-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(VPCInstanceAuthenticator): add support for new VPC authentication flow #129
Conversation
Codecov Report
@@ Coverage Diff @@
## main #129 +/- ##
==========================================
+ Coverage 99.52% 99.66% +0.14%
==========================================
Files 22 24 +2
Lines 835 906 +71
==========================================
+ Hits 831 903 +72
+ Misses 4 3 -1
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had to make some fixes below due to some issues when testing, but with these changes our VPC auth test script is passing on a VSI instance! So with these changes this should be good too go.
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py
Outdated
Show resolved
Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py
Outdated
Show resolved
Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py
Outdated
Show resolved
Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In addition to @rmkeezer's suggested changes, I also suggested a couple of minor changes to the documentation, plus posed one additional question about the request body for a "create_iam_token" call. I'll approve now to avoid a re-review assuming that review comments are addressed.
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py
Outdated
Show resolved
Hide resolved
Co-authored-by: Matthew Keezer <Robert.Keezer@ibm.com>
6cb4816
to
0795efa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me! Just noticed a few copy/paste typos to correct
ibm_cloud_sdk_core/authenticators/vpc_instance_authenticator.py
Outdated
Show resolved
Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py
Outdated
Show resolved
Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py
Outdated
Show resolved
Hide resolved
Co-authored-by: Matthew Keezer <Robert.Keezer@ibm.com>
Co-authored-by: Phil Adams <phil_adams@us.ibm.com>
Co-authored-by: Dustin Popp <dustinpopp@ibm.com>
1fd91b9
to
7f0f6f2
Compare
# [3.13.0](v3.12.0...v3.13.0) (2021-11-08) ### Features * **VPCInstanceAuthenticator:** add support for new VPC authentication flow ([#129](#129)) ([5cb1c21](5cb1c21))
🎉 This PR is included in version 3.13.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This PR introduces the VPCInstanceAuthenticator.
This authenticator implements the authentication flow
within a VPC-managed compute resource that is configured to
use the compute resource identity feature.
This involves the use of the compute resource's local
VPC Instance Metadata Service API to retrieve an instance identity
token, and then exchange that token for an IAM access token.
The IAM access token is then used to authenticate outbound REST
API requests by adding an Authorization containing the access token.