Initial WIP

dominodatalab · Jun 22, 2023 · a54ea52 · a54ea52
1 parent b41a7fb
commit a54ea52
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/go.mod b/go.mod
@@ -45,6 +45,7 @@ require (
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
+	github.com/Nerzal/gocloak/v13 v13.7.0
 	github.com/dominodatalab/amqp-client v0.1.3
 	github.com/dominodatalab/controller-util v0.0.2
 	github.com/hashicorp/go-retryablehttp v0.7.1
@@ -70,7 +71,6 @@ require (
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/Nerzal/gocloak/v13 v13.7.0 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.12.0 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.4 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 // indirect

diff --git a/pkg/controller/imagebuild/component/builddispatcher.go b/pkg/controller/imagebuild/component/builddispatcher.go
@@ -7,7 +7,7 @@ import (
 	"sync"
 	"time"
 
-	_ "github.com/Nerzal/gocloak/v13" // temporary to prevent removal
+	"github.com/Nerzal/gocloak/v13"
 	"github.com/dominodatalab/controller-util/core"
 	hephv1 "github.com/dominodatalab/hephaestus/pkg/api/hephaestus/v1"
 	"github.com/dominodatalab/hephaestus/pkg/buildkit"
@@ -184,6 +184,20 @@ func (c *BuildDispatcherComponent) Reconcile(ctx *core.Context) (ctrl.Result, er
 	}
 	clientInitSeg.End()
 
+	// TODO: look at the CR value to determine if JWT injection is enabled
+	if true {
+		kc := gocloak.NewClient(c.keycloakCfg.Server)
+		jwt, err := kc.LoginClient(buildCtx, c.keycloakCfg.ClientID, c.keycloakCfg.ClientSecret, c.keycloakCfg.Realm)
+		if err != nil {
+			log.Error(err, fmt.Sprintf(
+				"Failed to acquire [%s] Keycloak creds at [%s]", c.keycloakCfg.ClientID, c.keycloakCfg.Server))
+		} else {
+			obj.Spec.BuildArgs = append(obj.Spec.BuildArgs, fmt.Sprintf("%s=%s", "SERVICE_TOKEN", jwt.AccessToken))
+			// c.cfg.Secrets["SERVICE_TOKEN"] = jwt.AccessToken
+			log.Info(fmt.Sprintf("Injected %s JWT as SERVICE_TOKEN build-arg into builder", c.keycloakCfg.ClientID))
+		}
+	}
+
 	buildOpts := buildkit.BuildOptions{
 		Context:                  obj.Spec.Context,
 		Images:                   obj.Spec.Images,