Skip to content

Commit

Permalink
Initial WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
ddl-ebrown committed Jun 22, 2023
1 parent fdefc5d commit acf8bb2
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ require (
require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
github.com/Nerzal/gocloak/v13 v13.7.0
github.com/dominodatalab/amqp-client v0.1.3
github.com/dominodatalab/controller-util v0.0.2
github.com/hashicorp/go-retryablehttp v0.7.1
Expand All @@ -70,7 +71,6 @@ require (
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
github.com/Microsoft/go-winio v0.5.2 // indirect
github.com/Nerzal/gocloak/v13 v13.7.0 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.12.0 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.4 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 // indirect
Expand Down
15 changes: 15 additions & 0 deletions pkg/controller/imagebuild/component/builddispatcher.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"sync"
"time"

"github.com/Nerzal/gocloak/v13"
"github.com/dominodatalab/controller-util/core"
"github.com/go-logr/logr"
"github.com/newrelic/go-agent/v3/newrelic"
Expand Down Expand Up @@ -184,6 +185,20 @@ func (c *BuildDispatcherComponent) Reconcile(ctx *core.Context) (ctrl.Result, er
}
clientInitSeg.End()

// TODO: look at the CR value to determine if JWT injection is enabled
if true {
kc := gocloak.NewClient(c.keycloakCfg.Server)
jwt, err := kc.LoginClient(buildCtx, c.keycloakCfg.ClientID, c.keycloakCfg.ClientSecret, c.keycloakCfg.Realm)
if err != nil {
log.Error(err, fmt.Sprintf(
"Failed to acquire [%s] Keycloak creds at [%s]", c.keycloakCfg.ClientID, c.keycloakCfg.Server))
} else {
obj.Spec.BuildArgs = append(obj.Spec.BuildArgs, fmt.Sprintf("%s=%s", "SERVICE_TOKEN", jwt.AccessToken))
// c.cfg.Secrets["SERVICE_TOKEN"] = jwt.AccessToken
log.Info(fmt.Sprintf("Injected %s JWT as SERVICE_TOKEN build-arg into builder", c.keycloakCfg.ClientID))
}
}

buildOpts := buildkit.BuildOptions{
Context: obj.Spec.Context,
Images: obj.Spec.Images,
Expand Down

0 comments on commit acf8bb2

Please sign in to comment.