Architecture doc describing credentials#11837
Conversation
Signed-off-by: Brooke Hamilton <45323234+brooke-hamilton@users.noreply.github.com>
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
There was a problem hiding this comment.
Pull request overview
Updates the architecture documentation set to cover how Radius manages cloud credentials (outbound) and how clients authenticate to a Radius install (inbound), and adds this new doc to the architecture reading list for contributors.
Changes:
- Added a new architecture document,
docs/architecture/credentials.md, describing credential storage, resolution flows, supported auth kinds, and supported cluster topologies. - Updated
docs/architecture/README.mdto referencecredentials.mdand include it in the recommended reading order.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| docs/architecture/README.md | Adds credentials.md to the architecture index and contributor reading order. |
| docs/architecture/credentials.md | New end-to-end credential/auth architecture doc grounded in current code paths and Helm configuration. |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brooke Hamilton <45323234+brooke-hamilton@users.noreply.github.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #11837 +/- ##
=======================================
Coverage 51.95% 51.95%
=======================================
Files 732 732
Lines 46305 46305
=======================================
+ Hits 24057 24059 +2
+ Misses 19949 19948 -1
+ Partials 2299 2298 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
zachcasper
left a comment
zachcasper
left a comment
There was a problem hiding this comment.
Wow, this is an awesome architecture documentation agent that put this together. The content seems comprehensive given the information the agent had. However, a key piece that is missing is how credentials are handled between Radius and Terraform, and Radius and Bicep. There is a lot of detail about how UCP gets the AWS or Azure credentials, but that is almost immaterial to Radius functionality since all resource create/destroy operations pass through Terraform or Bicep.
Radius functional test overviewClick here to see the test run details
Test Status⌛ Building Radius and pushing container images for functional tests... |
# Description
This pull request updates the architecture documentation to include
information about cloud credentials and their management. The main
changes add a new reference to a `credentials.md` document, both in the
list of architecture documents and in the recommended reading order for
new contributors.
Documentation updates:
* Added a reference to `credentials.md` in the main architecture
documentation list, describing how cloud credentials are stored and used
for deployments, and how clients authenticate to a Radius install.
* Updated the recommended reading order for new contributors to include
`credentials.md` before `application-graph.md`.
## Type of change
- This pull request is a minor refactor, code cleanup, test improvement,
or other maintenance task and doesn't change the functionality of Radius
(issue link optional).
Fixes: N/A
## Contributor checklist
Please verify that the PR meets the following requirements, where
applicable:
- An overview of proposed schema changes is included in a linked GitHub
issue.
- [ ] Yes
- [ ] Not applicable
- A design document is added or updated under `eng/design-notes/` in
this repository, if new APIs are being introduced.
- [ ] Yes
- [ ] Not applicable
- The design document has been reviewed and approved by Radius
maintainers/approvers.
- [ ] Yes
- [ ] Not applicable
- A PR for
[resource-types-contrib](https://github.com/radius-project/resource-types-contrib/)
is created, if resource types or recipes are affected by the changes in
this PR.
- [ ] Yes
- [ ] Not applicable
- A PR for [dashboard](https://github.com/radius-project/dashboard/) is
created, if the Radius Dashboard is affected by the changes in this PR.
- [ ] Yes
- [ ] Not applicable
- A PR for the [documentation
repository](https://github.com/radius-project/docs) is created, if the
changes in this PR affect the documentation or any user facing updates
are made.
- [ ] Yes
- [ ] Not applicable
---------
Signed-off-by: Brooke Hamilton <45323234+brooke-hamilton@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Reshma Abdul Rahim <reshmarahim.abdul@microsoft.com>
Description
This pull request updates the architecture documentation to include information about cloud credentials and their management. The main changes add a new reference to a
credentials.mddocument, both in the list of architecture documents and in the recommended reading order for new contributors.Documentation updates:
credentials.mdin the main architecture documentation list, describing how cloud credentials are stored and used for deployments, and how clients authenticate to a Radius install.credentials.mdbeforeapplication-graph.md.Type of change
Fixes: N/A
Contributor checklist
Please verify that the PR meets the following requirements, where applicable:
eng/design-notes/in this repository, if new APIs are being introduced.