Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-2473

Argo CD `spec` and `status` changes to complete SSO unificiation

XMLWordPrintable

    • 8
    • False
    • None
    • False
    • SECFLOWOTL-109 - GitOps Operator Code Redesign
    • Hide
      In gitops-operator v1.10, the deprecated sso & dex fields have been removed from ArgoCD CR
          - The `.spec.sso.image`, `.spec.sso.version`, `.spec.sso.resources`, and `.spec.sso.verifyTLS` fields for keycloak SSO configurations have been removed. Please use the equivalent fields under `.spec.sso.keycloak` to configure your keycloak instance.
          - The `.spec.dex` fields, along with `DISABLE_DEX` environment variable, have been removed. Please use `.spec.sso.dex` instead.
      In addition, the `.status.dex` and `.status.ssoConfig` fields have been removed, and a new status field, `.status.sso`, has been introduced. This new field reflects the workload status of the SSO provider (dex/keycloak) configured via the `.spec.sso.provider` field.

      !!!important
      Breaking change: With this update, the `.spec.dex`, `.spec.sso.image`, `.spec.sso.version`, `.spec.sso.resources` and `.spec.sso.verifyTLS` fields have been removed from ArgoCD CR. To configure dex/keycloak SSO, please utilize the equivalent fields under .spec.sso.
      Show
      In gitops-operator v1.10, the deprecated sso & dex fields have been removed from ArgoCD CR     - The `.spec.sso.image`, `.spec.sso.version`, `.spec.sso.resources`, and `.spec.sso.verifyTLS` fields for keycloak SSO configurations have been removed. Please use the equivalent fields under `.spec.sso.keycloak` to configure your keycloak instance.     - The `.spec.dex` fields, along with `DISABLE_DEX` environment variable, have been removed. Please use `.spec.sso.dex` instead. In addition, the `.status.dex` and `.status.ssoConfig` fields have been removed, and a new status field, `.status.sso`, has been introduced. This new field reflects the workload status of the SSO provider (dex/keycloak) configured via the `.spec.sso.provider` field. !!!important Breaking change: With this update, the `.spec.dex`, `.spec.sso.image`, `.spec.sso.version`, `.spec.sso.resources` and `.spec.sso.verifyTLS` fields have been removed from ArgoCD CR. To configure dex/keycloak SSO, please utilize the equivalent fields under .spec.sso.
    • Removed Functionality
    • GITOPS Sprint 236, GITOPS Sprint 237, GITOPS Sprint 239, GITOPS Sprint 240

      Story (Required)

      As a user of Argo CD/ GitOps operator I would like to have unified configuration and status tracking for SSO providers

      Background (Required)

      This is the final step in completing the SSO unification story.

      Currently our operator supports 2 SSO providers - Dex and RHSSO. We have unified their configuration under `.spec.sso` while continuing to support legacy configuration fileds like `.spec.dex` and older fields in `.spec.sso` for keycloak. In the `.status` filed of the CR we still track only `.status.dex` and we have a separate `.status.ssoConfig` to track status of SSO configuration (if misconfigured or not). 

      In v1.9.0 we should remove `.spec.dex` and the older `.spec.sso` fields to support keycloak config. All SSO config must be done thorugh `.spec.sso.provider` and leverage `.spec.sso.dex` or `.spec.sso.keycloak` for configuration. We should 
      update `.status` to remove `.status.dex` and `.status.ssoConfig` to unify them under `.status.sso`. This would reflect the workload status of whichever SSO provider is configured (dex/rhsso) as only one of the 2 can be configured at a given time once `.spec` is updated to be truly unified. 

      This will help streamline the SSO user experience for configuration and tracking of workloads. It will also include tracking for RHSSO/keycloak workloads which currently does not exist in the operator.

      NOTE: These will be breaking changes to the CRD

      Out of scope

      Introducing a dedicated status for RHSSO workload

      Approach (Required)

      1. Remove deprecated fields from Argo CD CR spec
      2. Remove `.status.dex` and `.status.ssoConfig`
      3. Update operator reconciliation logic to remove additional checks and balances to simplify code a lot (only focus on `.spec.sso`)
      4. Update status reconciliation logic to track `.status.sso` accurately for keycloak and dex depending on what is enabled
      5. Update workload status metrics to remove dex tracker and add SSO tracker 
      6. Remove deprecation event warnings that are emitted for SSO fields
      7. Update unit and e2e tests 

      Dependencies

      none

      Acceptance Criteria (Mandatory)

      1. Argo CD CR should be updated with new spec and status
      2. workload tracking metrics should be updated
      3. deprecation event should not be emitted anymore
      4. Operator logic should be simplified 

      INVEST Checklist

      Dependencies identified

      Blockers noted and expected delivery timelines set

      Design is implementable

      Acceptance criteria agreed upon

      Story estimated

      Legend

      Unknown

      Verified

      Unsatisfied

      Done Checklist

      • Code is completed, reviewed, documented and checked in
      • Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
      • Continuous Delivery pipeline(s) is able to proceed with new code included
      • Customer facing documentation, API docs etc. are produced/updated, reviewed and published
      • Acceptance criteria are met

              rh-ee-sghadi Siddhesh Ghadi
              jrao@redhat.com Jaideep Rao
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: