Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dex-issuer-url and remove public-url configuration options #204

Closed
DnPlas opened this issue Jul 5, 2024 · 2 comments
Closed

Add dex-issuer-url and remove public-url configuration options #204

DnPlas opened this issue Jul 5, 2024 · 2 comments
Labels
enhancement New feature or request

Comments

@DnPlas
Copy link
Contributor

DnPlas commented Jul 5, 2024

Context

Because the issuer URL in Dex's configuration could be either the application's Kubernetes Service DNS name + the dex endpoint (e.g. http://<dex-auth-app-name>.<namespace>.svc:5556/dex.) or a publicly accessible IP/DNS name (e.g. http://foo.com/dex), this charm should be configurable for the latter case.

This task also requires the removal of the public-url configuration option as it has been considered misleading and should not be used. Please refer to canonical/bundle-kubeflow#608 for more information.

For details about the design, please refer to this spec (internal only).

What needs to get done

  1. Remove the public-url configuration option
  2. Add the following configuration:
# dex-auth config.yaml 
 dex-issuer-url:
	type: string
	default: ""
	description: |
	  Format: http(s)://<publicly-accessible-dns-name>/dex
          (Also referred to as issuer) This is the canonical URL that OIDC clients MUST use to refer to dex. If not specified, it defaults to dex-auth's local endpoint constructed from dex-auth's Kubernetes Service DNS name, the Service port and Dex's endpoint, that is http://<dex-auth-app-name>.<namespace>.svc:5556/dex.
          The default is set by the charm code, not the configuration option.
          This configuration must be set when using a Dex connector that will try to reach Dex from outside the cluster, thus it should be a publicly accessible endpoint, for example:
          https://my-instance.in-my-cloud.some-cloud.com/dex
  1. Remove any traces of the "public_url" value from the charm code
  2. The issuer value will be set to either the default http://<dex-auth-app-name>.<namespace>.svc:5556/dex or model.config["dex-issuer-url"]
  3. Add/modify tests appropriately

Definition of Done

The charm now gets the issuer value from either the configuration option or defaults to http://<dex-auth-app-name>.<namespace>.svc:5556/dex. This can be confirmed by checking the .well-known endpoint.
@DnPlas DnPlas added the enhancement New feature or request label Jul 5, 2024
@syncronize-issues-to-jira Syncronize issues to Jira
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-5967.

This message was autogenerated

DnPlas added a commit that referenced this issue Jul 11, 2024
@DnPlas
refactor: add dex-issuer-url and remove public-url config options
d20f197 
This commit removes the public-url configuration option in favour of the dex-issuer-url one.
The way to configure the issuer value for dex-auth is now by getting it from the aforementioned
configuration option or by constructing it from dex-auths Kubernetes Service DNS name:
"http://<dex-app-name>.<namespace>.svc:5556/dex"

Closes #204
@DnPlas DnPlas mentioned this issue Jul 11, 2024
Merged
DnPlas added a commit that referenced this issue Jul 23, 2024
@DnPlas
refactor: add dex-issuer-url and remove public-url config options (#209)
84153bf 
* refactor: add dex-issuer-url and remove public-url config options

This commit removes the public-url configuration option in favour of the dex-issuer-url one.
The way to configure the issuer value for dex-auth is now by getting it from the aforementioned
configuration option or by constructing it from dex-auths Kubernetes Service DNS name:
"http://<dex-app-name>.<namespace>.svc:5556/dex"

Closes #204
@DnPlas
Copy link
Contributor Author

DnPlas commented Jul 23, 2024

Fixed by #209

@DnPlas DnPlas closed this as completed Jul 23, 2024
DnPlas added a commit that referenced this issue Jul 24, 2024
@DnPlas
refactor: add dex-issuer-url and remove public-url config options (#209)
98ff8bf 
* refactor: add dex-issuer-url and remove public-url config options

This commit removes the public-url configuration option in favour of the dex-issuer-url one.
The way to configure the issuer value for dex-auth is now by getting it from the aforementioned
configuration option or by constructing it from dex-auths Kubernetes Service DNS name:
"http://<dex-app-name>.<namespace>.svc:5556/dex"

Closes #204
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DnPlas