Merge branch 'main' into main

linode · Sep 25, 2024 · 6925479 · 6925479
2 parents ed8371a + 2869fea
commit 6925479
Show file tree

Hide file tree

Showing 8 changed files with 54 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,29 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [3.2.0](https://github.com/linode/apl-tasks/compare/v3.1.0...v3.2.0) (2024-09-18)
+
+
+### Bug Fixes
+
+* check if setup was a success ([#113](https://github.com/linode/apl-tasks/issues/113)) ([d359ef5](https://github.com/linode/apl-tasks/commit/d359ef56d770205c4230435a374713393a5934b3))
+* group mapping for gitea oidc ([#111](https://github.com/linode/apl-tasks/issues/111)) ([6efe076](https://github.com/linode/apl-tasks/commit/6efe07673e42e3d46cd5b0e673e264c540ea8c75))
+* keycloakstyling ([#114](https://github.com/linode/apl-tasks/issues/114)) ([c355214](https://github.com/linode/apl-tasks/commit/c3552144b94a6e669f66207aad4982f59b2350b8))
+* set keycloak theme ([#115](https://github.com/linode/apl-tasks/issues/115)) ([8e4fc5b](https://github.com/linode/apl-tasks/commit/8e4fc5b9fa93cdf60dbfa75ac7ab840e1002ad84))
+
+## [3.1.0](https://github.com/linode/apl-tasks/compare/v3.0.0...v3.1.0) (2024-09-09)
+
+
+### Features
+
+* update github workflow to push image to the linode dockerhub ([#109](https://github.com/linode/apl-tasks/issues/109)) ([6f60d44](https://github.com/linode/apl-tasks/commit/6f60d442517f358d20bdd3caaad25c800c11b52c))
+* update setGiteaOIDCConfig function and logic ([#108](https://github.com/linode/apl-tasks/issues/108)) ([80a2a98](https://github.com/linode/apl-tasks/commit/80a2a98c944a8d072344b707b99f859c841b13c2))
+
+
+### Bug Fixes
+
+* operator pod restarting ([#106](https://github.com/linode/apl-tasks/issues/106)) ([fb2a085](https://github.com/linode/apl-tasks/commit/fb2a085b54823fbafb128342a0e341a4bd05f516))
+
 ## [3.0.0](https://github.com/linode/apl-tasks/compare/v2.5.0...v3.0.0) (2024-07-11)
 
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -146,5 +146,5 @@
       "tag": true
     }
   },
-  "version": "3.0.0"
+  "version": "3.2.0"
 }
diff --git a/src/operator/gitea.ts b/src/operator/gitea.ts
@@ -460,17 +460,18 @@ async function setGiteaOIDCConfig(update = false) {
   const teamNamespaceString = buildTeamString(env.teamNames)
 
   try {
+    // WARNING: Dont enclose the teamNamespaceString in double quotes, this will escape the string incorrectly and breaks OIDC group mapping in gitea
     const execCommand = [
       'sh',
       '-c',
       `
       AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\\|otomi-idp\\s+\\|" | grep -iE "\\|OAuth2\\s+\\|" | awk -F " " '{print $1}' | tr -d '\\n')
       if [ -z "$AUTH_ID" ]; then
         echo "Gitea OIDC config not found. Adding OIDC config for otomi-idp."
-        gitea admin auth add-oauth --name "otomi-idp" --key "${clientID}" --secret "${clientSecret}" --auto-discover-url "${discoveryURL}" --provider "openidConnect" --admin-group "team-admin" --group-claim-name "groups" --group-team-map "${teamNamespaceString}"
+        gitea admin auth add-oauth --name "otomi-idp" --key "${clientID}" --secret "${clientSecret}" --auto-discover-url "${discoveryURL}" --provider "openidConnect" --admin-group "team-admin" --group-claim-name "groups" --group-team-map '${teamNamespaceString}'
       elif ${update}; then
         echo "Gitea OIDC config is different. Updating OIDC config for otomi-idp."
-        gitea admin auth update-oauth --id "$AUTH_ID" --key "${clientID}" --secret "${clientSecret}" --auto-discover-url "${discoveryURL}" --group-team-map "${teamNamespaceString}"
+        gitea admin auth update-oauth --id "$AUTH_ID" --key "${clientID}" --secret "${clientSecret}" --auto-discover-url "${discoveryURL}" --group-team-map '${teamNamespaceString}'
       else
         echo "Gitea OIDC config is up to date."
       fi

diff --git a/src/operator/harbor.ts b/src/operator/harbor.ts
@@ -58,6 +58,7 @@ const HarborGroupType = {
 }
 
 let lastState: DependencyState = {}
+let setupSuccess = false
 const errors: string[] = []
 const systemRobot: any = {
   name: 'harbor',
@@ -218,11 +219,17 @@ async function checkAndExecute() {
     await setupHarbor()
   }
 
-  if (currentState.teamNames && currentState.teamNames.length > 0 && currentState.teamNames !== lastState.teamNames) {
+  if (!setupSuccess) await setupHarbor()
+
+  if (
+    setupSuccess &&
+    currentState.teamNames &&
+    currentState.teamNames.length > 0 &&
+    currentState.teamNames !== lastState.teamNames
+  ) {
     await Promise.all(currentState.teamNames.map((namespace) => processNamespace(`team-${namespace}`)))
+    lastState = { ...currentState }
   }
-
-  lastState = { ...currentState }
 }
 
 async function runSetupHarbor() {
@@ -265,14 +272,18 @@ async function setupHarbor() {
     self_registration: false,
   }
 
-  const bearerAuth = await getBearerToken()
-  robotApi.setDefaultAuthentication(bearerAuth)
-  configureApi.setDefaultAuthentication(bearerAuth)
-  projectsApi.setDefaultAuthentication(bearerAuth)
-  memberApi.setDefaultAuthentication(bearerAuth)
-
-  await doApiCall(errors, 'Putting Harbor configuration', () => configureApi.configurationsPut(config))
-  handleErrors(errors)
+  try {
+    const bearerAuth = await getBearerToken()
+    robotApi.setDefaultAuthentication(bearerAuth)
+    configureApi.setDefaultAuthentication(bearerAuth)
+    projectsApi.setDefaultAuthentication(bearerAuth)
+    memberApi.setDefaultAuthentication(bearerAuth)
+    await doApiCall(errors, 'Putting Harbor configuration', () => configureApi.configurationsPut(config))
+    if (errors.length > 0) handleErrors(errors)
+    setupSuccess = true
+  } catch (error) {
+    console.debug('Failed to set bearer Token for Harbor Api :', error)
+  }
 }
 
 /**

diff --git a/src/operator/keycloak.ts b/src/operator/keycloak.ts
@@ -489,7 +489,7 @@ async function keycloakRealmProviderConfigurer(api: KeycloakApi) {
 
   // set login theme for master realm
   await doApiCall(errors, 'adding theme for login page', () =>
-    api.realms.realmPut(env.KEYCLOAK_REALM, createLoginThemeConfig('otomi')),
+    api.realms.realmPut(env.KEYCLOAK_REALM, createLoginThemeConfig('APL')),
   )
 }
 

diff --git a/src/tasks/keycloak/config.ts b/src/tasks/keycloak/config.ts
@@ -77,7 +77,7 @@ export const realmCfgTpl = (realm: string): Record<string, unknown> => ({
   displayNameHtml: '<div class="kc-logo-text"><span>APL</span></div>',
   enabled: true,
   sslRequired: 'external',
-  loginTheme: 'otomi',
+  loginTheme: 'APL',
   registrationAllowed: false,
   loginWithEmailAllowed: true,
   duplicateEmailsAllowed: false,

diff --git a/src/tasks/keycloak/realm-factory.ts b/src/tasks/keycloak/realm-factory.ts
@@ -147,6 +147,6 @@ export function mapTeamsToRoles(
   return teamRoleRepresentations
 }
 
-export function createLoginThemeConfig(loginTheme = 'otomi'): RealmRepresentation {
+export function createLoginThemeConfig(loginTheme = 'APL'): RealmRepresentation {
   return defaultsDeep(new RealmRepresentation(), { loginTheme })
 }