Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identity-operate integration #268

Merged
merged 21 commits into from
Apr 12, 2022
Merged

Identity-operate integration #268

merged 21 commits into from
Apr 12, 2022

Conversation

Zelldon
Copy link
Member

@Zelldon Zelldon commented Apr 11, 2022
edited
Loading

Integrates Identity with Operate.

  • uses the recent release candidate at the time (8.0.0-rc1)
  • Configure Operate and Identity to communicate with each other
  • Make it possible to disable this configuration
  • Auto generate a secret for Operate-Identity ( can be also overwritten by user and an existing secret)
  • Adjust docs, values file
  • Add notes in Helm release notes file
  • Add template tests
  • Add integration test for operate login

New notes:

### Operate

As part of the Operate HELM Chart an ingress definition can be deployed, but you require to have an Ingress Controller for that Ingress to be Exposed.
In order to deploy the ingress manifest, set `operate.ingress.enabled` to `true`.
If you don't have an Ingress Controller you can use kubectl port-forward to access Operate from outside the cluster:

> kubectl port-forward svc/camunda-platform-test-operate 8080:80

Per default authentication via Identity/Keycloak is enabled. In order to login into Operate please port-forward to Keycloak
as well, otherwise a login will not be possible. Make sure you use `18080` as port.

> kubectl port-forward svc/camunda-platform-tes 18080:80

Now you can point your browser to `http://localhost:8080`

Default user and password: "demo/demo"

@dlavrenuek maybe you can shortly check whether the config is like we discuss ( I would expect, just to be sure)
@npepinpe please do a normal review :)

@Zelldon
fix: use more recent version
73b5aa4
@Zelldon
feat: configure identity with operate
bb94219
@Zelldon
feat: generate secret for operate-identity
c9c238b
@Zelldon
fix: set initRootUrl from values file
baa5a78
@Zelldon
feat: use generate secret in operate
3cc3772
@Zelldon
feat: make identity auth in operate toggleable
c447487
@Zelldon
refactor: rename and add doc
45b33b1
@Zelldon
refactor: generate golden files
9ab9f32
@Zelldon
test: try with jwt token
1d115a0
@Zelldon
test: login and query operate works now
6c68f9a
@Zelldon
refactor: rewrite/simplify test methods
cd91420 
Introduce new methods, which can be reused (e.g. seeionBasedLogin). Remove unnecessary parameters, return values etc.
@Zelldon
feat: use publicIssuerUrl in deployment
70206e4
@Zelldon
test: add operate-secret to golden files
1c42c43
@Zelldon
test: add test for identity deployment
f2f838c
@Zelldon
test: add test for operate deployment
524aae6
@Zelldon
style: gofmt
26d8267
@Zelldon
docs: add values to readme
262bc1b
@Zelldon
refactor: adjust release notes
0d4fa6e
@Zelldon
test: ignore gen. secret in golden test
2563b31 
Per default secret for operate-identity is auto-generated which makes it hard to test with golden files. We ignore this secret line in the goldenfiles, and test is separately.
@Zelldon Zelldon marked this pull request as ready for review April 11, 2022 08:56
Zelldon
Zelldon commented Apr 11, 2022
View reviewed changes
charts/camunda-platform/templates/NOTES.txt

> kubectl port-forward svc/{{ .Release.Name }}-identity 8080:80
> kubectl port-forward svc/{{ .Release.Name }}-keycl 18080:80
> kubectl port-forward svc/{{ include "common.names.dependency.fullname" (dict "chartName" "keycloak" "chartValues" .Values.identity.keycloak "context" $) | trunc 20 | trimSuffix "-" }} 18080:80
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keycloak has the weird property to cap the names at 20 chars, the reason is that wildfly only supports a certain amount of characters 🤷 😆

This was referenced Apr 11, 2022
Closed
Merged
npepinpe
npepinpe approved these changes Apr 11, 2022
View reviewed changes
Copy link
Member

@npepinpe npepinpe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@dlavrenuek - I didn't really check if it's correctly configured or working properly, just that it starts. I think you will be better placed to check that it works as expected.

Other notes:

  • ❓ The version is 8.0.0-rc1, I guess we'll bump this to 8.0.0 soon? Everything should be available now.
  • ❓ There are 4 configuration settings for the integration, but only two of them are tested in the deployment test, and one in the secret test - any reason for not testing the last one about the root URL? Or maybe I missed it.

Anyway, no blockers that I could see

charts/camunda-platform/README.md Show resolved Hide resolved
charts/camunda-platform/charts/identity/templates/operate-secret.yaml Show resolved Hide resolved
charts/camunda-platform/README.md Outdated Show resolved Hide resolved
charts/camunda-platform/charts/operate/templates/deployment.yaml Show resolved Hide resolved
charts/camunda-platform/templates/NOTES.txt Outdated Show resolved Hide resolved
charts/camunda-platform/test/identity/deployment_test.go Show resolved Hide resolved
@Zelldon
Copy link
Member Author

Zelldon commented Apr 11, 2022

Thanks for your review @npepinpe 👍

Regarding your questions:

Other notes:

❓ The version is 8.0.0-rc1, I guess we'll bump this to 8.0.0 soon? Everything should be available now.

I will do it after I merged all PR's, otherwise we have to many conflicts.

❓ There are 4 configuration settings for the integration, but only two of them are tested in the deployment test, and one in the secret test - any reason for not testing the last one about the root URL? Or maybe I missed it.

The others are tested via golden files. In the template tests (in deployment test) we only test conditional properties.

I will merge it after @dlavrenuek gives us the go :)

dlavrenuek
dlavrenuek reviewed Apr 12, 2022
View reviewed changes
Copy link
Contributor

@dlavrenuek dlavrenuek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some small comments but not a deal breaker from my side

@Zelldon
Copy link
Member Author

Zelldon commented Apr 12, 2022

Thanks for your reviews I will merge this. I think we can continuously improve if we see anything.

@Zelldon Zelldon merged commit 711a644 into main Apr 12, 2022
@Zelldon Zelldon deleted the zell-identity-operate branch April 12, 2022 08:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@npepinpe npepinpe npepinpe approved these changes

@dlavrenuek dlavrenuek dlavrenuek left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Zelldon @npepinpe @dlavrenuek