Add update logic #7
Conversation
| } | ||
| { | ||
| // Get existing connectors from the dex config secret | ||
| oldConnectors, err := getConnectorsFromSecret(secret) |
There was a problem hiding this comment.
We save the connectors that were previously configured in a map so that we can later compare what was changed.
| @@ -196,6 +207,33 @@ func (s *Service) DeleteProviderApps(appName string, ctx context.Context) error | |||
| return nil | |||
| } | |||
|
|
|||
| func (s *Service) secretNeedsUpdate(oldConnectors map[string]dex.Connector, newConnectors map[string]dex.Connector) bool { | |||
There was a problem hiding this comment.
Here we compare old connector configuration to new connector configuration. (see comments)
| "github.com/microsoftgraph/msgraph-sdk-go/models" | ||
| "gopkg.in/yaml.v2" | ||
| ) | ||
|
|
||
| type Azure struct { | ||
| Name string | ||
| Client *msgraphsdk.GraphServiceClient | ||
| Log *logr.Logger |
There was a problem hiding this comment.
We add a logger here so that changes on the azure idp which are not reflected in the connector can still be seen in the logs
| @@ -128,6 +128,110 @@ func (a *Azure) CreateApp(config provider.AppConfig, ctx context.Context) (dex.C | |||
| }, nil | |||
| } | |||
|
|
|||
| func (a *Azure) createOrUpdateApplication(config provider.AppConfig, ctx context.Context) (string, error) { | |||
There was a problem hiding this comment.
Create and update of the azure app excluding the secret happens here
| return *id, nil | ||
| } | ||
|
|
||
| func (a *Azure) createOrUpdateSecret(id string, config provider.AppConfig, ctx context.Context, oldSecret string) (string, string, error) { |
There was a problem hiding this comment.
Secret creation and rotation happens here
| return clientId, clientSecret, nil | ||
| } | ||
|
|
||
| func secretExpired(secret models.PasswordCredentialable) bool { |
There was a problem hiding this comment.
this checks whether a secret is expired
pkg/idp/provider/azure/request.go
Outdated
| app := models.NewApplication() | ||
| app.SetRequiredResourceAccess(parentApp.GetRequiredResourceAccess()) | ||
| return app | ||
| func computeAppUpdatePatch(config provider.AppConfig, app models.Applicationable, parentApp models.Applicationable) (bool, models.Applicationable) { |
There was a problem hiding this comment.
This function computes a patch for the app by comparing desired and current state for each property
| @@ -43,3 +46,23 @@ func GetDexSecretConfig(namespace string) v1alpha1.AppExtraConfig { | |||
| Namespace: namespace, | |||
| Priority: 25} | |||
| } | |||
|
|
|||
| func getConnectorsFromSecret(secret *corev1.Secret) (map[string]dex.Connector, error) { | |||
There was a problem hiding this comment.
This function creates a map out of the connector secret so that connectors can be compared more easily
| ) | ||
|
|
||
| const ( | ||
| SecretValidityMonths = 6 | ||
| SecretValidityMonths = 3 |
There was a problem hiding this comment.
Since we have automatic rotation now we changed this here to 3 months
Towards giantswarm/roadmap#1629
This adds update logic for identity providers, namely azure.
Updates include changes to the connector configuration such as claims, permissions and redirect URI as well as secret rotation.