-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to pass security token through token_secret in DC/OS #943
Add support to pass security token through token_secret in DC/OS #943
Conversation
a213398
to
a4f3e13
Compare
a4f3e13
to
fd9f7cd
Compare
api/server/docker.go
Outdated
} | ||
|
||
// get token secret | ||
secret, context, ok := d.GetTokenSecretFromString(request.Name) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check if request.Opts has a api.TokenSecret ?
api/server/docker.go
Outdated
// get token secret | ||
secret, context, ok := d.GetTokenSecretFromString(request.Name) | ||
if ok && d.secretsStore != nil { | ||
token, err := d.secretsStore.GetToken(secret, context) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should return an error when secret store is not initialized, but a token_secret was provided. In this way the user would get the correct error.
In the current format, user would get "not authorized" error instead of "secret store not initialized"
api/server/docker.go
Outdated
if ok && d.secretsStore != nil { | ||
token, err := d.secretsStore.GetToken(secret, context) | ||
if err != nil { | ||
return ctx, "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same comment as above
api/server/docker.go
Outdated
"authorization": "bearer " + token, | ||
}) | ||
return metadata.NewOutgoingContext(ctx, md), token | ||
// get token secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: moving the GetTokenFromString and GetTokenSecretFromString to addTokenMetadata function, will reduce code duplication
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ended up adding a parseTokenInput
that's shared by attachTokenMount
and attachToken
to reduce code duplication
8a8c9b8
to
20392bc
Compare
Addressed PR comments @adityadani |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Signed-off-by: Grant Griffiths <[email protected]>
ecea611
to
f349860
Compare
Signed-off-by: Grant Griffiths [email protected]
What this PR does / why we need it:
Which issue(s) this PR fixes (optional)
Closes #928
Special notes for your reviewer: