From e01f972540a2fb04ce4b4b0beaa90a24a75f9683 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Gustav=20Str=C3=A5b=C3=B8?= Date: Mon, 19 Feb 2024 09:40:00 +0100 Subject: [PATCH 1/3] upgrade oauth2-proxy to 7.6.0 --- docker-compose-host-macos.yml | 3 ++- docker-compose-host.yml | 3 ++- docker-compose.yml | 3 ++- radixconfig.yaml | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docker-compose-host-macos.yml b/docker-compose-host-macos.yml index 6ad445784..32fa8109c 100644 --- a/docker-compose-host-macos.yml +++ b/docker-compose-host-macos.yml @@ -55,7 +55,7 @@ services: - "8080:8080" auth: - image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1 + image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 container_name: radix-auth_container environment: # See the `radixconfig.yaml` file for a description of these settings @@ -67,6 +67,7 @@ services: - OAUTH2_PROXY_EMAIL_DOMAINS=* - OAUTH2_PROXY_HTTP_ADDRESS=http://:8000 - OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0 + - OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL=true - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true - OAUTH2_PROXY_PASS_BASIC_AUTH=false - OAUTH2_PROXY_PASS_USER_HEADERS=false diff --git a/docker-compose-host.yml b/docker-compose-host.yml index c0507636c..3ef1e4396 100644 --- a/docker-compose-host.yml +++ b/docker-compose-host.yml @@ -37,7 +37,7 @@ services: - "8080:8080" auth: - image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1 + image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 container_name: radix-auth_container environment: # See the `radixconfig.yaml` file for a description of these settings @@ -49,6 +49,7 @@ services: - OAUTH2_PROXY_EMAIL_DOMAINS=* - OAUTH2_PROXY_HTTP_ADDRESS=http://:8000 - OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0 + - OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL=true - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true - OAUTH2_PROXY_PASS_BASIC_AUTH=false - OAUTH2_PROXY_PASS_USER_HEADERS=false diff --git a/docker-compose.yml b/docker-compose.yml index a0b97bf3c..3499e26a0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -41,7 +41,7 @@ services: - "8080:8080" auth: - image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1 + image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 container_name: radix-auth_container environment: # See the `radixconfig.yaml` file for a description of these settings @@ -53,6 +53,7 @@ services: - OAUTH2_PROXY_EMAIL_DOMAINS=* - OAUTH2_PROXY_HTTP_ADDRESS=http://:8000 - OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0 + - OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL=true - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true - OAUTH2_PROXY_PASS_BASIC_AUTH=false - OAUTH2_PROXY_PASS_USER_HEADERS=false diff --git a/radixconfig.yaml b/radixconfig.yaml index 60aabdb6c..7d7d1e7e0 100644 --- a/radixconfig.yaml +++ b/radixconfig.yaml @@ -38,7 +38,7 @@ spec: - DYNATRACE_API_TOKEN # Token to use for display of availability metrics - OAUTH2_CLIENT_ID # Azure Application ID - name: auth - image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1 # see https://github.com/oauth2-proxy/oauth2-proxy/blob/master/docs/docs/configuration/overview.md + image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 # see https://github.com/oauth2-proxy/oauth2-proxy/blob/master/docs/docs/configuration/overview.md ports: - name: http port: 8000 @@ -63,6 +63,7 @@ spec: OAUTH2_PROXY_EMAIL_DOMAINS: "*" # Any email address registered in AD should be accepted OAUTH2_PROXY_HTTP_ADDRESS: "http://:8000" # The port oauth2_proxy listens on OAUTH2_PROXY_OIDC_ISSUER_URL: "https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0" # That's the Equinor tenant ID + OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL: "true" OAUTH2_PROXY_PASS_ACCESS_TOKEN: "true" # Pass the access token upstream (to the proxy component) OAUTH2_PROXY_PASS_BASIC_AUTH: "false" # Disable unused default OAUTH2_PROXY_PASS_USER_HEADERS: "false" # Disable unused default From 1073698196d70ae27b7678d1299e34952ce0bfca Mon Sep 17 00:00:00 2001 From: Sergey Smolnikov Date: Mon, 19 Feb 2024 14:37:53 +0100 Subject: [PATCH 2/3] Added confirmation dialog to re-generate deploy-key (#964) --- .../configure-application-github/index.tsx | 44 ++++++++++++++++--- .../configure-application-github/style.css | 16 +++++++ 2 files changed, 55 insertions(+), 5 deletions(-) diff --git a/src/components/configure-application-github/index.tsx b/src/components/configure-application-github/index.tsx index f3ee5e88c..2d2ec0a8c 100644 --- a/src/components/configure-application-github/index.tsx +++ b/src/components/configure-application-github/index.tsx @@ -28,6 +28,7 @@ import { import { pollingInterval } from '../../store/defaults'; import { handlePromiseWithToast } from '../global-top-nav/styled-toaster'; import { getFetchErrorMessage } from '../../store/utils'; +import { ScrimPopup } from '../scrim-popup'; const radixZoneDNS = configVariables.RADIX_CLUSTER_BASE; @@ -53,7 +54,8 @@ export const ConfigureApplicationGithub = ({ const isExpanded = !!startVisible; const webhookURL = `https://webhook.${radixZoneDNS}/events/github?appName=${app.name}`; const [useOtherCiTool, setUseOtherCiTool] = useState(false); - + const [visibleRegenerateScrim, setVisibleRegenerateScrim] = + useState(false); const [regenerateSecrets, { isLoading, error }] = useRegenerateDeployKeyMutation(); const { data: secrets, refetch: refetchSecrets } = @@ -63,13 +65,14 @@ export const ConfigureApplicationGithub = ({ ); const onRegenerate = handlePromiseWithToast(async () => { + setVisibleRegenerateScrim(false); await regenerateSecrets({ appName: app.name, regenerateDeployKeyAndSecretData: { sharedSecret: nanoid() }, }).unwrap(); await refetchSecrets(); await refetch?.(); - }); + }, 'Successfully re-generated deploy key and webhook secret'); return (
@@ -130,9 +133,40 @@ export const ConfigureApplicationGithub = ({ Regenerating… ) : ( - + <> + setVisibleRegenerateScrim(false)} + isDismissable + > +
+
+ + Do you want to re-generate{' '} + deploy key and webhook secret? + + + New deploy key and webhook secret need to be put + to the GitHub repository settings + +
+ + + + + +
+ + + )}
diff --git a/src/components/configure-application-github/style.css b/src/components/configure-application-github/style.css index 6b78d972b..1fed62dfd 100644 --- a/src/components/configure-application-github/style.css +++ b/src/components/configure-application-github/style.css @@ -34,3 +34,19 @@ filter: invert(0); } } + +.regenerate-content { + padding: var(--eds_spacing_medium); + padding-top: 0; + overflow: auto; +} +@media (min-width: 150rem) { + .regenerate-content { + margin: auto; + } +} + +.regenerate-options { + margin-top: auto; + margin-bottom: auto; +} From 87c853a5759fcfe13ffd3626b6a420bc2d353df3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Gustav=20Str=C3=A5b=C3=B8?= Date: Tue, 20 Feb 2024 10:37:10 +0100 Subject: [PATCH 3/3] ignore external dns alias click when using automation --- src/components/page-active-component/external-dns.tsx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/components/page-active-component/external-dns.tsx b/src/components/page-active-component/external-dns.tsx index 48e3f1f67..3f1d07a50 100644 --- a/src/components/page-active-component/external-dns.tsx +++ b/src/components/page-active-component/external-dns.tsx @@ -143,6 +143,9 @@ export const ExternalDNSAccordion: FunctionComponent<{ { + if (v.tls.useAutomation) { + return; + } setSelectedExternalDns(v); setVisibleScrim(true); }}