search

canonical / oathkeeper-operator

Charmed Ory Oathkeeper
https://charmhub.io/oathkeeper
Apache License 2.0
1 stars 4 forks source link

Store config file and access rules in configmaps #37

Closed natalian98 closed 10 months ago

natalian98 commented 10 months ago

In order to test this PR:

  1. Pack and deploy the charm: 
    charmcraft pack
juju deploy ./oathkeeper*.charm --resource oci-image=$(yq eval '.resources.oci-image.upstream-source' metadata.yaml)
  2. Wait for the charm to get active, then get the configMap for oathkeeper config: 
    kubectl get cm -n <namespace> oathkeeper-config -o yaml

    The access-rules configmap should be created, but without rules data.

  3. Deploy a charm that is able to relate with oathkeeper via auth-proxy (for example, zinc-k8s from this branch): 
    juju deploy ./zinc-k8s*.charm --resource zinc-image=ghcr.io/jnsgruk/zinc:0.4.9 --trust
juju relate oathkeeper zinc-k8s
  4. Check the access-rules configmap: 
    kubectl get cm -n <namespace> access-rules -o yaml

    Verify that the access rules repositories got updated in the config file:

    juju ssh oathkeeper/0 "PYTHONPATH=agents/unit-oathkeeper-0/charm/venv/ python3 -c '
from ops import pebble
p = pebble.Client(\"/charm/containers/oathkeeper/pebble.socket\")
f = p.pull(\"/etc/config/oathkeeper/oathkeeper.yaml\")
print(f.read())
'"

    or run juju run oathkeeper/0 list-rules. You can also deploy traefik and relate it to zinc to verify that the access rules get updated.

  5. Run juju remove-relation oathkeeper zinc-k8s and check the access-rules configmap to see that the rules got removed.