From afe80dd6d4a3a0e6447c7324e4fcbeffc4d55e70 Mon Sep 17 00:00:00 2001 From: Emanuele Libralato Date: Thu, 17 Sep 2020 10:33:02 +0200 Subject: [PATCH] feat(enterprise): enable authentication via ci-tokens --- core/src/enterprise/auth.ts | 5 ++++- core/src/enterprise/secrets/garden/get-secret.ts | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/core/src/enterprise/auth.ts b/core/src/enterprise/auth.ts index 8e326b82d1..c89ff2f21f 100644 --- a/core/src/enterprise/auth.ts +++ b/core/src/enterprise/auth.ts @@ -20,7 +20,10 @@ import { got } from "../util/http" import { RuntimeError, InternalError } from "../exceptions" import { gardenEnv } from "../constants" -export const authTokenHeader = "x-access-auth-token" +// If a GARDEN_AUTH_TOKEN is present and Garden is NOT running from a workflow runner pod, +// switch to ci-token authentication method. +export const authTokenHeader = + gardenEnv.GARDEN_AUTH_TOKEN && !gardenEnv.GARDEN_GE_SCHEDULED ? "x-ci-token" : "x-access-auth-token" export const makeAuthHeader = (clientAuthToken: string) => ({ [authTokenHeader]: clientAuthToken }) // TODO: Add error handling and tests for all of this diff --git a/core/src/enterprise/secrets/garden/get-secret.ts b/core/src/enterprise/secrets/garden/get-secret.ts index 854747c0c7..ec83e50727 100644 --- a/core/src/enterprise/secrets/garden/get-secret.ts +++ b/core/src/enterprise/secrets/garden/get-secret.ts @@ -9,6 +9,7 @@ import { got, GotResponse } from "../../../util/http" import { GetSecretsParams } from ".." import { StringMap } from "../../../config/common" +import { authTokenHeader } from "../../auth" export async function getSecretsFromGardenCloud({ log, @@ -19,7 +20,7 @@ export async function getSecretsFromGardenCloud({ }: GetSecretsParams): Promise { try { const url = `${enterpriseDomain}/secrets/projectUid/${projectId}/env/${environmentName}` - const headers = { "x-access-auth-token": clientAuthToken } + const headers = { [authTokenHeader]: clientAuthToken } const res = await got(url, { headers }).json>() if (res && res["status"] === "success") { return res["data"]