Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add OPA support #573

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

feat: Add OPA support #573

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
57af236
test: Add integration test for OPA
siegfriedweber Nov 29, 2024
ca569de
test: Extend the OPA test
siegfriedweber Jan 8, 2025
daf0a53
feat: Allow the configuration of OPA
siegfriedweber Jan 15, 2025
6f1b2e1
chore: Update changelog
siegfriedweber Jan 17, 2025
f05cb94
chore: Run pre-commit hook
siegfriedweber Jan 17, 2025
839b582
chore: Update operator-rs
siegfriedweber Jan 20, 2025
731a5ba
Merge branch 'main' into feat/opa
siegfriedweber Jan 28, 2025
a366241
test(opa): Remove unnecessary test scripts
siegfriedweber Jan 28, 2025
935824c
docs: Document the authorization with OPA
siegfriedweber Jan 29, 2025
fa7f8d8
chore: Upgrade stackable-operator to version 0.86.0
siegfriedweber Jan 30, 2025
e50d8c7
docs: Extend the OPA documentation
siegfriedweber Jan 30, 2025
fdd62d9
chore: Merge branch 'main' into feat/opa
siegfriedweber Jan 30, 2025
dfd343c
chore: Regenerate charts
siegfriedweber Jan 30, 2025
2d5dabe
chore: Merge branch 'main' into feat/opa
siegfriedweber Feb 3, 2025
7b223f5
docs: Fix link
siegfriedweber Feb 3, 2025
79628d5
test: Remove custom image from the test definitions
siegfriedweber Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

- Run a `containerdebug` process in the background of each Airflow container to collect debugging information ([#557]).
- Aggregate emitted Kubernetes events on the CustomResources ([#571]).
- Add OPA support ([#573]).

### Changed

Expand All @@ -14,6 +15,7 @@
[#557]: https://github.com/stackabletech/airflow-operator/pull/557
[#571]: https://github.com/stackabletech/airflow-operator/pull/571
[#572]: https://github.com/stackabletech/airflow-operator/pull/572
[#573]: https://github.com/stackabletech/airflow-operator/pull/573

## [24.11.1] - 2025-01-09

Expand Down
10 changes: 5 additions & 5 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 9 additions & 9 deletions Cargo.nix
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
serde_yaml = "0.9"
snafu = "0.8"
stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.85.0" }
stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.86.0" }
strum = { version = "0.26", features = ["derive"] }
tokio = { version = "1.40", features = ["full"] }
tracing = "0.1"
Expand Down
6 changes: 3 additions & 3 deletions crate-hashes.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

36 changes: 36 additions & 0 deletions deploy/helm/airflow-operator/crds/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -492,6 +492,42 @@ spec:
- authenticationClass
type: object
type: array
authorization:
description: Authorization options. Learn more in the [Airflow authorization usage guide](https://docs.stackable.tech/home/nightly/airflow/usage-guide/security#_authorization).
nullable: true
properties:
opa:
description: Configure the OPA stacklet [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery) and the name of the Rego package containing your authorization rules. Consult the [OPA authorization documentation](https://docs.stackable.tech/home/nightly/concepts/opa) to learn how to deploy Rego authorization rules with OPA.
nullable: true
properties:
cache:
default:
entryTimeToLive: 30s
maxEntries: 10000
description: Least Recently Used (LRU) cache with per-entry time-to-live (TTL) value.
properties:
entryTimeToLive:
default: 30s
description: Time to live per entry
type: string
maxEntries:
default: 10000
description: Maximum number of entries in the cache; If this threshold is reached then the least recently used item is removed.
format: uint32
minimum: 0.0
type: integer
type: object
configMapName:
description: The [discovery ConfigMap](https://docs.stackable.tech/home/nightly/concepts/service_discovery) for the OPA stacklet that should be used for authorization requests.
type: string
package:
description: The name of the Rego package containing the Rego rules for the product.
nullable: true
type: string
required:
- configMapName
type: object
type: object
credentialsSecret:
description: The name of the Secret object containing the admin user credentials and database connection details. Read the [getting started guide first steps](https://docs.stackable.tech/home/nightly/airflow/getting_started/first_steps) to find out more.
type: string
Expand Down
Loading