Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement federated (v3oidcaccesstoken) auth #176

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Implement federated (v3oidcaccesstoken) auth #176

wants to merge 2 commits into from

Conversation

lburgey
Copy link

@lburgey lburgey commented Nov 4, 2021

v3oidcaccesstoken requires two authentication requests:

  1. Retrieving an unscoped token using an oidc access token
  2. Retrieving a scoped token using the unscoped token (already implemented in v3auth)

Change summary:

  • Extracted method for auth request handling
  • Added missing fields to Connection, e.g. IdentityProvider
    • Added mappings to the relevant openstack environment variables
  • Added interface TwoStageAuthenticator
  • Implemented PrelimRequest and PrelimResponse for v3auth

Sadly I saw no reasonable way to test these changes, but I'm completely
open to suggestions. This includes the way I extended the authentication
handling, which may or may not be optimal.

These changes are a follow up to this forum thread: https://forum.rclone.org/t/swift-env-auth-true-env-os-access-token-http-error-404-404-not-found/22520

Lukas Burgey added 2 commits November 4, 2021 09:28
Implement federated (v3oidcaccesstoken) auth
048ba13 
v3oidcaccesstoken requires two authentication requests:
1. Retrieving an unscoped token using an oidc access token
2. Retrieving a scoped token using the unscoped token (already implemented in v3auth)

Change summary:
 - Extracted method for auth request handling
 - Added missing fields to Connection, e.g. IdentityProvider
   - Added mappings to the relevant openstack environment variables
 - Added interface TwoStageAuthenticator
 - Implemented PrelimRequest and PrelimResponse for v3auth

Sadly I saw no reasonable way to test these changes, but I'm completely
open to suggestions. This includes the way I extended the authentication
handling, which may or may not be optimal.

These changes are a follow up to this forum thread: https://forum.rclone.org/t/swift-env-auth-true-env-os-access-token-http-error-404-404-not-found/22520
Make the order of new connection fields consistent
845bae3
@ncw
Copy link
Owner

ncw commented Nov 8, 2021

Just thinking about the testability for a moment...

Currently we have an integration test which tests against a swift all in one docker

https://github.com/ncw/swift/blob/master/integration_test.sh

Could you add tests to that?

@lburgey
Copy link
Author

lburgey commented Nov 9, 2021

Hi,
in integration_test.sh, you write v2 auth does't work for unknown reasons!.
According to this issue, the reason seems to be that docker-swift (successor to bouncestorage/swift-aio) only mocks the authentication. For testing v2 and v3 auth, we would need a real keystone server instance.
I can certainly try to set this up if you think its reasonable.
Cheers,
Lukas

@ncw
Copy link
Owner

ncw commented Nov 9, 2021

Hi, in integration_test.sh, you write v2 auth does't work for unknown reasons!. According to this issue, the reason seems to be that docker-swift (successor to bouncestorage/swift-aio) only mocks the authentication.

Ah, ha!

For testing v2 and v3 auth, we would need a real keystone server instance. I can certainly try to set this up if you think its reasonable.

It would make the integration tests much more realistic.

How difficult would it be? If we could use docker to run a few containers other people maintain that would be fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lburgey @ncw