Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat request: use secret value from provider config's secret ref to authorize requests #53

Closed
tenstad opened this issue Sep 12, 2024 · 3 comments · Fixed by #63
Closed

feat request: use secret value from provider config's secret ref to authorize requests #53

tenstad opened this issue Sep 12, 2024 · 3 comments · Fixed by #63
Labels
enhancement New feature or request

Comments

@tenstad
Copy link

tenstad commented Sep 12, 2024

What problem are you facing?

Unable to use the ProviderConfig's Credentials.SecretRef as authorization for Request requests.

Appears it should be supported, based on this comment:

provider-http/internal/controller/request/request.go

Line 101 in 0aa30d5

// 3. Getting the credentials specified by the ProviderConfig.

How could Crossplane help solve your problem?

Implement fetching the ProviderConfig's Credentials.SecretRef Secret and using that value to authorize Request requests.

Similarly to how it's implemented in other providers, such as https://github.com/crossplane-contrib/provider-gitlab/blob/31c53bce00c2e9b809716425c530bdc5e6fd4947/pkg/clients/gitlab.go#L109

Could add the header Authorization: Bearer <token from ProviderConfig's Credentials specification> if Credentials is specified, or extend the ProviderConfig with some additional fields for how the secret should be used in requests.
@tenstad tenstad added the enhancement New feature or request label Sep 12, 2024
@arielsepton
Copy link
Member

arielsepton commented Sep 12, 2024
edited
Loading

Hi 👋 @tenstad

The comment you referenced should indeed be removed, as it can be misleading.
While storing credentials in ProviderConfig works for most providers, it’s not the ideal approach for provider-http. In this case, each Request can manage different resources with unique sensitive data, making it too dynamic for ProviderConfigs.

Instead, using secrets within each Request offers better flexibility and control over credential usage.

You can inject data from secrets using the following syntax, which works for both body and headers:

headers:
  Authorization:
    - "Basic {{ secret-name:secret-namespace:secret-key }}"

This method should help you manage your secrets effectively. If you have any further questions or need further assistance, feel free to reach out. Let me know how it works for you!

@tenstad
Copy link
Author

tenstad commented Sep 12, 2024

Thanks for the quick reply! Yeah that definitely works, and is what we're now using. Just seemed like a single provider config would be even cleaner when having multiple Request resources using the same endpoint and auth token.

But we can for sure just remove the misleading comment and call it a day! :)

@tenstad
Copy link
Author

tenstad commented Sep 12, 2024

Follow up question; Is the Credentials of a Crossplane provider something that comes by default (seems to be the same in many providers), or is it specifically added? If it could be removed from the http ProviderConfig, that could also avoid confusion, as it's not used for anything right?

@arielsepton arielsepton mentioned this issue Oct 2, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add support for authentication credentials in ProviderConfig arielsepton/provider-http
2 participants
@tenstad @arielsepton