Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: refactor container authenticator with recent design changes #129

Merged
merged 6 commits into from
Aug 4, 2021

Conversation

padamstx
Copy link
Member

@padamstx padamstx commented Aug 3, 2021

This PR contains several changes to the authenticator formerly known as ComputeResourceAuthenticator:

  • it has been renamed to ContainerAuthenticator
  • it now implements only the IKS file-based cr token use-case (the parts related to the VPC use-case were removed)
  • the authenticator's traditional ctor function was re-designed into a "builder"
  • documentation updated to reflect latest changes

This commit removes the aspects of the new ComputeResourceAuthenticator
related to the VPC/VSI use-case.  We're doing this due to some changes
in the design of that use-case.
With these changes, the ComputeResourceAuthenticator will support
only the IKS file-based use-case.
@@ -278,39 +278,12 @@ The IAM access token is added to each outbound request in the `Authorization` he
Authorization: Bearer <IAM-access-token>
```

### Compute Resource Token Retrieval Algorithm
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to go into any detail about how the cr token is retreived since it's just read from a file.

@padamstx padamstx requested review from dpopp07 and pyrooka August 3, 2021 22:19
Copy link
Member

@pyrooka pyrooka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

Comment on lines +33 to +38
containerAuthMockCRTokenFile string = "../resources/cr-token.txt"
containerAuthMockIAMProfileName string = "iam-user-123"
containerAuthMockIAMProfileID string = "iam-id-123"
containerAuthMockClientID string = "client-id-1"
containerAuthMockClientSecret string = "client-secret-1"
containerAuthTestCRToken1 string = "cr-token-1"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question: wouldn't be better to rename the cr-token to simply token or container-token?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good question. I know we've already messed with the naming plenty 🙂 but it's probably worth considering now that we've dropped the "compute resource" nomenclature from the user-facing code. This might apply to the CRTokenFilename property as well.

You do explain in the documentation that the token is a "compute resource token", so I think it's fine as is, but worth considering the simpler naming.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to distinguish between the "cr token" and the "access token", hence the use of "cr token". Even though we're now calling this the ContainerAuthenticator, the "token" is still considered to be a "compute resource token" (and that name can also be used in the VPCInstanceAuthenticator when we add that in as well).
If you guys are ok with it, I'd like to keep the current nomenclature ("cr token", "CRTokenFilename", etc.).

Copy link
Member

@pyrooka pyrooka Aug 4, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense so it's ok for me.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds good to me too 👍

Copy link
Member

@dpopp07 dpopp07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I just left one comment jumping on Norbert's question to get a little discussion there, but the changes look good to me

Comment on lines +33 to +38
containerAuthMockCRTokenFile string = "../resources/cr-token.txt"
containerAuthMockIAMProfileName string = "iam-user-123"
containerAuthMockIAMProfileID string = "iam-id-123"
containerAuthMockClientID string = "client-id-1"
containerAuthMockClientSecret string = "client-secret-1"
containerAuthTestCRToken1 string = "cr-token-1"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good question. I know we've already messed with the naming plenty 🙂 but it's probably worth considering now that we've dropped the "compute resource" nomenclature from the user-facing code. This might apply to the CRTokenFilename property as well.

You do explain in the documentation that the token is a "compute resource token", so I think it's fine as is, but worth considering the simpler naming.

@padamstx padamstx merged commit 58d4475 into main Aug 4, 2021
@padamstx padamstx deleted the crauth-remove-vpc branch August 4, 2021 16:28
ibm-devx-sdk pushed a commit that referenced this pull request Aug 4, 2021
## [5.6.2](v5.6.1...v5.6.2) (2021-08-04)

### Bug Fixes

* refactor container authenticator with recent design changes ([#129](#129)) ([58d4475](58d4475))
@ibm-devx-sdk
Copy link

🎉 This PR is included in version 5.6.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants