IAM-224-Oauth interface implementation #278
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bencekov
force-pushed
the
IAM-224-implement-oauth-interface
branch
from
5c28065
to
9c3f993
Compare
nsklikas
reviewed
Nov 27, 2023
There was a problem hiding this comment.
I think that the oauth_tools.constants.OAUTH_RELATION var should be removed. It is used in too many places and I find it confusing.
Also not sure if all of the helper functions make much sense, e.g. I would expect access_application_login_page to simply navigate me to a page, but it also expects a redirect to happen. This seems to specific to this use case and I am not sure if we need to abstract it.
bencekov
added a commit
to bencekov/grafana-k8s-operator
that referenced
this pull request
Dec 5, 2023
bencekov
added a commit
to bencekov/grafana-k8s-operator
that referenced
this pull request
Dec 5, 2023
bencekov
added a commit
to bencekov/grafana-k8s-operator
that referenced
this pull request
Dec 5, 2023
refactor: refactors made on comments on pr canonical#278
bencekov
force-pushed
the
IAM-224-implement-oauth-interface
branch
from
fe4458f
to
2c24f25
Compare
bencekov
added a commit
to bencekov/grafana-k8s-operator
that referenced
this pull request
Dec 6, 2023
feat: added settings for enabling refresh tokens refactor: refactors made on comments on pr canonical#278
bencekov
force-pushed
the
IAM-224-implement-oauth-interface
branch
from
e4e77f2
to
c43b0be
Compare
bencekov
requested review from
sed-i,
Abuelodelanada,
lucabello,
PietroPasotti,
dstathis and
simskij
as code owners
nsklikas
reviewed
Dec 8, 2023
bencekov
added a commit
to bencekov/grafana-k8s-operator
that referenced
this pull request
Dec 8, 2023
bencekov
added a commit
to bencekov/grafana-k8s-operator
that referenced
this pull request
Dec 8, 2023
bencekov
force-pushed
the
IAM-224-implement-oauth-interface
branch
3 times, most recently
from
273027e
to
f537bf3
Compare
nsklikas
force-pushed
the
IAM-224-implement-oauth-interface
branch
from
5d59ee0
to
fdef95c
Compare
nsklikas
pushed a commit
to bencekov/grafana-k8s-operator
that referenced
this pull request
Dec 13, 2023
feat: added settings for enabling refresh tokens refactor: refactors made on comments on pr canonical#278
nsklikas
pushed a commit
to bencekov/grafana-k8s-operator
that referenced
this pull request
Dec 13, 2023
nsklikas
force-pushed
the
IAM-224-implement-oauth-interface
branch
4 times, most recently
from
45e9af1
to
9a9be8b
Compare
nsklikas
force-pushed
the
IAM-224-implement-oauth-interface
branch
from
38fa097
to
6eef76b
Compare
pass oauth config as env variables fix mypy issue address review comments
send new client config to oauth relation on config_changed event address review comments fix lint
fix pyright check error fix relation-broken event, change oauth provider name fix integration tests fix rebase issue
fix: rebase conflict
fix: rebase correction
feat: added settings for enabling refresh tokens refactor: refactors made on comments on pr canonical#278
The ca certs were updated after the services restarted
This reverts commit b636947.
nsklikas
force-pushed
the
IAM-224-implement-oauth-interface
branch
from
6eef76b
to
1d047b3
Compare
nsklikas
force-pushed
the
IAM-224-implement-oauth-interface
branch
from
1d047b3
to
24283e1
Compare
sed-i
approved these changes
Jan 18, 2024
lucabello
approved these changes
Jan 18, 2024
3 tasks
|
Just for reference: graph LR
hydra ---|pg-database:database| postgresql-k8s
kratos ---|pg-database:database| postgresql-k8s
kratos ---|endpoint-info| hydra
kratos-external-idp-integrator ---|kratos-external-idp| kratos
hydra ---|admin-ingress:ingress| traefik-admin
hydra ---|public-ingress:ingress| traefik-public
kratos ---|admin-ingress:ingress| traefik-admin
kratos ---|public-ingress:ingress| traefik-public
identity-platform-login-ui-operator ---|ingress| traefik-public
identity-platform-login-ui-operator ---|endpoint-info| hydra
identity-platform-login-ui-operator ---|ui-endpoint-info| hydra
identity-platform-login-ui-operator ---|ui-endpoint-info| kratos
identity-platform-login-ui-operator ---|kratos-endpoint-info| kratos
identity-platform-admin-ui-operator --- oathkeeper
identity-platform-admin-ui-operator --- hydra
identity-platform-admin-ui-operator --- kratos
openfga --- postgresql-k8s
openfga --- identity-platform-admin-ui-operator
openfga --- identity-platform-login-ui-operator
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
Grafana is Oauth 2.0 capable, but the charm currently can't use the Identity Platform's oauth interface.
Solution
This pr implements integration with the oauth interface, and includes unit and integration tests to verify correct behavior.
Context
Relevant projects are:
playwright
Identity bundle
Hydra charm
Testing Instructions
Use tox for both unit and integration test.
Release Notes