-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add basic support for activeGate auth token #786
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My reviews aside, I reeally don't like the idea of having both a status field based on the scopes and a feature-flag to turn the thing on-off.
This means we have 2 different knobs that kinda do the same thing. (and rather confusing)
The user can opt out 2 different ways, by not having the scopes for their token OR adding the feature-flag.
(I guess) most users still have to opt-in, because they need to update the tokens.
I know the reason for having this is so that the Deployment Page just creates a token with the correct scopes by default and the authToken will be used unless explicitly turned off.
Couldn't we have just 1 feature flag to turn the thing on and the Deployment page could add that annotation to the dynakube by default instead ?
In this case, if turned on and scopes are not correct, we complain (like with the automatic kubernetes monitoring registration).
(And in the future when having this new scope is the norm, we could flip the default value of the feature-flag to true, doing so the Deployment page is safe as even if they still set the feature-flag, because it will only be redundant)
src/controllers/dynakube/activegate/secrets/authtoken_reconciler.go
Outdated
Show resolved
Hide resolved
src/controllers/dynakube/activegate/secrets/authtoken_reconciler.go
Outdated
Show resolved
Hide resolved
src/controllers/dynakube/activegate/secrets/authtoken_reconciler.go
Outdated
Show resolved
Hide resolved
…m/Dynatrace/dynatrace-operator into feature/add-ag-auth-token-support
…m/Dynatrace/dynatrace-operator into feature/add-ag-auth-token-support
Description
This change introduces the activeGate auth token support. It basically adds the ability to create an auth token within the operator if the feature flag
feature.dynatrace.com/enable-activegate-authtoken: "true"
is set on the DynaKube.This is the first PR of the whole activeGate auth token support feature, as token rotation will be included at a later stage.
How can this be tested?
activeGateTokenManagement.create
feature.dynatrace.com/enable-activegate-authtoken: "true"
to itChecklist