gatekeeper | Gatekeeper : An Authentication & Authorization Library | Authorization library

So I figured out my own issue. One of the reasons this wasn't working is because the file name I had for the host yaml was different from what I defined in the host file. For example:

I was finally able to resolve my issue with some updates to my yaml definition files.

Assuming you have a kubernetes cluster installed v1.23.1 with kubeadm on Ubuntu 20.04 and setup networking with flannel networking --pod-network-cidr=10.244.0.0/16. Also you have the keycloak oidc service setup (image - quay.io/keycloak/keycloak:16.1.0). Here are the updated yml definition files which helped me to resolve this issue.

Ingress controller applied -

This is not possible you only have access to the raw form data. For a single selection the gatekeeper value contains only the id of the selected element. Not any data of the element behind this element.

All data you have access to it, you see in save (POST/PUT) request of the form.

The only thing which is possible would be using resource_store_properties_to_request to filter the result of your data_selection by the gatekeeper id, this requires that your data api need to keep the gatekeeper parameter in mind to filter by it:

Edit: As pointed out, by @user2390182 and @TedKleinBergman, the usage of assert in the first place is arguably a bigger thing to consider than whether an else is useful when the logic doesn't allow it to get there. However, I assume here that you have decided to use assert yourself, and will be using it in a way that respects the assert consistently.

Facts:
As drinks always has to be an element of your list, as long as you always have an elif allocated for each item in the list, you will never reach an else and therefore it is unnecessary.

Opinion:
It terms of correct practice what to do in this situation, it's really down to personal choice. The online consensus is often "less code is better" but if it makes your code clearer, or if you're likely to be changing the list of drinks often, it may make more sense to add it as a catch all, to stop anything breaking during your development. As with a lot of decisions like this, you have to take it on a case by case basis, and decide which you think is better in this situation.

You have everything in the error: the cookie is set to secure but your redirection url is non-tls (http protocol is non-tls protocol, so you need https protocol there).

There is default value secure-cookie: true, which is not compatible with your config redirection-url: http://localhost:8084/*.

You have 2 options:

1.) Configure TLS for your app, then you can have redirection-url: https://localhost:8084/*

2.) Disable secure cookie secure-cookie: false

Option 1 is better and more secure, because OIDC protocol requires TLS (you should to have TLS also for the Keycloak).

I was able to resolve this, the problem was that I was using mode: "All" and needed to change it to mode = "Microsoft.Kubernetes.Data" for these to work

You should abandon this approach of trying to use dispatch group to make an inherently asynchronous API behave synchronously. In general, you would be well advised to simply avoid the use of wait at all (whether dispatch groups or semaphores or whatever). The wait method is inherently inefficient (it blocks one of the very limited worker threads) and should only be used by background queues, if you really need it, which is not the case here.

But if you block the main thread on mobile platforms, methods that do not respond immediately and are synchronous can result in a very poor UX (the app will freeze during this synchronous method) and, worse, the OS watchdog process might even terminate your app if you do this at the wrong time.

You are calling asynchronous methods, so your methods should employ asynchronous patterns, too. E.g. rather than trying to return the value, give your method an @escaping closure parameter, and call that closure when the network request is done.

Consider getResults: You already employ a Result<(JSON, Int), Error> there. So let us use that as our closure’s parameter type:

There is no quarantining flag for a CLI app downloaded with curl. Home-brew, uses UNIX core tools to download the bottles, and thus they don't have this flag set.

Next home-brew also ad-hoc signs binaries.

Don't confuse code sign with notarisation.

Notarisation is where Apple vouches for software signed with a dev cert private key.

They cannot notarise ad-hoc signed software (like home-brew bottles) by definition.

Now when my executable is NOT notarized it terminates with "Killed: 9", regardless if there's a quarantine attribute or not.

This is happening, I would speculate because the binary here isnt ad-hoc signed. Nothing to do with notarisation.

I bet you are on Apple Silicon right?

This seems like a bug. Incredibly, it's mentioned in the video (at 6:40), but not in the docs. It's also not actually written anywhere on the video. Wonderful.

You need to open a terminal on the machine with kubectl installed, then run: