NationTech/harmony
3
0
Fork 2
Code Issues 38 Pull Requests 29 Actions Packages Projects Releases 1 Wiki Activity
Files
feat/fleet-ch5-graceful-deploy-upgrade
harmony/fleet/harmony-fleet-operator/dev.sh
Jean-Gabriel Gill-Couture 78bb5d77d8
All checks were successful
Run Check Script / check (pull_request) Successful in 2m19s
Details
feat(fleet-operator): dashboard SSO config via ConfigClient, not env soup 
The auth code (Reda's, proven locally) read 7 FLEET_AUTH_* env vars at
the pod. Replace that with one typed Config value each, loaded the
Harmony way.

- harmony_zitadel_auth: ZitadelAuthConfig is now a `Config` (Serialize/
  Deserialize/JsonSchema). Add OperatorCookieKey (secret Config) with a
  base64→Key decode. Drop config_from_env/cookie_key_from_env + the
  FLEET_AUTH_* consts.
- operator: serve_dashboard loads ZitadelAuthConfig + OperatorCookieKey
  via ConfigClient::for_namespace (EnvSource → OpenBao). No env soup.
- deploy: resolves the values (hosts derived from base_domain, client_id
  + audiences from FleetDeployConfig, cookie key from FleetDeploySecrets)
  and bakes them into the operator Secret as HARMONY_CONFIG_<KEY> JSON.
  The published chart wires the env→Secret refs at publish time
  (optional, pod-light); the deploy fills the Secret at deploy time —
  same pattern as the NATS credentials. A test locks the baked env names
  to the structs' Config keys.
- fleet_staging_install seeds a generated cookie key; dev.sh exports the
  two HARMONY_CONFIG_* JSON values instead of 7 vars.

Dashboard serves once the Zitadel app allows the staging redirect URIs
(fleet-stg.<base>/auth/callback) — the one remaining non-code step.
2026-06-01 22:07:58 -04:00

16 lines
1.1 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# The operator reads its auth config via ConfigClient — one typed value
# each (EnvSource keys a Config struct under HARMONY_CONFIG_<TypeName>),
# not a fistful of FLEET_AUTH_* vars. base_url is localhost for this local
# serve-web; staging derives it from base_domain in the deploy.
export HARMONY_CONFIG_ZitadelAuthConfig='{"zitadel_base":"https://sso-stg.cb1.nationtech.io","base_url":"http://localhost:18080","client_id":"372626218874372917","scope":"openid profile email","trusted_audiences":["371639797493596981","371683318111994677","372626218874372917","371639797157987125"],"logout_redirect_uri":"http://localhost:18080/"}'
export HARMONY_CONFIG_OperatorCookieKey='{"cookie_key_b64":"6eKVpj88jwIcmaJajPfohdaIXhSPlfYCrHaOfymTcIWBAIadvhg7NHpMo5vPSMy90vac3cq2liWe1naSgkbaYg=="}'
export RUST_LOG=debug
cargo watch -- cargo run -p harmony-fleet-operator --features web-frontend -- serve-web \
--mock \
--css-from ./style/dist/tailwind.css \
--live-reload &
tailwindcss --input style/input.css --output style/dist/tailwind.css --watch
Reference in New Issue View Git Blame Copy Permalink