feat: enable authservice integration#201
Merged
Merged
Conversation
rjferguson21
marked this pull request as ready for review
July 10, 2024 16:10
mjnagel
reviewed
Jul 10, 2024
mjnagel
left a comment
Contributor
There was a problem hiding this comment.
Working my way through the meat of the authservice code, a few small nits up front though.
mjnagel
reviewed
Jul 10, 2024
mjnagel
reviewed
Jul 11, 2024
mjnagel
previously approved these changes
Jul 11, 2024
rjferguson21
force-pushed
the
authservice-pepr
branch
from
July 11, 2024 16:53
bf1d446 to
faf3ce8
Compare
additional path to configure CA_CERT remove old line for setting resource name
rjferguson21
force-pushed
the
authservice-pepr
branch
2 times, most recently
from
July 11, 2024 17:05
957503c to
4c76a84
Compare
rjferguson21
pushed a commit
that referenced
this pull request
Jul 11, 2024
## Description Improve / Add validations for package deployments and testing. Keycloak validations are captured on this [branch](https://github.com/defenseunicorns/uds-core/tree/authservice-pepr) / this [PR](#201). ## Related Issue Fixes # [109](#109) ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed
rjferguson21
pushed a commit
that referenced
this pull request
Jul 11, 2024
## Description The main goal is to be able to have pepr maintain one level of logging ( info ) and uds logs at another level ( debug ). There are some log changes in the package output to decrease extra noise, as well as a few logs moved from debug to trace level. This change also addresses a comment on another PR about JWT's being logged, which was part of pepr logs at the debug level. Definitely open to discussions about at what level we want to log the childLog subproject. ## Related Issue Fixes #526 Relates to #201 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
rjferguson21
dismissed
mjnagel’s stale review
July 11, 2024 17:08
The merge-base changed after approval.
rjferguson21
force-pushed
the
authservice-pepr
branch
from
July 11, 2024 17:08
4c76a84 to
957503c
Compare
mjnagel
approved these changes
Jul 11, 2024
mjnagel
pushed a commit
that referenced
this pull request
Jul 12, 2024
🤖 I have created a release *beep* *boop* --- ## [0.24.0](v0.23.0...v0.24.0) (2024-07-12) ### ⚠ BREAKING CHANGES * set istio passthrough gateway as optional component (#547) ### Features * add unicorn flavor to uds-core ([#507](#507)) ([a412581](a412581)) * added standalone dns service for loki ([#548](#548)) ([e2efdf9](e2efdf9)) * enable authservice integration ([#201](#201)) ([1d4df64](1d4df64)) * set istio passthrough gateway as optional component (#547) ([e1cab61](e1cab61)) * update to using default scrapeclass for tls config ([#517](#517)) ([258bb6b](258bb6b)) ### Bug Fixes * decouple `devMode` and postgres egress ([#554](#554)) ([1a98779](1a98779)) * grafana logout not working in some environments ([#559](#559)) ([ccb9d9e](ccb9d9e)) * initial creation of child logging ([#533](#533)) ([00a5140](00a5140)) * podmonitor mTLS mutations ([#566](#566)) ([eb613e1](eb613e1)) ### Miscellaneous * add util function for purging orphans ([#565](#565)) ([e84229a](e84229a)) * allow istio proxy injection in zarf ignored namespaces (#513) ([8921b58](8921b58)) * **deps:** update githubactions upload-artifact to v4.3.4 ([#543](#543)) ([20889f2](20889f2)) * **deps:** update grafana helm chart to v8.3.2 ([#542](#542)) ([8ec260c](8ec260c)) * **deps:** update pepr dependencies (jest, uds-common) ([#537](#537)) ([547c0bf](547c0bf)) * **deps:** update promtail helm chart to v6.16.3 ([#538](#538)) ([48b3fea](48b3fea)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
mjnagel
pushed a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
## Description Improve / Add validations for package deployments and testing. Keycloak validations are captured on this [branch](https://github.com/defenseunicorns/uds-core/tree/authservice-pepr) / this [PR](defenseunicorns#201). ## Related Issue Fixes # [109](defenseunicorns#109) ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed
mjnagel
added a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
## Description The main goal is to be able to have pepr maintain one level of logging ( info ) and uds logs at another level ( debug ). There are some log changes in the package output to decrease extra noise, as well as a few logs moved from debug to trace level. This change also addresses a comment on another PR about JWT's being logged, which was part of pepr logs at the debug level. Definitely open to discussions about at what level we want to log the childLog subproject. ## Related Issue Fixes defenseunicorns#526 Relates to defenseunicorns#201 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
mjnagel
added a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
## Description
* Enable Authservice integration via
```
enableAuthserviceSelector:
app: httpbin
```
* Update to use authservice-go
* Creates per application AuthorizationPolicies to enable authservice
To test:
See
https://github.com/defenseunicorns/uds-core/blob/authservice-pepr/docs/IDAM.md
## Related Issues
N/A
---------
Co-authored-by: Jeff McCoy <code@jeffm.us>
Co-authored-by: Blake Burkhart <blake@defenseunicorns.com>
Co-authored-by: zamaz <71521611+zachariahmiller@users.noreply.github.com>
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
Co-authored-by: UnicornChance <chance@defenseunicorns.com>
Co-authored-by: Tristan Holaday <40547442+TristanHoladay@users.noreply.github.com>
mjnagel
pushed a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
🤖 I have created a release *beep* *boop* --- ## [0.24.0](defenseunicorns/uds-core@v0.23.0...v0.24.0) (2024-07-12) ### ⚠ BREAKING CHANGES * set istio passthrough gateway as optional component (defenseunicorns#547) ### Features * add unicorn flavor to uds-core ([defenseunicorns#507](defenseunicorns#507)) ([a412581](defenseunicorns@a412581)) * added standalone dns service for loki ([defenseunicorns#548](defenseunicorns#548)) ([e2efdf9](defenseunicorns@e2efdf9)) * enable authservice integration ([defenseunicorns#201](defenseunicorns#201)) ([1d4df64](defenseunicorns@1d4df64)) * set istio passthrough gateway as optional component (defenseunicorns#547) ([e1cab61](defenseunicorns@e1cab61)) * update to using default scrapeclass for tls config ([defenseunicorns#517](defenseunicorns#517)) ([258bb6b](defenseunicorns@258bb6b)) ### Bug Fixes * decouple `devMode` and postgres egress ([defenseunicorns#554](defenseunicorns#554)) ([1a98779](defenseunicorns@1a98779)) * grafana logout not working in some environments ([defenseunicorns#559](defenseunicorns#559)) ([ccb9d9e](defenseunicorns@ccb9d9e)) * initial creation of child logging ([defenseunicorns#533](defenseunicorns#533)) ([00a5140](defenseunicorns@00a5140)) * podmonitor mTLS mutations ([defenseunicorns#566](defenseunicorns#566)) ([eb613e1](defenseunicorns@eb613e1)) ### Miscellaneous * add util function for purging orphans ([defenseunicorns#565](defenseunicorns#565)) ([e84229a](defenseunicorns@e84229a)) * allow istio proxy injection in zarf ignored namespaces (defenseunicorns#513) ([8921b58](defenseunicorns@8921b58)) * **deps:** update githubactions upload-artifact to v4.3.4 ([defenseunicorns#543](defenseunicorns#543)) ([20889f2](defenseunicorns@20889f2)) * **deps:** update grafana helm chart to v8.3.2 ([defenseunicorns#542](defenseunicorns#542)) ([8ec260c](defenseunicorns@8ec260c)) * **deps:** update pepr dependencies (jest, uds-common) ([defenseunicorns#537](defenseunicorns#537)) ([547c0bf](defenseunicorns@547c0bf)) * **deps:** update promtail helm chart to v6.16.3 ([defenseunicorns#538](defenseunicorns#538)) ([48b3fea](defenseunicorns@48b3fea)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
To test:
See https://github.com/defenseunicorns/uds-core/blob/authservice-pepr/docs/IDAM.md
Related Issues
N/A