From a704e396c6c3a29162cc7e7999618c377a735673 Mon Sep 17 00:00:00 2001 From: ddl-ebrown Date: Wed, 21 Jun 2023 18:24:01 -0700 Subject: [PATCH] Add EnableServiceAccountTokenInjection to CRD --- .../crds/hephaestus.dominodatalab.com_imagebuilds.yaml | 5 +++++ pkg/api/hephaestus/v1/imagebuild_types.go | 3 +++ pkg/controller/imagebuild/component/builddispatcher.go | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/deployments/crds/hephaestus.dominodatalab.com_imagebuilds.yaml b/deployments/crds/hephaestus.dominodatalab.com_imagebuilds.yaml index cc684a67..e094f3ee 100644 --- a/deployments/crds/hephaestus.dominodatalab.com_imagebuilds.yaml +++ b/deployments/crds/hephaestus.dominodatalab.com_imagebuilds.yaml @@ -78,6 +78,11 @@ spec: description: DisableCacheLayerExport will remove the "inline" cache metadata from the image configuration. type: boolean + enableServiceAccountTokenInjection: + description: EnableServiceAccountTokenInjection adds a service account + JWT token as build-arg to the images. This supports use cases like + model building that must access other Domino services + type: boolean images: description: Images is a list of images to build and push. items: diff --git a/pkg/api/hephaestus/v1/imagebuild_types.go b/pkg/api/hephaestus/v1/imagebuild_types.go index b96e1d70..272472b0 100644 --- a/pkg/api/hephaestus/v1/imagebuild_types.go +++ b/pkg/api/hephaestus/v1/imagebuild_types.go @@ -32,6 +32,9 @@ type ImageBuildSpec struct { DisableLocalBuildCache bool `json:"disableBuildCache,omitempty"` // DisableCacheLayerExport will remove the "inline" cache metadata from the image configuration. DisableCacheLayerExport bool `json:"disableCacheExport,omitempty"` + // EnableServiceAccountTokenInjection adds a service account JWT token as build-arg to the images. + // This supports use cases like model building that must access other Domino services + EnableServiceAccountTokenInjection bool `json:"enableServiceAccountTokenInjection,omitempty"` } type ImageBuildTransition struct { diff --git a/pkg/controller/imagebuild/component/builddispatcher.go b/pkg/controller/imagebuild/component/builddispatcher.go index 81d5f68f..797021af 100644 --- a/pkg/controller/imagebuild/component/builddispatcher.go +++ b/pkg/controller/imagebuild/component/builddispatcher.go @@ -184,7 +184,7 @@ func (c *BuildDispatcherComponent) Reconcile(ctx *core.Context) (ctrl.Result, er return ctrl.Result{}, c.phase.SetFailed(ctx, obj, err) } - if c.keycloakCfg.Enabled { + if obj.Spec.EnableServiceAccountTokenInjection && c.keycloakCfg.Enabled { buildLog.Info("Acquiring Keycloak service account token") kc := gocloak.NewClient(c.keycloakCfg.Server) jwt, err := kc.LoginClient(buildCtx, c.keycloakCfg.ClientID, c.keycloakCfg.ClientSecret, c.keycloakCfg.Realm)