commit a09fad74443c2313bfc97f61f7b2a83c82423aef
author Giorgi Lekveishvili <giolekva@gmail.com> Thu Mar 21 15:24:35 2024 +0400
committer GitHub <noreply@github.com> Thu Mar 21 15:24:35 2024 +0400
tree af5f1db30a2ab4d18180b3e97d52926cc5dac51e
parent 618e243b36c6518a97e1d3a8ce9a6d69a5eaffad

auth-proxy: verify group membership (#105)

* auth-proxy: verify group membership

* memberships: install memberships app and use it in few apps

* app-repo: render auth

* installer: always use external dependencies option in app configs

* installer: fix auth handling

* auth-proxy: configure membership-addr and groups flags in helm chart

* installer: fix indentation

* app-manager: fix how auth block is rendered

---------

Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>

core/installer/app.go

diff --git a/core/installer/app.go b/core/installer/app.go
index 8cfb2b5..938d08f 100644
--- a/core/installer/app.go
+++ b/core/installer/app.go
@@ -59,12 +59,6 @@
 	"values-tmpl/hydra-maester.cue",
 }
 
-const cueBaseConfigImports = `
-import (
-    "list"
-)
-`
-
 // TODO(gio): import
 const cueBaseConfig = `
 name: string | *""
@@ -73,6 +67,11 @@
 icon: string | *""
 namespace: string | *""
 
+#Auth: {
+  enabled: bool | *false // TODO(gio): enabled by default?
+  groups: string | *"" // TODO(gio): []string
+}
+
 #Network: {
 	name: string
 	ingressClass: string
@@ -142,8 +141,7 @@
 
 #Helm: {
 	name: string
-	dependsOn: [...#Helm] | *[]
-    dependsOnExternal: [...#ResourceReference] | *[]
+	dependsOn: [...#ResourceReference] | *[]
 	...
 }
 
@@ -159,8 +157,7 @@
 	_name: string
 	_chart: #Chart
 	_values: _
-	_dependencies: [...#Helm] | *[]
-	_externalDependencies: [...#ResourceReference] | *[]
+	_dependencies: [...#ResourceReference] | *[]
 
 	apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
 	kind: "HelmRelease"
@@ -170,12 +167,7 @@
 	}
 	spec: {
 		interval: "1m0s"
-		dependsOn: list.Concat([_externalDependencies, [
-			for d in _dependencies {
-				name: d.name
-				namespace: release.namespace
-			}
-    	]])
+		dependsOn: _dependencies
 		chart: {
 			spec: _chart
 		}
@@ -190,7 +182,6 @@
 			_chart: r.chart
 			_values: r.values
 			_dependencies: r.dependsOn
-            _externalDependencies: r.dependsOnExternal
 		}
 	}
 }
@@ -304,12 +295,12 @@
 		return Rendered{}, err
 	}
 	for i.Next() {
-		name := fmt.Sprintf("%s.yaml", cleanName(i.Selector().String()))
-		contents, err := cueyaml.Encode(i.Value())
-		if err != nil {
+		if contents, err := cueyaml.Encode(i.Value()); err != nil {
 			return Rendered{}, err
+		} else {
+			name := fmt.Sprintf("%s.yaml", cleanName(i.Selector().String()))
+			ret.Resources[name] = contents
 		}
-		ret.Resources[name] = contents
 	}
 	return ret, nil
 }
@@ -536,7 +527,7 @@
 
 func processCueConfig(contents string) (*cue.Value, error) {
 	ctx := cuecontext.New()
-	cfg := ctx.CompileString(cueBaseConfigImports + contents + cueBaseConfig)
+	cfg := ctx.CompileString(contents + cueBaseConfig)
 	if err := cfg.Err(); err != nil {
 		return nil, err
 	}