Jean-Gabriel Gill-Couture
78bb5d77d8
All checks were successful
Run Check Script / check (pull_request) Successful in 2m19s
The auth code (Reda's, proven locally) read 7 FLEET_AUTH_* env vars at the pod. Replace that with one typed Config value each, loaded the Harmony way. - harmony_zitadel_auth: ZitadelAuthConfig is now a `Config` (Serialize/ Deserialize/JsonSchema). Add OperatorCookieKey (secret Config) with a base64→Key decode. Drop config_from_env/cookie_key_from_env + the FLEET_AUTH_* consts. - operator: serve_dashboard loads ZitadelAuthConfig + OperatorCookieKey via ConfigClient::for_namespace (EnvSource → OpenBao). No env soup. - deploy: resolves the values (hosts derived from base_domain, client_id + audiences from FleetDeployConfig, cookie key from FleetDeploySecrets) and bakes them into the operator Secret as HARMONY_CONFIG_<KEY> JSON. The published chart wires the env→Secret refs at publish time (optional, pod-light); the deploy fills the Secret at deploy time — same pattern as the NATS credentials. A test locks the baked env names to the structs' Config keys. - fleet_staging_install seeds a generated cookie key; dev.sh exports the two HARMONY_CONFIG_* JSON values instead of 7 vars. Dashboard serves once the Zitadel app allows the staging redirect URIs (fleet-stg.<base>/auth/callback) — the one remaining non-code step.
47 lines
1.7 KiB
TOML
47 lines
1.7 KiB
TOML
[package]
|
|
name = "harmony-fleet-operator"
|
|
version = "0.1.0"
|
|
edition = "2024"
|
|
rust-version = "1.85"
|
|
build = "build.rs"
|
|
|
|
[features]
|
|
default = []
|
|
# Server-side dashboard (axum + Maud + HTMX). Tailwind CSS is embedded at
|
|
# build time when the standalone `tailwindcss` CLI is on PATH; otherwise
|
|
# the bundled CSS is empty and `--css-from <path>` must be used at runtime
|
|
# (the sidecar-watch dev workflow does this).
|
|
web-frontend = ["dep:axum", "dep:axum-extra", "dep:maud", "dep:tokio-stream", "harmony_zitadel_auth/axum"]
|
|
|
|
[dependencies]
|
|
harmony = { path = "../../harmony", features = ["podman"] }
|
|
harmony-fleet-auth = { path = "../harmony-fleet-auth" }
|
|
harmony-reconciler-contracts = { path = "../../harmony-reconciler-contracts" }
|
|
harmony_config = { path = "../../harmony_config" }
|
|
harmony_zitadel_auth = { path = "../../harmony_zitadel_auth" }
|
|
toml = { workspace = true }
|
|
chrono = { workspace = true, features = ["serde"] }
|
|
kube = { workspace = true, features = ["runtime", "derive"] }
|
|
k8s-openapi.workspace = true
|
|
async-nats = { workspace = true }
|
|
serde.workspace = true
|
|
serde_json.workspace = true
|
|
schemars = "0.8.22"
|
|
tokio.workspace = true
|
|
tracing = { workspace = true }
|
|
tracing-subscriber = { workspace = true }
|
|
anyhow.workspace = true
|
|
clap.workspace = true
|
|
futures-util = { workspace = true }
|
|
thiserror.workspace = true
|
|
async-trait.workspace = true
|
|
url.workspace = true
|
|
base64.workspace = true
|
|
reqwest.workspace = true
|
|
|
|
axum = { version = "0.8", optional = true }
|
|
axum-extra = { version = "0.10", features = ["cookie", "cookie-private"], optional = true }
|
|
maud = { version = "0.27", features = ["axum"], optional = true }
|
|
tokio-stream = { version = "0.1", optional = true }
|
|
dotenvy = "0.15"
|