Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move authentication logic out of config #409

Merged
merged 8 commits into from
Feb 10, 2021
Merged

Move authentication logic out of config #409

merged 8 commits into from
Feb 10, 2021

Conversation

kazk
Copy link
Member

@kazk kazk commented Feb 9, 2021

Config should focus on finding and loading the configuration. Setting up auth and refreshing token is now handled by service.

Config is now free of native-tls/rustls-tls except for the macOS hack.

@kazk kazk marked this pull request as draft February 9, 2021 09:32
@kazk kazk force-pushed the auth-logic-to-service branch from 5a527fe to 66726be Compare February 9, 2021 09:42
kazk
kazk commented Feb 9, 2021
View reviewed changes
kube/src/config/mod.rs Show resolved Hide resolved
kube/src/service/auth/oauth.rs
"https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email";
// Initialize ServiceAccountAccess so we can request later when needed.
let info = gcloud_account_info()?;
let access = ServiceAccountAccess::new(info).map_err(OAuthError::InvalidKeyFormat)?;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ServiceAccountAccess has internal cache and returns Request when it's necessary to refresh the token. See token below.

@kazk kazk force-pushed the auth-logic-to-service branch from 66726be to d1dbe24 Compare February 9, 2021 09:55
@kazk kazk marked this pull request as ready for review February 9, 2021 10:15
clux
clux approved these changes Feb 9, 2021
View reviewed changes
Copy link
Member

@clux clux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

merge away :-)

kube/src/service/auth/mod.rs Show resolved Hide resolved
kube/src/service/auth/mod.rs

let mut value = HeaderValue::from_str(&format!("Bearer {}", &locked_data.0))
.map_err(ConfigError::InvalidBearerToken)?;
value.set_sensitive(true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, good call.

kube/src/config/mod.rs Show resolved Hide resolved
@kazk kazk force-pushed the auth-logic-to-service branch from 91701dd to e5da843 Compare February 10, 2021 02:43
@kazk kazk force-pushed the auth-logic-to-service branch from 6ee2b6e to 080fe9b Compare February 10, 2021 03:58
@kazk kazk merged commit 4a9df09 into kube-rs:master Feb 10, 2021
@kazk kazk deleted the auth-logic-to-service branch February 10, 2021 04:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clux clux clux approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kazk @clux