Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement m2m-token for Trigger Command Execution via m2m-oauth-server #1336

Merged
merged 33 commits into from
Jul 4, 2024

Conversation

jkralik
Copy link
Member

@jkralik jkralik commented Jun 28, 2024

Description

This PR introduces the m2m-token functionality, enabling the execution of trigger commands from various services. The m2m-token is issued by the m2m-oauth-server through the credential flow.

To obtain the token, users can utilize a secret or another JWT token signed by an authority configured within the m2m-oauth-server.

Key highlights of this implementation include:

  • Integration with m2m-oauth-server for token issuance.
  • Support for credential flow to obtain tokens.
  • Flexibility to use a secret or another JWT token for authentication.

Copy link
Contributor

coderabbitai bot commented Jun 28, 2024

Important

Review skipped

More than 25% of the files skipped due to max files limit. The review is being skipped to prevent a low-quality review.

22 files out of 79 files are above the max files limit of 50. Please upgrade to Pro plan to get higher limits.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@jkralik jkralik force-pushed the jkralik/feature/m2m-token branch 5 times, most recently from f94e6f8 to e7b4f68 Compare July 1, 2024 16:56
{{- end }}
labels:
{{- include "plgd-hub.m2moauthserver.selectorLabels" . | nindent 8 }}
spec:

Check warning

Code scanning / SonarCloud

Service account tokens should not be mounted in pods

<!--SONAR_ISSUE_KEY:AZBvaN5WsxCVCJd6Ntu4-->Set automountServiceAccountToken to false for this specification of kind Deployment. <p>See more on <a href="https://sonarcloud.io/project/issues?id=plgd-dev_cloud&issues=AZBvaN5WsxCVCJd6Ntu4&open=AZBvaN5WsxCVCJd6Ntu4&pullRequest=1336">SonarCloud</a></p>
- mountPath: /keys
name: keys
containers:
- name: {{ .Values.m2moauthserver.name }}

Check warning

Code scanning / SonarCloud

Storage limits should be enforced

<!--SONAR_ISSUE_KEY:AZBvaN5WsxCVCJd6Ntu5-->Specify a storage limit for this container. <p>See more on <a href="https://sonarcloud.io/project/issues?id=plgd-dev_cloud&issues=AZBvaN5WsxCVCJd6Ntu5&open=AZBvaN5WsxCVCJd6Ntu5&pullRequest=1336">SonarCloud</a></p>
@jkralik jkralik force-pushed the jkralik/feature/m2m-token branch 3 times, most recently from 8a9a33a to 311ed7a Compare July 1, 2024 20:35
m2m-oauth-server/Makefile Outdated Show resolved Hide resolved
test/config/config.go Outdated Show resolved Hide resolved
pkg/security/jwt/validator/validator.go Outdated Show resolved Hide resolved
m2m-oauth-server/service/httpApi.go Outdated Show resolved Hide resolved
m2m-oauth-server/service/jsonWriter.go Outdated Show resolved Hide resolved
bundle/Dockerfile Show resolved Hide resolved
@jkralik
Copy link
Member Author

jkralik commented Jul 4, 2024

#1336 (comment)

This depends on the cluster where the hub is running. In production, each user needs to set up their own cluster. If we set the limits too low, the processes will be killed by OOM (Out of Memory) errors.

@jkralik jkralik force-pushed the jkralik/feature/m2m-token branch from dbb8c6a to b0a5dd4 Compare July 4, 2024 06:32
@jkralik jkralik marked this pull request as ready for review July 4, 2024 08:08
@jkralik jkralik force-pushed the jkralik/feature/m2m-token branch from 8b834f2 to ce697ce Compare July 4, 2024 08:08
@jkralik
Copy link
Member Author

jkralik commented Jul 4, 2024

@coderabbitai review

Copy link
Contributor

coderabbitai bot commented Jul 4, 2024

Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@jkralik
Copy link
Member Author

jkralik commented Jul 4, 2024

@coderabbitai summary

Copy link
Contributor

coderabbitai bot commented Jul 4, 2024

Actions performed

Summary regeneration triggered.

@jkralik jkralik force-pushed the jkralik/feature/m2m-token branch from 2d933f6 to a8f37c0 Compare July 4, 2024 16:09
@jkralik jkralik force-pushed the jkralik/feature/m2m-token branch from c863239 to 0844c3b Compare July 4, 2024 16:57
@jkralik
Copy link
Member Author

jkralik commented Jul 4, 2024

@coderabbitai summary

Copy link
Contributor

coderabbitai bot commented Jul 4, 2024

Actions performed

Summary regeneration triggered.

Copy link
Contributor

coderabbitai bot commented Jul 4, 2024

Important

Review skipped

More than 25% of the files skipped due to max files limit. The review is being skipped to prevent a low-quality review.

22 files out of 79 files are above the max files limit of 50. Please upgrade to Pro plan to get higher limits.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@jkralik
Copy link
Member Author

jkralik commented Jul 4, 2024

@coderabbitai create summary over files under m2m-oauth-server directory and helm chart

Copy link
Contributor

coderabbitai bot commented Jul 4, 2024

Tip

For best results, initiate chat on the files or code changes.

@jkralik, here is the summary of the changes:

m2m-oauth-server Directory

  • File: m2m-oauth-server/test/test.go
    • Removed a large block of commented-out code that included a RequestBuilder struct and associated methods, as well as an HTTPDo function.

Helm Chart

  • No changes detected in the Helm chart files.

If you need further details or have any other requests, please let me know.

Analysis chain
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# List changes under the m2m-oauth-server directory
echo "Changes in m2m-oauth-server directory:"
git diff --name-only HEAD~1 HEAD | grep 'm2m-oauth-server'

# List changes in Helm chart files
echo "Changes in Helm chart files:"
git diff --name-only HEAD~1 HEAD | grep 'helm'

Length of output: 289


Script:

#!/bin/bash
# Show the diff of the specific file that changed in the m2m-oauth-server directory
echo "Diff for m2m-oauth-server/test/test.go:"
git diff HEAD~1 HEAD m2m-oauth-server/test/test.go

Length of output: 2068


Learnings added
Learnt from: jkralik
URL: https://github.com/plgd-dev/hub/pull/1336

Timestamp: 2024-07-04T17:35:40.654Z
Learning: When summarizing changes in a pull request, include details from the specified directories and files, noting both modifications and absence of changes.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

@jkralik
Copy link
Member Author

jkralik commented Jul 4, 2024

@coderabbitai create summary over all files under m2m-oauth-server and charts directories

Copy link
Contributor

coderabbitai bot commented Jul 4, 2024

Tip

For best results, initiate chat on the files or code changes.

@jkralik, here is the updated summary of the changes:

m2m-oauth-server Directory

  • File: m2m-oauth-server/test/test.go
    • Removed a large block of commented-out code that included a RequestBuilder struct and associated methods, as well as an HTTPDo function.

charts Directory

  • No changes detected in the charts directory.

If you need further details or have any other requests, please let me know.

Analysis chain
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# List and show changes under the m2m-oauth-server directory
echo "Changes in m2m-oauth-server directory:"
git diff --name-only HEAD~1 HEAD | grep 'm2m-oauth-server'

echo "Diffs for files in m2m-oauth-server directory:"
for file in $(git diff --name-only HEAD~1 HEAD | grep 'm2m-oauth-server'); do
  echo "Diff for $file:"
  git diff HEAD~1 HEAD $file
done

# List and show changes under the charts directory
echo "Changes in charts directory:"
git diff --name-only HEAD~1 HEAD | grep 'charts'

echo "Diffs for files in charts directory:"
for file in $(git diff --name-only HEAD~1 HEAD | grep 'charts'); do
  echo "Diff for $file:"
  git diff HEAD~1 HEAD $file
done

Length of output: 2734

@jkralik
Copy link
Member Author

jkralik commented Jul 4, 2024

@coderabbitai create a description for whole pull request based on m2m-oauth-server and charts directories

Copy link
Contributor

coderabbitai bot commented Jul 4, 2024

Tip

For best results, initiate chat on the files or code changes.

@jkralik, here is the comprehensive description of the pull request based on changes in the m2m-oauth-server and charts directories:

Pull Request Description

Objective

The primary objective of this pull request is to allow configuring multiple authorities for m2m-token.

Changes in m2m-oauth-server Directory

  • File: m2m-oauth-server/test/test.go
    • Removed a large block of commented-out code that included:
      • RequestBuilder struct and associated methods (NewRequestBuilder, AddQuery, Build).
      • HTTPDo function.

Changes in charts Directory

  • No changes detected.

This cleanup in the m2m-oauth-server directory helps in maintaining a cleaner codebase and removing unused code. If there are any specific changes related to the configuration of multiple authorities for m2m-token that are not evident in the provided diffs, please let me know so I can include them in the description.

If you need further details or have any other requests, please let me know.

Analysis chain
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# List all files under the m2m-oauth-server and charts directories and show their diffs
echo "Listing all files under m2m-oauth-server and charts directories:"
git diff --name-only HEAD~1 HEAD | grep -E 'm2m-oauth-server|charts'

echo "Diffs for files in m2m-oauth-server and charts directories:"
for file in $(git diff --name-only HEAD~1 HEAD | grep -E 'm2m-oauth-server|charts'); do
  echo "Diff for $file:"
  git diff HEAD~1 HEAD $file
done

Length of output: 2596

@jkralik jkralik changed the title m2m-token: allow to configure multiple authorities Implement m2m-token for Trigger Command Execution via m2m-oauth-server Jul 4, 2024
Copy link

sonarqubecloud bot commented Jul 4, 2024

@jkralik jkralik merged commit fcf769c into main Jul 4, 2024
36 checks passed
@jkralik jkralik deleted the jkralik/feature/m2m-token branch July 4, 2024 17:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants