Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: OIDC support #660

Merged
merged 32 commits into from
Aug 27, 2024
Merged

feat: OIDC support #660

merged 32 commits into from
Aug 27, 2024

Conversation

labrenbe
Copy link
Member

@labrenbe labrenbe commented Aug 5, 2024
edited by sbernauer
Loading

Description

Closes #633

  • Add support for OIDC with/without TLS
  • Refactor authentication changing CRD to ClientAuthenticationDetails from operator-rs
  • Add debug profile for VS Code
  • Update documentation

Integration tests (nightly) were successful: https://testing.stackable.tech/view/02%20Operator%20Tests%20(custom)/job/nifi-operator-it-custom/10/

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes

Author
Beta Give feedback

Reviewer
Beta Give feedback

Acceptance
Beta Give feedback

sbernauer and others added 22 commits June 28, 2024 16:16
@sbernauer @maltesander @labrenbe
fix: Correctly encode user given content, such as passwords (#627)
2f4af4d 
* fix: Correctly encode user given content, such as passwords

* changelog

* fix bcrypt problems

* Update rust/operator-binary/src/security/authentication.rs

Co-authored-by: Malte Sander <[email protected]>

---------

Co-authored-by: Malte Sander <[email protected]>
@labrenbe
add vscode debugging profile
a31fde1
@labrenbe
wip: add integration test for oidc
c612bf4
@labrenbe
Merge remote-tracking branch 'origin/main' into feat/oidc-support
4054c17
@labrenbe
Merge remote-tracking branch 'origin/main' into feat/oidc-support
8e4ca19
@labrenbe
wip: debug oidc & jwts
7b89547
@labrenbe
wip
d96503c
@NickLarsenNZ
wip: map over ContainerBuilders
6a005ae
@labrenbe
fix oidc test
ec83a52
@labrenbe
fix oidc test
1ac981b
@labrenbe
fix clippy, update CRD and remove debug files
46cebd1
@labrenbe
Merge remote-tracking branch 'origin/main' into feat/oidc-support
e6ecd09
@labrenbe
run cargo fmt
5a6ad47
@labrenbe
address clippy and yamllint feedback
f6b5dcb
@labrenbe
remove unneccessary return
9baf17e
@labrenbe
reenable all tests
e007773
@labrenbe
add docs and fix oidc test
07e8d1a
@labrenbe
remove reporting task from oidc test
d357343
@labrenbe
add debug logging
458cd29
@labrenbe
fix test logging
0247445
@labrenbe
use nifi-latest in oidc test
3087d46
@labrenbe
add comment why nifi-latest is used
cd49351
@labrenbe labrenbe marked this pull request as ready for review August 6, 2024 22:41
@labrenbe labrenbe linked an issue Aug 6, 2024 that may be closed by this pull request
OpenID Connect Support #633
Closed
@sbernauer sbernauer self-requested a review August 14, 2024 11:16
sbernauer
sbernauer requested changes Aug 14, 2024
View reviewed changes
Copy link
Member

@sbernauer sbernauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I only had the time to look at the Rust code so far, which looks very nice, awesome! Mostly nitpicking comments

.vscode/launch.json Outdated Show resolved Hide resolved
deploy/helm/nifi-operator/crds/crds.yaml Show resolved Hide resolved
docs/modules/nifi/pages/usage_guide/security.adoc Outdated Show resolved Hide resolved
docs/modules/nifi/pages/usage_guide/security.adoc Outdated Show resolved Hide resolved
docs/modules/nifi/pages/usage_guide/security.adoc Outdated Show resolved Hide resolved
rust/operator-binary/src/controller.rs Outdated Show resolved Hide resolved
rust/operator-binary/src/security/authentication.rs Show resolved Hide resolved
rust/operator-binary/src/security/authentication.rs Show resolved Hide resolved
rust/operator-binary/src/security/authentication.rs Outdated Show resolved Hide resolved
rust/crd/src/authentication.rs Outdated Show resolved Hide resolved
sbernauer
sbernauer requested changes Aug 15, 2024
View reviewed changes
Copy link
Member

@sbernauer sbernauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now had the time to look at the test 😅

tests/templates/kuttl/oidc/01_keycloak.yaml.j2 Outdated Show resolved Hide resolved
tests/templates/kuttl/oidc/01_keycloak.yaml.j2 Outdated Show resolved Hide resolved
tests/templates/kuttl/oidc/01_keycloak.yaml.j2 Outdated Show resolved Hide resolved
tests/templates/kuttl/oidc/03-install-test-nifi.yaml.j2 Outdated Show resolved Hide resolved
tests/templates/kuttl/oidc/11-create-authentication-classes.yaml.j2 Outdated Show resolved Hide resolved
tests/templates/kuttl/oidc/11_authentication-classes.yaml.j2 Outdated Show resolved Hide resolved
tests/templates/kuttl/oidc/01_keycloak.yaml.j2 Outdated Show resolved Hide resolved
tests/test-definition.yaml Outdated Show resolved Hide resolved
@labrenbe
Copy link
Member Author

The full integration test suite was success after the latest changes:
https://testing.stackable.tech/job/nifi-operator-it-custom/12/consoleFull

sbernauer
sbernauer reviewed Aug 26, 2024
View reviewed changes
tests/templates/kuttl/oidc/20-assert.yaml Outdated Show resolved Hide resolved
tests/test-definition.yaml Outdated Show resolved Hide resolved
sbernauer
sbernauer requested changes Aug 26, 2024
View reviewed changes
Copy link
Member

@sbernauer sbernauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are getting close, only 3 conversations remaining :)

sbernauer
sbernauer approved these changes Aug 27, 2024
View reviewed changes
Copy link
Member

@sbernauer sbernauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@labrenbe labrenbe added this pull request to the merge queue Aug 27, 2024
Merged via the queue into main with commit c61a0c0 Aug 27, 2024
31 checks passed
@labrenbe labrenbe deleted the feat/oidc-support branch August 27, 2024 13:36
@sbernauer sbernauer added release-note Denotes a PR that will be considered when it comes time to generate release notes. release/2024-11 labels Aug 27, 2024
@sbernauer
Copy link
Member

Updated feature tracker and labels

@sbernauer sbernauer mentioned this pull request Oct 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbernauer sbernauer sbernauer approved these changes

Assignees
No one assigned
Labels
release/2024-11 release-note Denotes a PR that will be considered when it comes time to generate release notes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OpenID Connect Support
3 participants
@labrenbe @sbernauer @NickLarsenNZ