Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved UX for updating wif-config. #700

Merged
merged 1 commit into from
Jan 13, 2025
Merged

Improved UX for updating wif-config. #700

merged 1 commit into from
Jan 13, 2025

Conversation

renan-campos
Copy link
Collaborator

The included changes provide the following properties to the update command:

  • Operations that modify GCP cloud resources are always accompanied by a log message displayed to the user.
  • Changes to GCP cloud resources are made only when necessary.

Additional logic was needed to check the configuration of jwks and service account access. Prior to this, these resources were being updated every time the command was called.

@renan-campos renan-campos force-pushed the OCM-13183 branch 2 times, most recently from e2943d7 to 85739cb Compare January 4, 2025 15:05
tzvatot
tzvatot previously requested changes Jan 8, 2025
View reviewed changes
cmd/ocm/gcp/gcp-client-shim.go Outdated
needPolicyUpdate := false

policy, err := c.gcpClient.GetProjectIamPolicy(ctx, projectName, &cloudresourcemanager.GetIamPolicyRequest{})

if err != nil {
return fmt.Errorf("error fetching policy for project: %v", err)
return false, fmt.Errorf("error fetching policy for project: %v", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not related specifically to this MR: why not using errors.Wrap (as done in other places in this file)?

pkg/utils/jwks.go Outdated
jwksStrB string,
) bool {
var jwksA, jwksB struct {
Keys []struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about x5c and x5t?

Is there a a third party comparison tool that we can use? trying not to re-invent the wheel

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated to use https://pkg.go.dev/github.com/MicahParks/jwkset#JWKSMarshal

@renan-campos
Refactored GCP client operations to log user messages and optimized r…
4e0c787 
…esource updation

Ensured all operations modifying GCP cloud resources will log messages
to the user.

The 'ocm gcp update wif-config' command was unnecessarily updating the
oidc data of the workload identity pool, even when there were only
formatting differences. By improving the evaluation method for the jwks
configuration, the oidc configuration will now only be updated if there
is a meaningful difference.

Service Account access policies were being during every run of the
update command. By checking whether the policies are already in place,
updates to the policy will only occur if necassary.
@renan-campos renan-campos requested a review from tzvatot January 8, 2025 19:14
@ckandag ckandag self-requested a review January 13, 2025 20:04
@ckandag ckandag dismissed tzvatot’s stale review January 13, 2025 20:33

review comments addressed

@ckandag ckandag merged commit 1fb1d56 into openshift-online:main Jan 13, 2025
4 checks passed
@tzvatot
Copy link
Contributor

tzvatot commented Jan 14, 2025

LGTM

ckandag added a commit that referenced this pull request Feb 27, 2025
@ckandag
Release v1.0.4
2f3b3c5 
-3a8ef75 OCM-12971 | 'ocm gcp update wif-config' remediates all wif-config misconfigurations (#696)
-d4deb29 Add 'version' flag to wif-config create and update commands (#698)
-f079176 updated help message for wif verification errors
-1fb1d56 Refactored GCP client operations to log user messages and optimized resource updation (#700)
-dd04c33 Update Konflux references (#697)
-c84225e OCM-11995 | feat : Add GCP KMS custom encryption support (#701)
-7ac7051 added 'availability-zone' argument to machine pool creation (#703)
-56ca538 updates to konflux_build_pipeline (#704)
-b37893c listing wif-configs shows supported versions (#706)
-7087572 Update Konflux references (#702)
-7aac46f Update Konflux references (#707)
-2045f98 Update github.com/pkg/browser digest to 5ac0b6a (#708)
-0b6615a Update module github.com/golang-jwt/jwt/v4 to v4.5.1 (#709)
-1cf3d22 Update module github.com/openshift-online/ocm-sdk-go to v0.1.459 (#711)
-579f8de Update module github.com/golang/glog to v1.2.4 (#710)
-c5c95d5 n-3 vesion supportfor  wif-update (#713)
ckandag added a commit that referenced this pull request Feb 27, 2025
@ckandag
Release v1.0.4
8cf0146 
-3a8ef75 OCM-12971 | 'ocm gcp update wif-config' remediates all wif-config misconfigurations (#696)
-d4deb29 Add 'version' flag to wif-config create and update commands (#698)
-f079176 updated help message for wif verification errors
-1fb1d56 Refactored GCP client operations to log user messages and optimized resource updation (#700)
-dd04c33 Update Konflux references (#697)
-c84225e OCM-11995 | feat : Add GCP KMS custom encryption support (#701)
-7ac7051 added 'availability-zone' argument to machine pool creation (#703)
-56ca538 updates to konflux_build_pipeline (#704)
-b37893c listing wif-configs shows supported versions (#706)
-7087572 Update Konflux references (#702)
-7aac46f Update Konflux references (#707)
-2045f98 Update github.com/pkg/browser digest to 5ac0b6a (#708)
-0b6615a Update module github.com/golang-jwt/jwt/v4 to v4.5.1 (#709)
-1cf3d22 Update module github.com/openshift-online/ocm-sdk-go to v0.1.459 (#711)
-579f8de Update module github.com/golang/glog to v1.2.4 (#710)
-c5c95d5 n-3 vesion supportfor  wif-update (#713)
@ckandag ckandag mentioned this pull request Feb 27, 2025
Merged
renan-campos pushed a commit that referenced this pull request Feb 27, 2025
@ckandag
Release v1.0.4 (#714)
3655692 
-3a8ef75 OCM-12971 | 'ocm gcp update wif-config' remediates all wif-config misconfigurations (#696)
-d4deb29 Add 'version' flag to wif-config create and update commands (#698)
-f079176 updated help message for wif verification errors
-1fb1d56 Refactored GCP client operations to log user messages and optimized resource updation (#700)
-dd04c33 Update Konflux references (#697)
-c84225e OCM-11995 | feat : Add GCP KMS custom encryption support (#701)
-7ac7051 added 'availability-zone' argument to machine pool creation (#703)
-56ca538 updates to konflux_build_pipeline (#704)
-b37893c listing wif-configs shows supported versions (#706)
-7087572 Update Konflux references (#702)
-7aac46f Update Konflux references (#707)
-2045f98 Update github.com/pkg/browser digest to 5ac0b6a (#708)
-0b6615a Update module github.com/golang-jwt/jwt/v4 to v4.5.1 (#709)
-1cf3d22 Update module github.com/openshift-online/ocm-sdk-go to v0.1.459 (#711)
-579f8de Update module github.com/golang/glog to v1.2.4 (#710)
-c5c95d5 n-3 vesion supportfor  wif-update (#713)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ckandag ckandag ckandag approved these changes

@JakobGray JakobGray JakobGray approved these changes

@tzvatot tzvatot Awaiting requested review from tzvatot

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@renan-campos @tzvatot @ckandag @JakobGray