Add linking service and Vault JWT issuer framework components#2522
Add linking service and Vault JWT issuer framework components#2522prashantkumar1982 wants to merge 1 commit intomainfrom
Conversation
|
👋 prashantkumar1982, thanks for creating this pull request! To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team. Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks! |
gustavogama-cll
requested review from
skudasov
and removed request for
gustavogama-cll
prashantkumar1982
force-pushed
the
codex/linking-jwt-issuer-components
branch
from
7c96dfd to
7723d1e
Compare
|
|
||
| const ( | ||
| DEFAULT_STACK_NAME = "chip-ingress" | ||
| stackStartupTimeout = 5 * time.Minute |
There was a problem hiding this comment.
why do we need such long startup timeout?
There was a problem hiding this comment.
reverted back to 2 mins
| ) | ||
|
|
||
| const ( | ||
| DefaultImage = "local-cre-linking-service:latest" |
There was a problem hiding this comment.
let's avoid using mutable tags as that has bitten us more than once, which in this case means we can't have a default image or that we pin it to an immutable tag
| "framework": "ctf", | ||
| "logging": "promtail", | ||
| } | ||
| } |
There was a problem hiding this comment.
we already have a function for that in framework/docker.go called DefaultTCLabels()
| return nil | ||
| } | ||
|
|
||
| const defaultNetworkName = "ctf" |
There was a problem hiding this comment.
we have a constant for that in framework/config.go, unless you want to avoid depending on framework?
| ) | ||
|
|
||
| const ( | ||
| DefaultImage = "local-cre-vault-jwt-issuer:latest" |
There was a problem hiding this comment.
same, let's not use mutable tags
|
|
||
| COPY --from=build /out/vault-jwt-issuer /vault-jwt-issuer | ||
| EXPOSE 18123 | ||
| ENTRYPOINT ["/vault-jwt-issuer"] |
There was a problem hiding this comment.
would be great to have a single smoke test for each component here on the CTF side similar to framework/examples/chip_ingress/smoke_chip_ingress_test.go
There was a problem hiding this comment.
Added:
linkingservice_smoke_test.go (line 18)
vaultjwtissuer_smoke_test.go (line 16)
prashantkumar1982
force-pushed
the
codex/linking-jwt-issuer-components
branch
from
73f2f98 to
6a64766
Compare
| run: | | ||
| mkdir -p "$RUNNER_TEMP/bin" | ||
| GOBIN="$RUNNER_TEMP/bin" go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.5 | ||
| echo "$RUNNER_TEMP/bin" >> "$GITHUB_PATH" |
There was a problem hiding this comment.
curious: why is this needed?
| } | ||
| } | ||
|
|
||
| func ApplyImageOverride(in *Input) string { |
There was a problem hiding this comment.
why does it need to be public? I think it makes more sense to have it private and run it inside NewWithContext, so that callers, like chainlink/local CRE do not need to be aware that they should run this override func
| return signToken(c.privateKey, claims) | ||
| } | ||
|
|
||
| func NormalizeIssuerURL(raw string) string { |
There was a problem hiding this comment.
why does it have to be public?
2 participants
Summary
framework/components/linkingservicecomponent with a Docker image, gRPC server, and runtime helpers so tests can use a first-class, reusable linking service managed by the framework instead of repo-local ad hoc mocks.framework/components/vaultjwtissuercomponent with a Docker image, JWKS/OpenID HTTP server, and JWT helper APIs so Vault-style JWT flows can run against a Dockerized support service that is owned by the framework lifecycle.golangci-lintbinary built with a Go version compatible with the framework module. This was needed because the framework module now resolves togo 1.25.0, which the old lint binary could not target.