feat: Implement basic auth provider structure #1864
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Matovidlo
changed the base branch from
main
to
mv-PSGO-643-new-basic-auth-form-page-promting-password
Matovidlo
force-pushed
the
mv-PSGO-649-add-new-basic-auth-provider
branch
2 times, most recently
from
3814c97 to
10bb411
Compare
Matovidlo
changed the title
Matovidlo
changed the title
Matovidlo
force-pushed
the
mv-PSGO-649-add-new-basic-auth-provider
branch
from
10bb411 to
7844b08
Compare
Matovidlo
changed the base branch from
mv-PSGO-643-new-basic-auth-form-page-promting-password
to
main
Matovidlo
force-pushed
the
mv-PSGO-649-add-new-basic-auth-provider
branch
from
7844b08 to
77b1546
Compare
Matovidlo
force-pushed
the
mv-PSGO-649-add-new-basic-auth-provider
branch
5 times, most recently
from
351c975 to
01d9390
Compare
Matovidlo
commented
Jun 26, 2024
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/oidcproxy/doc.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/selector/handler.go
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/selector/selector.go
Outdated
Show resolved
Hide resolved
jachym-tousek-keboola
requested changes
Jun 26, 2024
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/oidcproxy/doc.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/selector/selector.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Outdated
Show resolved
Hide resolved
Matovidlo
force-pushed
the
mv-PSGO-649-add-new-basic-auth-provider
branch
from
b1c8581 to
31d2476
Compare
Matovidlo
commented
Jun 27, 2024
There was a problem hiding this comment.
@jachym-tousek-keboola how is it possible to redirect the form page to upstream handler? I did not find solution yet.
Matovidlo
force-pushed
the
mv-PSGO-649-add-new-basic-auth-provider
branch
9 times, most recently
from
184f3dd to
795bbf8
Compare
Mock response with `simpleAuth` example instead of OIDC.
Change name from form->login based on design. Adjust the css so the design is correct.
Add cookies tests and sign out one. Coverage 90%
Update p -> password, do not panic in handler. Change error message when host:port cannot be splitted. The error is just internal for client. We have spans in DD to locate the issue.
Prevent copy of cookie to another app with same password. The appID should prevent to generate same hash as in other app. Therefore the cookies could be way to do enumerative attack.
Fix sign_out to do redirection instead of passing request further and unseting cookies. Remove loop when being on `_proxy/sign_out` to not pass through form when providing password. The correct behaviour is, when going on `_proxy/sign_out` redirects automatically to `h.SignInPath()` so to `_proxy/form`.
Do not pass to upstream instead do StatusMovedPermanently, which discards previous form request that was used to verify password. `rd` stores various url paths except that are prefixed with config.InternalPrefix. This prevents of staying on `_proxy` pages and typically goes to `/`.
Should protect input form, including escaping, new required configurable salt for CSRF token generator.
Matovidlo
force-pushed
the
mv-PSGO-649-add-new-basic-auth-provider
branch
from
4b7b51a to
679976a
Compare
Matovidlo
requested review from
jachym-tousek-keboola and
hosekpeter
and removed request for
hosekpeter
jachym-tousek-keboola
requested changes
Jul 4, 2024
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Outdated
Show resolved
Hide resolved
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Outdated
Show resolved
Hide resolved
Add comments for gosec G203
Apps Proxy Kubernetes Diff [CI]Between Expand--- /tmp/artifacts/test-k8s-state.old.json.processed.kv 2024-07-08 07:58:56.441748978 +0000
+++ /tmp/artifacts/test-k8s-state.new.json.processed.kv 2024-07-08 07:58:56.577752164 +0000
@@ -82 +82 @@
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[5].name = "DD_AGENT_HOST";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[5].name = "APPS_PROXY_CSRF_TOKEN_SALT";
@@ -84,3 +84,3 @@
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[5].valueFrom.fieldRef = {};
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[5].valueFrom.fieldRef.apiVersion = "v1";
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath = "status.hostIP";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[5].valueFrom.secretKeyRef = {};
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[5].valueFrom.secretKeyRef.key = "csrfTokenSalt";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[5].valueFrom.secretKeyRef.name = "apps-proxy-csrf-token-salt";
@@ -88 +88 @@
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[6].name = "DD_ENV";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[6].name = "DD_AGENT_HOST";
@@ -92 +92 @@
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "status.hostIP";
@@ -94 +94 @@
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[7].name = "DD_SERVICE";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[7].name = "DD_ENV";
@@ -98 +98 @@
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/service']";�...
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']";
@@ -100 +100 @@
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[8].name = "DD_VERSION";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[8].name = "DD_SERVICE";
@@ -104,2 +104,8 @@
-<Deployment/apps-proxy>.spec.template.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/version']";�...
-<Deployment/apps-proxy>.spec.template.spec.containers[0].image = "docker.io/keboola/apps-proxy:484f050-1720425175";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/service']";�...
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[9] = {};
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[9].name = "DD_VERSION";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[9].valueFrom = {};
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[9].valueFrom.fieldRef = {};
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[9].valueFrom.fieldRef.apiVersion = "v1";
+<Deployment/apps-proxy>.spec.template.spec.containers[0].env[9].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/version']";�...
+<Deployment/apps-proxy>.spec.template.spec.containers[0].image = "docker.io/keboola/apps-proxy:11a17dd-1720425413";
@@ -392,3 +398,3 @@
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].name = "DD_AGENT_HOST";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].name = "DD_AGENT_HOST";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].name = "DD_AGENT_HOST";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].name = "APPS_PROXY_CSRF_TOKEN_SALT";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].name = "APPS_PROXY_CSRF_TOKEN_SALT";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].name = "APPS_PROXY_CSRF_TOKEN_SALT";
@@ -398,9 +404,9 @@
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.fieldRef = {};
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.fieldRef = {};
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.fieldRef = {};
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.fieldRef.apiVersion = "v1";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.fieldRef.apiVersion = "v1";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.fieldRef.apiVersion = "v1";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath = "status.hostIP";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath = "status.hostIP";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath = "status.hostIP";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.secretKeyRef = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.secretKeyRef = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.secretKeyRef = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.secretKeyRef.key = "csrfTokenSalt";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.secretKeyRef.key = "csrfTokenSalt";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.secretKeyRef.key = "csrfTokenSalt";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.secretKeyRef.name = "apps-proxy-csrf-token-salt";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.secretKeyRef.name = "apps-proxy-csrf-token-salt";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[5].valueFrom.secretKeyRef.name = "apps-proxy-csrf-token-salt";
@@ -410,3 +416,3 @@
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].name = "DD_ENV";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].name = "DD_ENV";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].name = "DD_ENV";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].name = "DD_AGENT_HOST";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].name = "DD_AGENT_HOST";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].name = "DD_AGENT_HOST";
@@ -422,3 +428,3 @@
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "status.hostIP";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "status.hostIP";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "status.hostIP";
@@ -428,3 +434,3 @@
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].name = "DD_SERVICE";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].name = "DD_SERVICE";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].name = "DD_SERVICE";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].name = "DD_ENV";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].name = "DD_ENV";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].name = "DD_ENV";
@@ -440,3 +446,3 @@
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/service']";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/service']";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/service']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']";
@@ -446,3 +452,3 @@
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].name = "DD_VERSION";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].name = "DD_VERSION";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].name = "DD_VERSION";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].name = "DD_SERVICE";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].name = "DD_SERVICE";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].name = "DD_SERVICE";
@@ -458,6 +464,24 @@
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/version']";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/version']";
-<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/version']";
-<Pod/apps-proxy-<hash>>.spec.containers[0].image = "docker.io/keboola/apps-proxy:484f050-1720425175";
-<Pod/apps-proxy-<hash>>.spec.containers[0].image = "docker.io/keboola/apps-proxy:484f050-1720425175";
-<Pod/apps-proxy-<hash>>.spec.containers[0].image = "docker.io/keboola/apps-proxy:484f050-1720425175";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/service']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/service']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/service']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9] = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9] = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9] = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].name = "DD_VERSION";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].name = "DD_VERSION";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].name = "DD_VERSION";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom.fieldRef = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom.fieldRef = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom.fieldRef = {};
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom.fieldRef.apiVersion = "v1";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom.fieldRef.apiVersion = "v1";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom.fieldRef.apiVersion = "v1";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/version']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/version']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].env[9].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/version']";
+<Pod/apps-proxy-<hash>>.spec.containers[0].image = "docker.io/keboola/apps-proxy:11a17dd-1720425413";
+<Pod/apps-proxy-<hash>>.spec.containers[0].image = "docker.io/keboola/apps-proxy:11a17dd-1720425413";
+<Pod/apps-proxy-<hash>>.spec.containers[0].image = "docker.io/keboola/apps-proxy:11a17dd-1720425413";
@@ -856 +880 @@
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[5].name = "DD_AGENT_HOST";
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[5].name = "APPS_PROXY_CSRF_TOKEN_SALT";
@@ -858,3 +882,3 @@
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[5].valueFrom.fieldRef = {};
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[5].valueFrom.fieldRef.apiVersion = "v1";
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath = "status.hostIP";
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[5].valueFrom.secretKeyRef = {};
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[5].valueFrom.secretKeyRef.key = "csrfTokenSalt";
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[5].valueFrom.secretKeyRef.name = "apps-proxy-csrf-token-salt";
@@ -862 +886 @@
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[6].name = "DD_ENV";
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[6].name = "DD_AGENT_HOST";
@@ -866 +890 @@
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']...
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[6].valueFrom.fieldRef.fieldPath = "status.hostIP";
@@ -868 +892 @@
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[7].name = "DD_SERVICE";
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[7].name = "DD_ENV";
@@ -872 +896 @@
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/servi...
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[7].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/env']...
@@ -874 +898 @@
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[8].name = "DD_VERSION";
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[8].name = "DD_SERVICE";
@@ -878,2 +902,8 @@
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/versi...
-<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/apps-proxy:484f050-1720425175";
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/servi...
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[9] = {};
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[9].name = "DD_VERSION";
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[9].valueFrom = {};
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[9].valueFrom.fieldRef = {};
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[9].valueFrom.fieldRef.apiVersion = "v1";
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].env[9].valueFrom.fieldRef.fieldPath = "metadata.labels['tags.datadoghq.com/versi...
+<ReplicaSet/apps-proxy-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/apps-proxy:11a17dd-1720425413";
@@ -938,0 +969,11 @@
+<Secret/apps-proxy-csrf-token-salt> = {};
+<Secret/apps-proxy-csrf-token-salt>.apiVersion = "v1";
+<Secret/apps-proxy-csrf-token-salt>.data = {};
+<Secret/apps-proxy-csrf-token-salt>.data.csrfTokenSalt = "OTg2ZGQ3MmI5ZWJjZDQwOWYxMmIzM2FhZWY0MzQxMGFjNzNkYjU0OWY0MWVkOTRjYzdlYTlkODEwNWEwMGNlNQ...
+<Secret/apps-proxy-csrf-token-salt>.kind = "Secret";
+<Secret/apps-proxy-csrf-token-salt>.metadata = {};
+<Secret/apps-proxy-csrf-token-salt>.metadata.labels = {};
+<Secret/apps-proxy-csrf-token-salt>.metadata.labels.app = "apps-proxy";
+<Secret/apps-proxy-csrf-token-salt>.metadata.name = "apps-proxy-csrf-token-salt";
+<Secret/apps-proxy-csrf-token-salt>.metadata.namespace = "apps-proxy";
+<Secret/apps-proxy-csrf-token-salt>.type = "Opaque";
(see artifacts in the Github Action for more information) |
Templates API Kubernetes Diff [CI]Between Expand--- /tmp/artifacts/test-k8s-state.old.json.processed.kv 2024-07-08 08:00:18.513291788 +0000
+++ /tmp/artifacts/test-k8s-state.new.json.processed.kv 2024-07-08 08:00:18.717289935 +0000
@@ -194 +194 @@
-<Deployment/templates-api>.spec.template.spec.containers[0].image = "docker.io/keboola/templates-api:484f050-1720425167";
+<Deployment/templates-api>.spec.template.spec.containers[0].image = "docker.io/keboola/templates-api:11a17dd-1720425436";
@@ -747,3 +747,3 @@
-<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:484f050-1720425167";
-<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:484f050-1720425167";
-<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:484f050-1720425167";
+<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:11a17dd-1720425436";
+<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:11a17dd-1720425436";
+<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:11a17dd-1720425436";
@@ -1414 +1414 @@
-<ReplicaSet/templates-api-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/templates-api:484f050-1720425167";
+<ReplicaSet/templates-api-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/templates-api:11a17dd-1720425436";
@@ -1485,0 +1486,12 @@
+<Secret/sh.helm.release.v1.templates-api-etcd.v2> = {};
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.apiVersion = "v1";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.data = {};
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.kind = "Secret";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata = {};
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.labels = {};
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.labels.name = "templates-api-etcd";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.labels.owner = "helm";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.labels.version = "2";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.name = "sh.helm.release.v1.templates-api-etcd.v2";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.namespace = "templates-api";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.type = "helm.sh/release.v1";
(see artifacts in the Github Action for more information) |
hosekpeter
approved these changes
Jul 8, 2024
jachym-tousek-keboola
requested changes
Jul 10, 2024
internal/pkg/service/appsproxy/proxy/apphandler/authproxy/basicauth/handler.go
Show resolved
Hide resolved
jachym-tousek-keboola
approved these changes
Jul 10, 2024
jachym-tousek-keboola
approved these changes
Jul 10, 2024
jachym-tousek-keboola
approved these changes
Jul 10, 2024
jachym-tousek-keboola
approved these changes
Jul 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jira: PSGO-649 PSGO-643 PSGO-645 PSGO-646
Changes: