[VCDA-3475] fix authentication issue with system admin refresh tokens by implementing fallback #116
Conversation
…tem org user Signed-off-by: Aniruddha Shamasundar <[email protected]>
Signed-off-by: Aniruddha Shamasundar <[email protected]>
Signed-off-by: Aniruddha Shamasundar <[email protected]>
There was a problem hiding this comment.
Reviewed 9 of 9 files at r1.
Reviewable status: 8 of 9 files reviewed, 2 unresolved discussions (waiting on @Anirudh9794, @arunmk, and @sahithi)
pkg/config/cloudconfig.go line 124 at r1 (raw file):
return nil, fmt.Errorf("Unable to decode yaml file: [%v]", err) } //config.VCD.Host = strings.TrimRight(config.VCD.Host, "/")
why is this commented out?
pkg/vcdcapiclient/defined_entity.go line 1 at r1 (raw file):
package vcdcapiclient
I am guessing this is extra content?
Signed-off-by: Aniruddha Shamasundar <[email protected]>
There was a problem hiding this comment.
Reviewable status: 6 of 9 files reviewed, 2 unresolved discussions (waiting on @Anirudh9794, @arunmk, and @sahithi)
pkg/config/cloudconfig.go line 124 at r1 (raw file):
Previously, arunmk (Arun M. Krishnakumar) wrote…
why is this commented out?
I missed removing this line before sending out the PR. Will remove the line
|
Previously, arunmk (Arun M. Krishnakumar) wrote…
Yes, I deleted this file |
There was a problem hiding this comment.
Reviewable status: 6 of 9 files reviewed, 3 unresolved discussions (waiting on @Anirudh9794 and @arunmk)
pkg/vcdclient/auth.go line 51 at r3 (raw file):
// NOTE: for a system admin user using refresh token, the userOrg will still be tenant org. // try setting authentication as a system org user err = vcdClient.SetToken("system",
Shouldn't the order be another way around? First, attempt with the tenant org and then use the system.
regardless, it shouldn't matter.
There was a problem hiding this comment.
This code will go to common CPI, right?
Reviewable status: 6 of 9 files reviewed, 3 unresolved discussions (waiting on @Anirudh9794 and @arunmk)
|
This is already in CPI common library. |
There was a problem hiding this comment.
Reviewable status: 6 of 9 files reviewed, 3 unresolved discussions (waiting on @arunmk and @sahithi)
pkg/vcdclient/auth.go line 51 at r3 (raw file):
Previously, sahithi (Sahithi Ayloo) wrote…
Shouldn't the order be another way around? First, attempt with the tenant org and then use the system.
regardless, it shouldn't matter.
Done
… by implementing fallback (vmware#116) * Implement fallback approach to authenticate with refresh token as system org user Signed-off-by: Aniruddha Shamasundar <[email protected]> * Fix authentication test cases in CAPVCD Signed-off-by: Aniruddha Shamasundar <[email protected]> * deleted accidentally committed file Signed-off-by: Aniruddha Shamasundar <[email protected]> * Address review comment Signed-off-by: Aniruddha Shamasundar <[email protected]> (cherry picked from commit d08db02)
…s not provided (#119) * [VCDA-3475] fix authentication issue with system admin refresh tokens by implementing fallback (#116) * Implement fallback approach to authenticate with refresh token as system org user Signed-off-by: Aniruddha Shamasundar <[email protected]> * Fix authentication test cases in CAPVCD Signed-off-by: Aniruddha Shamasundar <[email protected]> * deleted accidentally committed file Signed-off-by: Aniruddha Shamasundar <[email protected]> * Address review comment Signed-off-by: Aniruddha Shamasundar <[email protected]> (cherry picked from commit d08db02) * formatting changes Signed-off-by: Aniruddha Shamasundar <[email protected]>
when authenticating using refresh token, follow the following steps
authenticate as a system org user
if the above step fails, authenticate as a tenant user
this PR also fixes authentication based tests which were broken
This change is