Closed turkenh closed 1 month ago
@turkenh thanks for the implementation - i tested the implementation over time i got the following issue:
Warning CannotObserveExternalResource 2m8s (x2110 over 34h) managed/object.kubernetes.crossplane.io cannot get object: failed to get API group resources: unable to retrieve the complete list of server APIs: spaces.upbound.io/v1beta1: Get "https://upbound-gcp-us-west-1.space.mxe.upbound.io/apis/spaces.upbound.io/v1beta1": cannot get upbound org scoped token: Post "https://auth.upbound.io/apis/tokenexchange.upbound.io/v1alpha1/orgscopedtokens": context canceled
yes looks like after 60 minutes something happens:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning CannotObserveExternalResource 2m23s (x46 over 42m) managed/object.kubernetes.crossplane.io cannot get object: failed to get API group resources: unable to retrieve the complete list of server APIs: spaces.upbound.io/v1beta1: Get "https://upbound-gcp-us-west-1.space.mxe.upbound.io/apis/spaces.upbound.io/v1beta1": cannot get upbound org scoped token: Post "https://auth.upbound.io/apis/tokenexchange.upbound.io/v1alpha1/orgscopedtokens": context canceled
NAME KIND PROVIDERCONFIG SYNCED READY AGE
object.kubernetes.crossplane.io/ctp-dev-69wbr Secret default False True 61m
object.kubernetes.crossplane.io/ctp-dev-bwqbl ControlPlane 5ab0024e-fbc3-4a42-a1a1-a1dd4875093d-space False True 61m
object.kubernetes.crossplane.io/ctp-dev-qcj2n Secret default False True 61m
yes looks like after 60 minutes something happens
@haarchri it should be fixed now.
Also, please note the small change in the identity type to be consistent with others, UpboundToken
-> UpboundTokens
.
its working now:
object.kubernetes.crossplane.io/ctp-prod-cdd6x Secret default True True 83m
object.kubernetes.crossplane.io/ctp-prod-lgbtg Secret default True True 83m
object.kubernetes.crossplane.io/ctp-prod-wfzd4 ControlPlane 24bf1d49-140c-41e2-819e-15e14acf2538-space True True 83m
thanks for the implementation
Description of your changes
This PR adding support for authenticating with Upbound identity using session/robot tokens:
With the number of identity providers increasing, I took the liberty of refactoring the relevant code piece so that we can consume the same package from the provider-helm (and other similar providers) instead of duplicating the code. After this PR, I'll open a PR to consume the package
github.com/crossplane-contrib/provider-kubernetes/pkg/kube/
from provider-helm. It may not be the perfect solution but I believe it is a step forward and we can easily move it to a shared place (e.g. crossplane-runtime) if we decide to do so.I have:
make reviewable test
to ensure this PR is ready for review.How has this code been tested
Configure & Create:
Observe: