Merge branch 'develop' into embeddedcerts

GrahamDumpleton · Feb 16, 2024 · 4b93ad9 · 4b93ad9
2 parents 1d3ca31 + 5fcae49
commit 4b93ad9
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 9 deletions.
diff --git a/carvel-packages/training-platform/bundle/config/06-secrets.yaml b/carvel-packages/training-platform/bundle/config/06-secrets.yaml
@@ -52,7 +52,6 @@ kind: Secret
 metadata:
   name: #@ "{}-ca".format(data.values.clusterIngress.domain)
   namespace: #@ data.values.operator.namespace
-type: kubernetes.io/tls
 data:
   ca.crt: #@ base64.encode(ingress_ca_certificate)
 #@ end

diff --git a/project-docs/release-notes/version-2.7.0.md b/project-docs/release-notes/version-2.7.0.md
@@ -197,3 +197,11 @@ Bugs Fixed
   This issue was inadvertantly added when support was added for supplying the
   TLS wildcard certificate and CA secrets as actual secrets rather than
   embedded in the data values file.
+
+* The generated CA secret was incorrectly setting the secret type to
+  `kubernetes.io/tls` which resulted in Kubernetes rejecting it as it didn't
+  contain `tls.crt` and `tls.key` data attributes as required by Kubernetes
+  for that type of secret. Secret type should have been left as default generic
+  opaque data secret. This issue was inadvertantly introduced when support was
+  added for providing the CA secret as an actual secret rather than being
+  enmbedded in the data values file when deploying Educates.
diff --git a/session-manager/requirements.txt b/session-manager/requirements.txt
@@ -4,4 +4,4 @@ aiohttp==3.9.2
 PyYAML==6.0.1
 pykube-ng==23.6.0
 wrapt==1.15.0
-cryptography==41.0.7
+cryptography==42.0.0
diff --git a/training-portal/requirements.txt b/training-portal/requirements.txt
@@ -1,5 +1,5 @@
 mod_wsgi==5.0.0
-Django==4.2.8
+Django==4.2.10
 django-registration==3.4
 django-crispy-forms==2.1
 crispy-bootstrap5==2023.10

diff --git a/workshop-images/base-environment/opt/gateway/src/backend/modules/access.ts b/workshop-images/base-environment/opt/gateway/src/backend/modules/access.ts
@@ -151,7 +151,7 @@ function register_oauth_callback(app: express.Application, oauth2_config: any, o
 
             return res.redirect(next_url)
         } catch (error) {
-            logger.error('Unexpected error occurred', error.message)
+            logger.error('Unexpected error occurred', { error: error.message })
 
             return res.status(500).json("Authentication failed")
         }
@@ -284,30 +284,30 @@ export async function setup_access(app: express.Application): Promise<any> {
 // we just log it and return without failing. This will result in higher
 // level function needing the access token to fail instead.
 
-const EXPIRATION_WINDOW_IN_SECONDS = 15*60
+const EXPIRATION_WINDOW_IN_SECONDS = 15 * 60
 
 export async function check_for_access_token_expiry(session: any, oauth2_client: any) {
     let access_token = oauth2_client.createToken(JSON.parse(session.token))
 
-    function expiring() : boolean {
+    function expiring(): boolean {
         return access_token.token.expires_at - (Date.now() + EXPIRATION_WINDOW_IN_SECONDS * 1000) <= 0
     }
 
     if (expiring()) {
         try {
-            logger.debug("Refreshing accessing token", {token: access_token})
+            logger.debug("Refreshing accessing token", { token: access_token })
 
             let refresh_params = {
                 scope: "user:info"
             }
 
             access_token = await access_token.refresh(refresh_params)
 
-            logger.debug("Refreshed access token", {token: access_token})
+            logger.debug("Refreshed access token", { token: access_token })
 
             session.token = JSON.stringify(access_token)
         } catch (error) {
-            logger.error("Error refreshing access token", { message: error.message })
+            logger.error("Error refreshing access token", { error: error.message })
         }
     }
 }