-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support to bootstrap from a user-supplied security.json and minor refactorings to pass auth headers through a Context #356
Support to bootstrap from a user-supplied security.json and minor refactorings to pass auth headers through a Context #356
Conversation
…actorings to pass auth headers through a Context
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok this looks good!
Was stumped a bit here but I think it looks good (and I think I understand it haha).
Only things left to do are:
- Changelog entry (in solr-operator Chart.yaml)
- Add the option to the solr helm chart & helm chart documentation.
@@ -144,6 +173,34 @@ var _ = FDescribe("SolrCloud controller - Basic Auth", func() { | |||
expectStatefulSetBasicAuthConfig(ctx, solrCloud, false) | |||
}) | |||
}) | |||
|
|||
FContext("User Provided Credentials and security.json ConfigMap", func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FContext("User Provided Credentials and security.json ConfigMap", func() { | |
FContext("User Provided Credentials and security.json Secret", func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ugh, sorry @HoustonPutman ... moved a little too fast with that conversion! thanks for catching those I missed.
security.SecurityJson = string(bootstrapSecret.Data[SecurityJsonFile]) | ||
basicAuthSecret = authSecret | ||
security.SecurityJsonSrc = &corev1.EnvVarSource{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. love it.
} | ||
security.CredentialsSecret = basicAuthSecret | ||
|
||
// is there a user-provided security.json in a ConfigMap? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// is there a user-provided security.json in a ConfigMap? | |
// is there a user-provided security.json in a Secret? |
} | ||
security.SecurityJson = securityJson | ||
security.SecurityJsonSrc = &corev1.EnvVarSource{SecretKeyRef: sec.BootstrapSecurityJson} | ||
} // else no user-provided configMap, no sweat for us |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
} // else no user-provided configMap, no sweat for us | |
} // else no user-provided secret, no sweat for us |
@@ -431,3 +483,22 @@ func useSecureProbe(solrCloud *solr.SolrCloud, probe *corev1.Probe, mountPath st | |||
probe.TimeoutSeconds = 5 | |||
} | |||
} | |||
|
|||
// Called during reconcile to load the security.json from a user-supplied ConfigMap |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Called during reconcile to load the security.json from a user-supplied ConfigMap | |
// Called during reconcile to load the security.json from a user-supplied Secret |
Resolves #355
Includes the non-OIDC related security changes from #346