feat(VpcInstanceAuthenticator): add support for new VPC authentication flow #172
Conversation
dpopp07
force-pushed
the
dp/vpc-authenticator
branch
2 times, most recently
from
ef45f0b
to
e41e6d4
Compare
There was a problem hiding this comment.
Looks good overall. I pointed out a few minor things to fix, plus we should discuss whether to include/exclude the disableSslVerification and headers properties.
Also, I noticed that we don't do any testing with an actual JWT-based access token to test things like the expiration of a token or the need to acquire a new one within the "refresh window", etc.
But I noticed that we do that in the iam token manager and jwt token manager tests. I guess that would be sufficient since we're inheriting that functionality (jwt-token-manager) into the vpc-token-manager.
…n flow This commit introduces the VpcInstanceAuthenticator. This authenticator implements the authentication flow within a VPC-managed compute resource that is configured to use the compute resource identity feature. This involves the use of the compute resource's local VPC Instance Metadata Service API to retrieve an instance identity token, and then exchange that token for an IAM access token. The IAM access token is then used to authenticate outbound REST API requests by adding an Authorization containing the access token.
Co-authored-by: Phil Adams <padamstx@gmail.com>
Co-authored-by: Phil Adams <padamstx@gmail.com>
Co-authored-by: Phil Adams <padamstx@gmail.com>
Co-authored-by: Phil Adams <padamstx@gmail.com>
Co-authored-by: Norbert Biczo <pyrooka@users.noreply.github.com>
Co-authored-by: Norbert Biczo <pyrooka@users.noreply.github.com>
Co-authored-by: Norbert Biczo <pyrooka@users.noreply.github.com>
dpopp07
force-pushed
the
dp/vpc-authenticator
branch
from
7b07815
to
acd8514
Compare
|
Okay, all requested changes have now been addressed. This PR should be ready to merge once we complete the additional, external testing 👍 |
Co-authored-by: Norbert Biczo <pyrooka@users.noreply.github.com>
Co-authored-by: Norbert Biczo <pyrooka@users.noreply.github.com>
# [2.17.0](v2.16.0...v2.17.0) (2021-11-08) ### Features * **VpcInstanceAuthenticator:** add support for new VPC authentication flow ([#172](#172)) ([8bbe704](8bbe704))
|
🎉 This PR is included in version 2.17.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This commit introduces the VpcInstanceAuthenticator.
This authenticator implements the authentication flow
within a VPC-managed compute resource that is configured to
use the compute resource identity feature.
This involves the use of the compute resource's local
VPC Instance Metadata Service API to retrieve an instance identity
token, and then exchange that token for an IAM access token.
The IAM access token is then used to authenticate outbound REST
API requests by adding an Authorization containing the access token.
Checklist
npm testpasses (tip:npm run lint-fixcan correct most style issues)