Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(VpcInstanceAuthenticator): add support for new VPC authentication flow #172

Merged
merged 17 commits into from
Nov 8, 2021
Merged

feat(VpcInstanceAuthenticator): add support for new VPC authentication flow #172

merged 17 commits into from
Nov 8, 2021

Conversation

dpopp07
Copy link
Member

@dpopp07 dpopp07 commented Oct 20, 2021
edited
Loading

This commit introduces the VpcInstanceAuthenticator.
This authenticator implements the authentication flow
within a VPC-managed compute resource that is configured to
use the compute resource identity feature.
This involves the use of the compute resource's local
VPC Instance Metadata Service API to retrieve an instance identity
token, and then exchange that token for an IAM access token.
The IAM access token is then used to authenticate outbound REST
API requests by adding an Authorization containing the access token.

Checklist
  • npm test passes (tip: npm run lint-fix can correct most style issues)
  • tests are included
  • documentation is changed or added

@dpopp07 dpopp07 requested review from pyrooka and padamstx October 20, 2021 21:09
@dpopp07 dpopp07 force-pushed the dp/vpc-authenticator branch 2 times, most recently from ef45f0b to e41e6d4 Compare October 20, 2021 22:03
padamstx
padamstx requested changes Oct 21, 2021
View reviewed changes
Copy link
Member

@padamstx padamstx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall. I pointed out a few minor things to fix, plus we should discuss whether to include/exclude the disableSslVerification and headers properties.
Also, I noticed that we don't do any testing with an actual JWT-based access token to test things like the expiration of a token or the need to acquire a new one within the "refresh window", etc.
But I noticed that we do that in the iam token manager and jwt token manager tests. I guess that would be sufficient since we're inheriting that functionality (jwt-token-manager) into the vpc-token-manager.

Authentication.md Outdated Show resolved Hide resolved
Authentication.md Outdated Show resolved Hide resolved
Authentication.md Outdated Show resolved Hide resolved
auth/authenticators/vpc-instance-authenticator.ts Outdated Show resolved Hide resolved
auth/token-managers/vpc-instance-token-manager.ts Outdated Show resolved Hide resolved
auth/token-managers/vpc-instance-token-manager.ts Show resolved Hide resolved
auth/token-managers/vpc-instance-token-manager.ts Outdated Show resolved Hide resolved
auth/token-managers/vpc-instance-token-manager.ts Outdated Show resolved Hide resolved
test/unit/vpc-instance-authenticator.test.js Outdated Show resolved Hide resolved
auth/token-managers/vpc-instance-token-manager.ts Show resolved Hide resolved
pyrooka
pyrooka approved these changes Oct 21, 2021
View reviewed changes
Copy link
Member

@pyrooka pyrooka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

auth/token-managers/vpc-instance-token-manager.ts Outdated Show resolved Hide resolved
pyrooka
pyrooka reviewed Oct 21, 2021
View reviewed changes
Authentication.md Outdated Show resolved Hide resolved
pyrooka
pyrooka reviewed Oct 21, 2021
View reviewed changes
Authentication.md Outdated Show resolved Hide resolved
padamstx
padamstx approved these changes Oct 21, 2021
View reviewed changes
Copy link
Member

@padamstx padamstx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed latest updates. Looks good! 👍

dpopp07 and others added 10 commits October 21, 2021 12:16
@dpopp07
feat(VpcInstanceAuthenticator): add support for new VPC authenticatio…
f75590a 
…n flow

This commit introduces the VpcInstanceAuthenticator.
This authenticator implements the authentication flow
within a VPC-managed compute resource that is configured to
use the compute resource identity feature.
This involves the use of the compute resource's local
VPC Instance Metadata Service API to retrieve an instance identity
token, and then exchange that token for an IAM access token.
The IAM access token is then used to authenticate outbound REST
API requests by adding an Authorization containing the access token.
@dpopp07 @padamstx
Update test/unit/vpc-instance-authenticator.test.js
b93e162 
Co-authored-by: Phil Adams <padamstx@gmail.com>
@dpopp07 @padamstx
Update auth/token-managers/vpc-instance-token-manager.ts
56d4049 
Co-authored-by: Phil Adams <padamstx@gmail.com>
@dpopp07 @padamstx
Update Authentication.md
5e8da0f 
Co-authored-by: Phil Adams <padamstx@gmail.com>
@dpopp07 @padamstx
Update Authentication.md
be2d988 
Co-authored-by: Phil Adams <padamstx@gmail.com>
@dpopp07
chore: address feedback
044b424
@dpopp07 @pyrooka
Update auth/token-managers/vpc-instance-token-manager.ts
64ee167 
Co-authored-by: Norbert Biczo <pyrooka@users.noreply.github.com>
@dpopp07 @pyrooka
Update Authentication.md
b9c542e 
Co-authored-by: Norbert Biczo <pyrooka@users.noreply.github.com>
@dpopp07 @pyrooka
Update Authentication.md
2886653 
Co-authored-by: Norbert Biczo <pyrooka@users.noreply.github.com>
@dpopp07
chore: update .secrets.baseline
acd8514
@dpopp07 dpopp07 force-pushed the dp/vpc-authenticator branch from 7b07815 to acd8514 Compare October 21, 2021 17:17
@dpopp07
Copy link
Member Author

dpopp07 commented Oct 21, 2021

Okay, all requested changes have now been addressed. This PR should be ready to merge once we complete the additional, external testing 👍

@padamstx padamstx merged commit 8bbe704 into main Nov 8, 2021
@padamstx padamstx deleted the dp/vpc-authenticator branch November 8, 2021 17:23
ibm-devx-sdk pushed a commit that referenced this pull request Nov 8, 2021
@semantic-release-bot
chore(release): 2.17.0 [skip ci]
5aeca37 
# [2.17.0](v2.16.0...v2.17.0) (2021-11-08)

### Features

* **VpcInstanceAuthenticator:** add support for new VPC authentication flow ([#172](#172)) ([8bbe704](8bbe704))
@ibm-devx-sdk
Copy link

🎉 This PR is included in version 2.17.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@padamstx padamstx padamstx approved these changes

@pyrooka pyrooka pyrooka approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dpopp07 @ibm-devx-sdk @pyrooka @padamstx