feat(dex): dex backend storage adapter implementation #839

kengou · 2025-01-09T23:04:21Z

Description

Implements:

Resolves feature-flags with dex storage selection from a ConfigMap
Dex backend storage adapter interface to support kubernetes or postgres
idproxy and Organization Reconciler uses the storage adapter interface

Additionally implements #798 partially -

If dex storage backend is kubernetes then Dex Custom Resources are created in the organization's namespace

What type of PR is this? (check all applicable)

Related Tickets & Documents

Closes [FEAT] - Dex IDP Persistence with DB #738
Related [FEAT] - Refactor DEX Controller #798

Added tests?

👍 yes
🙅 no, because they aren't needed
🙋 no, because I need help
Separate ticket for tests # (issue/pr)

Added to documentation?

📜 README.md
🤝 Documentation pages updated
🙅 no documentation needed
(if applicable) generated OpenAPI docs for CRD changes

Checklist

My code follows the style guidelines of this project
I have performed a self-review of my code
I have commented my code, particularly in hard-to-understand areas
My changes generate no new warnings
New and existing unit tests pass locally with my changes

…nhouse into feat/dex-sql

pkg/controllers/organization/dex.go

cmd/greenhouse/main.go

additionally while creating OAuth2Client in postgres it also generates client secret in the organization namespace

removes dependency to dex CRDs if the storage backend is postgres

pkg/dex/store/pg_store.go

abhijith-darshan · 2025-02-01T00:20:48Z

@IvoGoman @kengou - Please review from scratch as the implementation has been re-written

Implements:

Resolves feature-flags with dex storage selection from a ConfigMap
Dex backend storage adapter interface to support kubernetes or postgres
idproxy and Organization Reconciler uses the storage adapter interface
organization controller will not try to Own dex CRs if the storage is postgres, which should allow running both postgres and kubernetes storage backends in the cluster

Additionally implements #798 -

If dex storage backend is kubernetes then Dex Custom Resources are created in the organization's namespace
OAuth2Client credentials secret is created in the organization's namespace following the pattern org-name-dex-secrets
generates a deterministic client secret using hmac sha256 from clientID and secretKey + truncated to 32 characters (so as to consistently generate the same credential on every reconciliation)

TODO -

We need to wrap environment variables in manager deployment with if postgres enabled and not have a static injection of postgres vars (currently e2e tests and helm lint fail because of that)
for [FEAT] - Refactor DEX Controller #798 we need to early exit (requeue?) if the organization namespace is not active
E2E tests for kubernetes and Postgres should be implemented

automatically determines the kubernetes client mode without explicitly specifying any env variable

kengou added 2 commits January 10, 2025 00:00

feat(dex): create connector and client to sql along with the CRDs

cd6b3e5

feat(dex): add sql backend to idproxy commented out

b2edebf

kengou requested a review from a team as a code owner January 9, 2025 23:04

github-actions bot added feature idproxy dependencies labels Jan 9, 2025

kengou added 2 commits January 10, 2025 00:05

feat(dex): create connector and client to sql along with the CRDs

df36be5

feat(dex): add sql backend to idproxy commented out

274eaa1

kengou force-pushed the feat/dex-sql branch from b2edebf to 274eaa1 Compare January 9, 2025 23:05

kengou added 3 commits January 10, 2025 00:05

Merge branch 'feat/dex-sql' of https://github.com/cloudoperators/gree…

5a93642

…nhouse into feat/dex-sql

fix(controller) go fmt, fix imports

c76613c

fix(dex) failing tests

9500d0d

IvoGoman reviewed Jan 15, 2025

View reviewed changes

kengou added 4 commits January 15, 2025 20:31

feat(dex) shared networkstorage, rm events

e9fe394

fix(dex) use clienutil instead of osext

47e1cca

feat(idproxy): use struct in idproxy as input

2c0feb7

feat(dex): add mock for dex Storage

1605920

kengou requested a review from a team as a code owner January 16, 2025 13:21

License Bot and others added 11 commits January 16, 2025 13:21

Automatic application of license header

f56f4d9

(chore): removes unused vars

5078f0e

(chore): spin up postgres test container for organization test

7caec01

(chore): tidy up!

74f0bb4

(chore): go fmt

6c9e6f6

(chore): lint fix

18791f5

Merge branch 'main' into feat/dex-sql

812c804

feat(ci) add flags, featureflag to deployments

d3c5cce

fix(ci) rm license header frmo mockery generated code

290bca1

add licenserc to skip mockery

1096082

feat(idproxy) add featureflag to switch backend

59702e1

kengou requested a review from a team as a code owner January 29, 2025 13:41

License Bot and others added 20 commits January 30, 2025 10:41

Automatic application of license header

4af3b6f

(chore): move to dex pkg

69449bb

(chore): adds GetEnv with error return

3e496e7

(chore): adds feature resolver

6f786df

(chore): adds generic helper to return ptr types

c9aa70d

(chore): adds dex storage resolver to idproxy

366832e

(chore): adds license headers

df1b96a

(chore): resolve feature flags from configmap

3f3e4fd

(chore): adds dex storage adapter interface

13e0fed

(chore): adds dex postgres storage adapter

cf7b2d8

additionally while creating OAuth2Client in postgres it also generates client secret in the organization namespace

(chore): adds dex kubernetes storage adapter

41cf6ff

additionally while creating OAuth2Client in postgres it also generates client secret in the organization namespace

(chore): adds dex storage adapter interface mocks

76bfbae

(chore): adds dex storage adapter interface to reconciler

91759fc

removes dependency to dex CRDs if the storage backend is postgres

(chore): creates dex resources in organization namespace

e4ba7b2

(chore): setup dex storage adapter interface on operator start

d4b72df

(chore): setup dex storage adapter interface on idproxy start

6d86ff7

(chore): mock dex storage interface in unit tests

a3f1211

Merge branch 'feat/dex_storage' into feat/dex-sql

6e0541c

(chore): adds inline code comments

5382565

Automatic application of license header

b3857ff

abhijith-darshan changed the title ~~feat(dex): use postgresql as backend~~ feat(dex): dex backend storage adapter implementation Jan 31, 2025

github-advanced-security bot found potential problems Feb 1, 2025

View reviewed changes

pkg/dex/store/pg_store.go Dismissed Show dismissed Hide dismissed

abhijith-darshan and others added 7 commits February 1, 2025 02:51

(chore): use create update for writing oauth2client secrets

4a9fdcb

(chore): adds docs to run dex locally

faba477

(chore): auto determine kubernetes

43a284b

automatically determines the kubernetes client mode without explicitly specifying any env variable

(chore): uses org name as dex resource namespace

cdc76eb

(chore): regenerate dexter mocks

726dc2f

Merge branch 'main' into feat/dex-sql

55e946c

Merge branch 'main' into feat/dex-sql

7ec3a48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(dex): dex backend storage adapter implementation #839

feat(dex): dex backend storage adapter implementation #839

kengou commented Jan 9, 2025 •

edited by abhijith-darshan

Loading

abhijith-darshan commented Feb 1, 2025 •

edited

Loading

feat(dex): dex backend storage adapter implementation #839

Are you sure you want to change the base?

feat(dex): dex backend storage adapter implementation #839

Conversation

kengou commented Jan 9, 2025 • edited by abhijith-darshan Loading

Description

What type of PR is this? (check all applicable)

Related Tickets & Documents

Added tests?

Added to documentation?

Checklist

abhijith-darshan commented Feb 1, 2025 • edited Loading

kengou commented Jan 9, 2025 •

edited by abhijith-darshan

Loading

abhijith-darshan commented Feb 1, 2025 •

edited

Loading