feat: introduce new container authenticator #140
Conversation
| @@ -1,9 +1,10 @@ | |||
| # Authentication | |||
| The java-sdk-core project supports the following types of authentication: | |||
| - Basic Authentication | |||
| - Bearer Token | |||
There was a problem hiding this comment.
Some of the changes to this document are to track more closely the Go core version.
| @@ -421,7 +421,8 @@ public IamToken requestToken() { | |||
| // Form a POST request to retrieve the access token. | |||
| RequestBuilder builder = RequestBuilder.post(RequestBuilder.resolveRequestUrl(this.getURL(), OPERATION_PATH)); | |||
|
|
|||
| // Now add the Content-Type and (optionally) the Authorization header to the token server request. | |||
| // Now add the Accept, Content-Type and (optionally) the Authorization header to the token server request. | |||
| builder.header(HttpHeaders.ACCEPT, HttpMediaType.APPLICATION_JSON); | |||
There was a problem hiding this comment.
I noticed that we weren't previously setting the Accept header on outbound IAM get-token requests, so added that here. Apparently the IAM server doesn't care, but... :)
| @@ -80,4 +91,44 @@ protected static MockResponse jsonResponse(Object body) { | |||
| protected static MockResponse errorResponse(int statusCode) { | |||
| return new MockResponse().setResponseCode(statusCode); | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Added a couple of utility methods to this test base class to be used by the authenticator tests.
| @@ -45,37 +50,52 @@ | |||
| Map<String, String> env = new HashMap<>(); | |||
| env.put("SERVICE_1_URL", "https://service1/api"); | |||
| env.put("SERVICE_1_DISABLE_SSL", "true"); | |||
| env.put("SERVICE2_URL", "https://service2/api"); | |||
There was a problem hiding this comment.
Just consolidated some auth-related properties with their corresponding service-level properties, organized by service.
| @@ -201,6 +278,12 @@ public void testEnvCredentialsService1() { | |||
| Authenticator auth = ConfigBasedAuthenticatorFactory.getAuthenticator("service-1"); | |||
| assertNotNull(auth); | |||
| assertEquals(Authenticator.AUTHTYPE_IAM, auth.authenticationType()); | |||
| IamAuthenticator iamAuth = (IamAuthenticator) auth; | |||
There was a problem hiding this comment.
Noticed that we weren't doing much checking for the IAM and CP4D authenticators here so added some extra validation.
This commit introduces the new ContainerAuthenticator class, along with associated tests and documentation. The ContainerAuthenticator implements the authentication flow to be used in IKS-managed compute resources where a secure compute resource token has been injected into the local file system by the IKS compute resource provider. The authenticator will read the cr token, then use it to obtain an IAM access token by invoking the IAM "get token" operation with grant-type "cr-token".
padamstx
force-pushed
the
container-auth
branch
from
b82f326 to
3a51206
Compare
| @@ -464,15 +463,6 @@ public void testApiErrorResponse() throws Throwable { | |||
| } | |||
| } | |||
|
|
|||
| // Verify the Authorization header in the specified request builder. | |||
There was a problem hiding this comment.
Moved this to the base class.
# [9.12.0](9.11.1...9.12.0) (2021-08-10) ### Features * introduce new container authenticator ([#140](#140)) ([d6b455b](d6b455b))
|
🎉 This PR is included in version 9.12.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This commit introduces the new ContainerAuthenticator class,
along with associated tests and documentation.
The ContainerAuthenticator implements the authentication flow
to be used in IKS-managed compute resources where a secure compute resource token
has been injected into the local file system by the IKS compute resource provider.
The authenticator will read the cr token, then use it to obtain an IAM access token
by invoking the IAM "get token" operation with grant-type "cr-token".