Development --> Master (#41)

* Update integration test (#19) * update integration test * update README (#20) * update README * spelling errors * remove {: screen} * add coveralls * new helm chart (#21) * new chart * update to version 0.4.0 * remove version 0.1.0 * readme updates * add flag info * update name * fix integration test * update state param parsing * clean code (#23) * clean code * check for presence of state * Updates adapter descriptions for Istio.io page (#24) * updates adapter description * fixing typo :| (#27) * update description and adapter title (#31) * Update README.md (#34) * Update README.md * minor update * Update deployment yaml file (#39) * update deployment yaml file * fix spacing * fix spacing * Update adpater version (#40) * update adpater version * update readme Co-authored-by: kimmytaft <[email protected]> Co-authored-by: Anup Rokkam <[email protected]>
ibm-cloud-security · Jan 30, 2020 · 4e5f376 · 4e5f376
1 parent 9bd4db9
commit 4e5f376
Show file tree

Hide file tree

Showing 13 changed files with 29 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -81,22 +81,24 @@ To install the chart, initialize Helm in your cluster, define the options that y
 
 1. If you're working with IBM Cloud Kubeneretes service, be sure to login and set the context for your cluster.
 
-2. Install Helm in your cluster.
+2. Enable Istio [Policy Enforcement](https://istio.io/docs/tasks/policy-enforcement/enabling-policy/)
+
+3. Install Helm in your cluster.
 
     ```bash
     helm init
     ```
 
 >>You might want to configure Helm to use `--tls` mode. For help with enabling TLS, check out the [Helm repository](https://github.com/helm/helm/blob/master/docs/tiller_ssl.md). If you enable TLS, be sure to append `--tls` to every Helm command that you run. For more information about using Helm with IBM Cloud Kubernetes Service, see [Adding services by using Helm Charts](https://cloud.ibm.com/docs/docs/containers?topic=containers-helm#public_helm_install).
 
-3. Install the chart.
+4. Install the chart.
 
     ```bash
     $ helm repo add appidentityandaccessadapter https://raw.githubusercontent.com/ibm-cloud-security/app-identity-and-access-adapter/master/helm/appidentityandaccessadapter
     $ helm install --name appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter
     ```
 
->>Helm lets you specify an image tag during installation with the set image.tag flag. For example, `helm install --name appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter --set image.tag=0.4.0`
+>>Helm lets you specify an image tag during installation with the set image.tag flag. For example, `helm install --name appidentityandaccessadapter appidentityandaccessadapter/appidentityandaccessadapter --set image.tag=0.5.0`
 
 >>The chart can also be installed locally. First clone this repo by `git clone [email protected]:ibm-cloud-security/app-identity-and-access-adapter.git`, then install the chart `helm install ./helm/appidentityandaccessadapter --name appidentityandaccessadapter`.
 
@@ -200,7 +202,7 @@ spec:
 
 | Service Object | Type | Required | Description   |
 |----------------|:----:|:--------:| :-----------: |
-| `service` | string | yes | The name of Kubernetes service in the Policy namespace that you want to protect. |
+| `serviceName` | string | yes | The name of Kubernetes service in the Policy namespace that you want to protect. |
 | `paths` | array[Path Object] | yes | A list of path objects that define the endpoints that you want to protect. If left empty, all paths are protected. |
 
 

diff --git a/adapter/authserver/authserver.go b/adapter/authserver/authserver.go
@@ -122,9 +122,9 @@ func (s *RemoteService) UserInfoEndpoint() string {
 // GetTokens performs a request to the token endpoint
 func (s *RemoteService) GetTokens(authnMethod string, clientID string, clientSecret string, authorizationCode string, redirectURI string, refreshToken string) (*TokenResponse, error) {
 	_ = s.initialize()
-	form := url.Values{
-		"client_id": {clientID},
-	}
+
+	form := url.Values{}
+
 	if refreshToken != "" {
 		form.Add("grant_type", "refresh_token")
 		form.Add("refresh_token", refreshToken)

diff --git a/adapter/authserver/keyset/keyset_test.go b/adapter/authserver/keyset/keyset_test.go
@@ -39,7 +39,7 @@ func TestNew(t *testing.T) {
 
 		h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 			assert.Equal(t, req.URL.String(), "/publicKeys")
-			assert.Equal(t, req.Header.Get("xFilterType"), "IstioAdapter")
+			assert.Equal(t, req.Header.Get("x-filter-type"), "IstioAdapter")
 			w.Write([]byte(e.res))
 		})
 

diff --git a/adapter/networking/networking.go b/adapter/networking/networking.go
@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	filterType     = "xFilterType"
+	filterType     = "x-filter-type"
 	istioAdapter   = "IstioAdapter"
 	defaultTimeout = 5 * time.Second
 )

diff --git a/adapter/policy/handler/crdeventhandler/add_event.go b/adapter/policy/handler/crdeventhandler/add_event.go
@@ -33,10 +33,10 @@ type PolicyAddEventHandler struct {
 }
 
 func (e *JwtConfigAddEventHandler) HandleAddUpdateEvent() {
-	zap.L().Info("Create/Update JwtPolicy", zap.String("ID", string(e.Obj.ObjectMeta.UID)), zap.String("name", e.Obj.Name), zap.String("namespace", e.Obj.Namespace))
+	zap.L().Info("Create/Update JwtConfig", zap.String("ID", string(e.Obj.ObjectMeta.UID)), zap.String("name", e.Obj.Name), zap.String("namespace", e.Obj.Namespace))
 	e.Obj.Spec.ClientName = e.Obj.ObjectMeta.Namespace + "/" + e.Obj.ObjectMeta.Name
 	e.Store.AddKeySet(e.Obj.Spec.ClientName, keyset.New(e.Obj.Spec.JwksURL, nil))
-	zap.L().Info("JwtPolicy created/updated", zap.String("ID", string(e.Obj.ObjectMeta.UID)), zap.String("name", e.Obj.ObjectMeta.Name), zap.String("namespace", e.Obj.ObjectMeta.Namespace))
+	zap.L().Info("JwtConfig created/updated", zap.String("ID", string(e.Obj.ObjectMeta.UID)), zap.String("name", e.Obj.ObjectMeta.Name), zap.String("namespace", e.Obj.ObjectMeta.Namespace))
 }
 
 func (e *OidcConfigAddEventHandler) HandleAddUpdateEvent() {

diff --git a/adapter/policy/handler/handler_test.go b/adapter/policy/handler/handler_test.go
@@ -22,7 +22,7 @@ func getObjectMeta() metav1.ObjectMeta {
 }
 
 func getTypeMeta() metav1.TypeMeta {
-	return metav1.TypeMeta{APIVersion: "v1", Kind: "JwtPolicy"}
+	return metav1.TypeMeta{APIVersion: "v1", Kind: "OidcConfig"}
 }
 
 

diff --git a/helm/appidentityandaccessadapter/Chart.yaml b/helm/appidentityandaccessadapter/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
 name: appidentityandaccessadapter
 namespace: istio-system
-version: 0.4.0
+version: 0.5.0
 description: A Helm chart for the App Identity and Access Adapter
diff --git a/helm/appidentityandaccessadapter/appidentityandaccessadapter-0.4.0.tgz b/helm/appidentityandaccessadapter/appidentityandaccessadapter-0.4.0.tgz
diff --git a/helm/appidentityandaccessadapter/appidentityandaccessadapter-0.5.0.tgz b/helm/appidentityandaccessadapter/appidentityandaccessadapter-0.5.0.tgz
diff --git a/helm/appidentityandaccessadapter/index.yaml b/helm/appidentityandaccessadapter/index.yaml
@@ -2,11 +2,11 @@ apiVersion: v1
 entries:
   appidentityandaccessadapter:
   - apiVersion: v1
-    created: "2019-07-11T11:20:28.607495-05:00"
+    created: 2020-01-30T11:47:01.463223-06:00
     description: A Helm chart for the App Identity and Access Adapter
-    digest: e01cbc4df68ce945fcfbd382a931a987e4c24a588a8ac63a816719d68ea9b5d3
+    digest: 01fb58d3feeaac24549b2b202d87df8208c4b5bff78ddf81dc051a3ea4df7b3f
     name: appidentityandaccessadapter
     urls:
-    - appidentityandaccessadapter-0.4.0.tgz
-    version: 0.4.0
-generated: "2019-07-11T11:20:28.600058-05:00"
+    - appidentityandaccessadapter-0.5.0.tgz
+    version: 0.5.0
+generated: 2020-01-30T11:47:01.456838-06:00
diff --git a/helm/appidentityandaccessadapter/templates/deployment.yaml b/helm/appidentityandaccessadapter/templates/deployment.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: dpl-{{ .Values.appName }}
@@ -7,6 +7,9 @@ metadata:
     app: {{ .Values.appName }}
 spec:
   replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Values.appName }}
   template:
     metadata:
       labels:

diff --git a/helm/appidentityandaccessadapter/values.yaml b/helm/appidentityandaccessadapter/values.yaml
@@ -18,7 +18,7 @@ image:
   ## The image version to pull. Tag "latest" always contains
   ## the most up-to-date image. To avoid breaking changes during
   ## installs, it is recommended to use a tag.
-  tag: 0.4.0
+  tag: 0.5.0
   ## The pullPolicy defines when the adapter image needs to be re-pulled
   ## from the source repository. Set to Always when using "latest."
   pullPolicy: Always

diff --git a/samples/app/sample-app.yaml b/samples/app/sample-app.yaml
@@ -41,7 +41,7 @@ spec:
               number: 8000
             host: svc-sample-app
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: dpl-sample-app
@@ -50,6 +50,9 @@ metadata:
     app: sample-app
 spec:
   replicas: 1
+  selector:
+    matchLabels:
+      app: sample-app
   template:
     metadata:
       labels:
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,7 +22,7 @@ func getObjectMeta() metav1.ObjectMeta { @@
     }
     func getTypeMeta() metav1.TypeMeta {
-    	return metav1.TypeMeta{APIVersion: "v1", Kind: "JwtPolicy"}
+    	return metav1.TypeMeta{APIVersion: "v1", Kind: "OidcConfig"}
     }
@@ Expand Down @@