New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added auth policy for app-validator, app-event-service and source adapter #7349
Conversation
🥰 Documentation preview ready! 🥰 Built with commit 8320122 https://deploy-preview-7349--kyma-project-docs-preview.netlify.com |
ddc8c95
to
2107f7d
Compare
ec43470
to
129ca47
Compare
components/application-connectivity-validator/internal/validationproxy/handler.go
Outdated
Show resolved
Hide resolved
@@ -295,7 +295,8 @@ func createReverseProxy(destinationHost string, reqOpts ...requestOption) *httpu | |||
Director: func(request *http.Request) { | |||
request.URL.Scheme = "http" | |||
request.URL.Host = destinationHost | |||
|
|||
request.Host = "" | |||
delete(request.Header, "X-Forwarded-Client-Cert") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a method for that: https://golang.org/pkg/net/http/#Header.Del
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed
components/application-connectivity-validator/internal/validationproxy/handler.go
Outdated
Show resolved
Hide resolved
- from: | ||
- source: | ||
principals: | ||
- cluster.local/ns/kyma-system/sa/core-console-backend-service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the 'core' comes from a different chart. would it make sense to parameterize it here as well instead of hardcoding?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Parameterized, the best I could but release core
cannot be known to application-operator
chart.
components/application-operator/charts/application/templates/policy.yaml
Outdated
Show resolved
Hide resolved
components/application-connectivity-validator/internal/validationproxy/handler.go
Outdated
Show resolved
Hide resolved
Co-Authored-By: Barbara Szwarc <barbara.m.szwarc@gmail.com>
…olicy Conflicts: components/application-operator/cmd/manager/manager.go components/application-operator/cmd/manager/options.go components/application-operator/pkg/kymahelm/application/applicationreleasemanager_test.go components/application-operator/pkg/kymahelm/application/overrides.go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see on the image bump PR, that the strictMode
is disabled, why is that?
Have you verified that the tests are passing if the strictMode
is enabled?
components/application-operator/charts/application/templates/authorization-policy.yaml
Show resolved
Hide resolved
- /v1/health | ||
selector: | ||
matchLabels: | ||
app: newapp-event-service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't it be?
app: newapp-event-service | |
app: {{ .Release.Name }}-event-service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed
components/application-operator/charts/application/templates/authorization-policy.yaml
Show resolved
Hide resolved
This is on purpose. Right now we wanna roll out We do have a plan to create jobs in Prow which will test the whole integration in
Yes, I have verified the tests, which are running fine. |
…olicy Conflicts: components/application-operator/README.md
Description
Changes proposed in this pull request:
Related issue(s)
See #7240
Chart bump PR: #7356