Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.1.7: Use helidon.oci prefix for OCI Config and allow some oci auth types to accept federation-endpoint and tenancy-id #9765

Merged
merged 2 commits into from
Feb 10, 2025
Merged

4.1.7: Use helidon.oci prefix for OCI Config and allow some oci auth types to accept federation-endpoint and tenancy-id #9765

merged 2 commits into from
Feb 10, 2025

Conversation

barchetta
Copy link
Member

Backport #9740 to Helidon 4.1.7

Description

The PR fixes Issues 9681 and 9734 which includes the following:

  1. Allow instance-principal, resource-principal and oke-workload-identity to accept federation-endpoint and tenancy-id as config parameters. This is originally targeted just for oke-workload-identity where Instance Metadata Service (IMDS) does not work on an OKE environment. Because of these, it is unable to assemble the target endpoint as it needs the IMDS to retrieve the region. To resolve the issue, the federation-endpoint configuration is now allowed to be explicitly specified to avoid generation of endpoint using the region from IMDS. In some examples of the use of oke-workload-identity, the tenancy id is required, so this configuration parameter is also added as an option. Furthermore, because instance-principal and resource-principal providers extends AbstractRequestingAuthenticationDetailsProvider similar to oke-workload-instance, hence they are included in the change to allow those optional parameters.
  2. Fix a bug where the oci configuration does not work when prefixed with "helidon.oci".
  3. Add comprehensive testing coverage for above changes.

Documentation

Related readme files were already updated as part of this change

If no doc impact: None

@klustria @barchetta
Use helidon.oci prefix for OCI Config and allow some oci auth types t…
9253978 
…o accept federation-endpoint and tenancy-id (helidon-io#9740)

The PR fixes Issues 9681 and 9734 which includes the following:
1. Allow instance-principal, resource-principal and oke-workload-identity to accept federation-endpoint and tenancy-id as config parameters. This is originally targeted just for oke-workload-identity where Instance Metadata Service (IMDS) does not work on an OKE environment. Because of these, it is unable to assemble the target endpoint as it needs the IMDS to retrieve the region. To resolve the issue, the federation-endpoint configuration is now allowed to be explicitly specified to avoid generation of endpoint using the region from IMDS. In some examples of the use of oke-workload-identity, the tenancy id is required, so this configuration parameter is also added as an option. Furthermore, because instance-principal and resource-principal providers extends AbstractRequestingAuthenticationDetailsProvider similar to oke-workload-instance, hence they are included in the change to allow those optional parameters.
2. Fix a bug where the oci configuration does not work when prefixed with "helidon.oci".
3. Add comprehensive testing coverage for above changes.
4. Remove unnecessary Weight annotation with default value and replace WARNING message with TRACE when oci config does not use "helidon.oci"
@barchetta barchetta added the backport Issues that are merged into a single branch, but missing in either master or previous release label Feb 10, 2025
@barchetta barchetta added this to the 4.1.7 milestone Feb 10, 2025
@barchetta barchetta requested a review from klustria February 10, 2025 16:21
@barchetta barchetta self-assigned this Feb 10, 2025
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Feb 10, 2025
@barchetta barchetta mentioned this pull request Feb 10, 2025
Closed
15 tasks
klustria
klustria approved these changes Feb 10, 2025
View reviewed changes
Copy link
Member

@klustria klustria left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@barchetta barchetta merged commit 5e8864f into helidon-io:helidon-4.1.x Feb 10, 2025
44 checks passed
@barchetta barchetta deleted the 4.1.7-9740-backport branch February 10, 2025 23:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klustria klustria klustria approved these changes

Assignees

@barchetta barchetta

Labels
backport Issues that are merged into a single branch, but missing in either master or previous release OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
4.1.7
Development

Successfully merging this pull request may close these issues.
2 participants
@barchetta @klustria