Skip to content

Enable Workload Identity #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
danielscholl merged 124 commits into from
Jan 26, 2025
Merged

Enable Workload Identity #254

danielscholl merged 124 commits into from
Jan 26, 2025

Conversation

@danielscholl
Copy link
Collaborator

@danielscholl danielscholl commented Jan 26, 2025

This change set moves the solution to fully leverage workload identity.

@danielscholl danielscholl requested a review from Copilot January 26, 2025 17:31
@github-actions github-actions bot added documentation Improvements or additions to documentation infrastructure This includes infrastructure changes. software This includes software changes. labels Jan 26, 2025
@danielscholl danielscholl self-assigned this Jan 26, 2025
Copilot AI reviewed Jan 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 47 out of 62 changed files in this pull request and generated 2 comments.

Files not reviewed (15)
  • bicep/main.bicep: Language not supported
  • bicep/main.parameters.json: Language not supported
  • bicep/modules/blade_cluster.bicep: Language not supported
  • bicep/modules/blade_configuration.bicep: Language not supported
  • bicep/modules/blade_partition.bicep: Language not supported
  • bicep/modules/keyvault_secrets.bicep: Language not supported
  • bicep/modules/managed-cluster/agent-pool/main.bicep: Language not supported
  • bicep/modules/managed-cluster/aks_appconfig_extension.bicep: Language not supported
  • bicep/modules/managed-cluster/aks_policy.bicep: Language not supported
  • bicep/modules/managed-cluster/main.bicep: Language not supported
  • bicep/modules/managed-cluster/maintenance-configurations/main.bicep: Language not supported
  • charts/osdu-developer-base/Chart.yaml: Evaluated as low risk
  • charts/osdu-developer-init/Chart.yaml: Evaluated as low risk
  • charts/blob-upload/Chart.yaml: Evaluated as low risk
  • .github/workflows/test.yml: Evaluated as low risk
Comments suppressed due to low confidence (3)

charts/osdu-developer-base/templates/envoy-filter.yaml:63

  • The 'appid' claim is used as a fallback for 'x-user-id', which might not be appropriate. 'appid' typically represents application IDs, not user IDs.
request_handle:headers():add("x-user-id", payload["appid"])

charts/osdu-developer-init/README.md:27

  • [nitpick] The new namespace 'osdu-core-osdu-init-user' should be verified to ensure it is correct.
helm template osdu-core-osdu-init-user -f custom_values.yaml .

charts/osdu-developer-init/README.md:29

  • [nitpick] The new namespace 'osdu-core-osdu-init-partition' should be verified to ensure it is correct.
helm upgrade --install osdu-core-osdu-init-partition . -n $NAMESPACE -f custom_values.yaml

@danielscholl danielscholl added this to the Security milestone Jan 26, 2025
@danielscholl danielscholl merged commit dd2d1f1 into main Jan 26, 2025
13 checks passed
@danielscholl danielscholl deleted the identity branch January 26, 2025 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@danielscholl danielscholl

Labels

documentation Improvements or additions to documentation infrastructure This includes infrastructure changes. software This includes software changes.

Projects

None yet

Milestone

Security

Development

Successfully merging this pull request may close these issues.

2 participants

@danielscholl