Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

agent: allow auto-auth to use an existing token #10850

Merged
merged 12 commits into from
Feb 11, 2021
Merged

agent: allow auto-auth to use an existing token #10850

merged 12 commits into from
Feb 11, 2021

Conversation

jasonodonnell
Copy link
Contributor

@jasonodonnell jasonodonnell commented Feb 5, 2021
edited
Loading

This PR changes auto-auth to accept a token during the creation of the auth handler. This feature will be used with persistent caching where a token is decrypted from the cache file and passed into auto-auth. Reusing an existing token is critical to maintaining leases previously owned by the token loaded from the cache.

Currently this feature only attempts to load the token on the first run and falls back to auto-auth if that's unsuccessful. Retry logic could be added if valuable, but likely if there's an issue loading retrying won't help.

Once the token is no longer renewable, the renewer will fall back to auto-auth and reauthenticate.

To test this feature you can run the unit tests:

$ cd ./command/agent
$ go test -run 'TestTokenPreload*'

@vercel vercel bot temporarily deployed to Preview – vault February 5, 2021 19:57 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 5, 2021 19:57 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 5, 2021 20:00 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 5, 2021 20:00 Inactive
@jasonodonnell jasonodonnell changed the title core/agent: add use_existing_token to auto-auth agent: add use_existing_token to auto-auth Feb 5, 2021
tvoran
tvoran reviewed Feb 8, 2021
View reviewed changes
Copy link
Member

@tvoran tvoran left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tests and example bootstrap script work for me. Just a couple questions.

command/agent/auth/auth.go Outdated Show resolved Hide resolved
command/agent/auth/auth.go Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault February 9, 2021 15:16 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 9, 2021 15:16 Inactive
@jasonodonnell jasonodonnell changed the title agent: add use_existing_token to auto-auth agent: allow auto-auth to use an existing token Feb 9, 2021
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 9, 2021 15:25 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 9, 2021 15:25 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 9, 2021 15:27 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 9, 2021 15:27 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 9, 2021 15:29 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 9, 2021 15:29 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 9, 2021 15:31 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 9, 2021 15:31 Inactive
calvn
calvn reviewed Feb 9, 2021
View reviewed changes
command/agent/auth/auth.go Outdated Show resolved Hide resolved
command/agent/auth/auth.go Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault February 9, 2021 20:20 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 9, 2021 20:20 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 10, 2021 16:27 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 10, 2021 16:27 Inactive
calvn
calvn approved these changes Feb 10, 2021
View reviewed changes
Copy link
Contributor

@calvn calvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small note, otherwise looks good!

command/agent/auth/auth.go Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 10, 2021 19:35 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 10, 2021 19:35 Inactive
tomhjp
tomhjp approved these changes Feb 11, 2021
View reviewed changes
Copy link
Contributor

@tomhjp tomhjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one suggestion to simplify control logic around backoffs.

command/agent/auth/auth.go Show resolved Hide resolved
@jasonodonnell jasonodonnell merged commit a2c1f2b into master Feb 11, 2021
@jasonodonnell jasonodonnell deleted the auto-auth branch February 11, 2021 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvoran tvoran tvoran approved these changes

@calvn calvn calvn approved these changes

@tomhjp tomhjp tomhjp approved these changes

Assignees
No one assigned
Labels
agent
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jasonodonnell @tvoran @calvn @tomhjp