- If authentication token is not specified in provider, attempt to get the token using workload identity.
= Add new field .spec.serviceAccountName to support multi-tenant workload identity as defined in RFC-0010 to use an identity with a service account other than the notification-controller.
- Use proxy to get the token if specified in provider spec.
- Cache the tokens if enabled in the notification controller options.
- If address has SAS connection string, use that for authentication, this takes priority over token-authentication
- If static JWT token is specified in the secret reference, use it for authentication, this takes priority over workload identity-acquired token.
- Update RBAC for notification-controller to be able to create service token requests.
- Add unit tests for the 3 authentication mechanisms (SAS, JWT, managed identity).
- Add documentation for using single-tenant and multi-tenant approaches of workload identity with azureeventhub provider.
- Add operation post to github helpers and provider controller for cache event metrics
- Enable token cache by default.
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
review comments
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
enable cache by default
Signed-off-by: Dipti Pai <diptipai89@outlook.com>
Flag detailed-metrics added to provide a way to disable exposing all accessed paths to the metrics and prevent potential metrics cardinality explosion
Signed-off-by: Alexey Kuzbekov <alexey@kuzbekov.me>
The `Mark…` functions in the `conditions` package accept a format string and
(optional) arguments, just like `fmt.Printf` and friends.
In many places, the code passed an error message as the format string, causing
it to be interpreted as a format string by the `fmt` package. This leads to
issues when the message contains percent signs, e.g. URL-encoded values.
This PR adds a format string and shortens `err.Error()` to `err`, which yields
the same output.
This change is identical in principle to fluxcd/source-controller#1529.
Signed-off-by: Florian Forster <fforster@gitlab.com>
Add new Alert and Provider reconcilers to perform migration to static
objects. The new Alert and Provider APIs don't contain any status. When
the existing Alerts and Providers are queries using the new API client,
the status would be dropped. A subsequent write of the object to update
the object in api-server will migrate the objects to the new version and
drop the status.
For the stale finalizers on the objects, the new reconcilers ensure that
the finalizers get removed.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
The metrics helper now accepts owned finalizers to determine if an
object is no longer managed by the controller and is being deleted, and
deletes the metrics associated with the object.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
In Reconcile() methods, move the object deletion above add finalizer.
Finalizers can't be set when an object is being deleted.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Matheus Pimenta