c0bf](defenseunicorns@547c0bf))
* **deps:** update promtail helm chart to v6.16.3
([defenseunicorns#538](defenseunicorns#538))
([48b3fea](defenseunicorns@48b3fea))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants