Skip to content

✨ Support Application Credential auth #1189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 13, 2022
Merged

✨ Support Application Credential auth #1189

merged 1 commit into from
Apr 13, 2022

Conversation

@apricote
Copy link
Member

@apricote apricote commented Mar 31, 2022
edited
Loading

What this PR does / why we need it:

We currently require an explicit project_id field in the clouds.yaml. This conflicts with the usual fields for Application Credentials, as they already include a scope, and setting another conflicts with that.

In this commit, we instead save the returned project_id from the initial auth api call, and pass it around to all services using the Scope struct.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #1146

Special notes for your reviewer:

  1. Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

/hold

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Mar 31, 2022

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Mar 31, 2022
@netlify
Copy link

netlify bot commented Mar 31, 2022
edited
Loading

Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!

Name Link
🔨 Latest commit d94969e
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-cluster-api-openstack/deploys/6255456cfb329b0009319c35
😎 Deploy Preview https://deploy-preview-1189--kubernetes-sigs-cluster-api-openstack.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Mar 31, 2022
@jichenjc
Copy link
Contributor

jichenjc commented Apr 1, 2022

/test all

jichenjc
jichenjc reviewed Apr 1, 2022
View reviewed changes
mdbooth
mdbooth reviewed Apr 1, 2022
View reviewed changes
@apricote
Copy link
Member Author

apricote commented Apr 6, 2022

/retest

Thanks for the extensive first round of review :) New commit with all requested changes is up.

@apricote apricote marked this pull request as ready for review April 7, 2022 07:11
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 7, 2022
@apricote
Copy link
Member Author

apricote commented Apr 7, 2022

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 7, 2022
@k8s-ci-robot k8s-ci-robot requested a review from jichenjc April 7, 2022 07:11
tobiasgiese
tobiasgiese reviewed Apr 7, 2022
View reviewed changes
@apricote
feat: support application credential auth #1146
d94969e 
We currently require an explicit project_id field in the clouds.yaml.
This conflicts with the usual fields for Application Credentials, as
they already include a scope, and setting another conflicts with that.

In this commit, we instead save the returned project_id from the initial
auth api call, and pass it around to all services using the Scope
struct.
@seanschneeweiss
Copy link
Contributor

seanschneeweiss commented Apr 12, 2022

Nice one.
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 12, 2022
@jichenjc
Copy link
Contributor

jichenjc commented Apr 13, 2022

@apricote not sure it's eligible to add some test cases (with application ID) later on?

/approve

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Apr 13, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: apricote, jichenjc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 13, 2022
@k8s-ci-robot k8s-ci-robot merged commit 3ce2de7 into kubernetes-sigs:main Apr 13, 2022
@apricote apricote deleted the application-credential-support branch April 13, 2022 10:12
@apricote
Copy link
Member Author

apricote commented Apr 13, 2022

@apricote not sure it's eligible to add some test cases (with application ID) later on?

@jichenjc I had a unit test for the getProjectIDFromAuthResult, but couldn't figure out how to mock the token.CreateResult struct, if you have any guidance for that, I would gladly add a test case for this.

In general I would appreciate a test for this, that would probably mean to extend our e2e tests to use an addition clouds.yaml secret that uses application credentials. Are these supported by devstack?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prankul88 prankul88 Awaiting requested review from prankul88

@seanschneeweiss seanschneeweiss Awaiting requested review from seanschneeweiss

@jichenjc jichenjc Awaiting requested review from jichenjc

3 more reviewers

@mdbooth mdbooth mdbooth left review comments

@pierreprinetti pierreprinetti pierreprinetti left review comments

@tobiasgiese tobiasgiese tobiasgiese left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@seanschneeweiss seanschneeweiss

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support application credentials

7 participants

@apricote @k8s-ci-robot @jichenjc @seanschneeweiss @mdbooth @pierreprinetti @tobiasgiese