Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(VPCInstanceAuthenticator): add support for new VPC authentication flow #129

Merged
merged 9 commits into from
Nov 8, 2021
Merged

feat(VPCInstanceAuthenticator): add support for new VPC authentication flow #129

merged 9 commits into from
Nov 8, 2021

Conversation

pyrooka
Copy link
Member

@pyrooka pyrooka commented Oct 26, 2021
edited
Loading

This PR introduces the VPCInstanceAuthenticator.
This authenticator implements the authentication flow
within a VPC-managed compute resource that is configured to
use the compute resource identity feature.
This involves the use of the compute resource's local
VPC Instance Metadata Service API to retrieve an instance identity
token, and then exchange that token for an IAM access token.
The IAM access token is then used to authenticate outbound REST
API requests by adding an Authorization containing the access token.

@pyrooka pyrooka self-assigned this Oct 26, 2021
@pyrooka pyrooka marked this pull request as ready for review October 26, 2021 18:29
@codecov
Copy link

codecov bot commented Oct 26, 2021
edited
Loading

Codecov Report

Merging #129 (7f0f6f2) into main (c56ce73) will increase coverage by 0.14%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #129      +/-   ##
==========================================
+ Coverage   99.52%   99.66%   +0.14%     
==========================================
  Files          22       24       +2     
  Lines         835      906      +71     
==========================================
+ Hits          831      903      +72     
+ Misses          4        3       -1
Impacted Files Coverage Δ
ibm_cloud_sdk_core/__init__.py 100.00% <100.00%> (ø)
ibm_cloud_sdk_core/authenticators/__init__.py 100.00% <100.00%> (ø)
ibm_cloud_sdk_core/authenticators/authenticator.py 94.44% <100.00%> (+6.20%) ⬆️
..._core/authenticators/vpc_instance_authenticator.py 100.00% <100.00%> (ø)
ibm_cloud_sdk_core/get_authenticator.py 100.00% <100.00%> (ø)
..._core/token_managers/vpc_instance_token_manager.py 100.00% <100.00%> (ø)
ibm_cloud_sdk_core/version.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8bbeca9...7f0f6f2. Read the comment docs.

rmkeezer
rmkeezer approved these changes Oct 28, 2021
View reviewed changes
Copy link
Contributor

@rmkeezer rmkeezer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to make some fixes below due to some issues when testing, but with these changes our VPC auth test script is passing on a VSI instance! So with these changes this should be good too go.

ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py Show resolved Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py Outdated Show resolved Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py Outdated Show resolved Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py Outdated Show resolved Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py Outdated Show resolved Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py Show resolved Hide resolved
test/test_vpc_instance_token_manager.py Outdated Show resolved Hide resolved
test/test_vpc_instance_token_manager.py Outdated Show resolved Hide resolved
test/test_vpc_instance_token_manager.py Outdated Show resolved Hide resolved
padamstx
padamstx approved these changes Oct 28, 2021
View reviewed changes
Copy link
Member

@padamstx padamstx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition to @rmkeezer's suggested changes, I also suggested a couple of minor changes to the documentation, plus posed one additional question about the request body for a "create_iam_token" call. I'll approve now to avoid a re-review assuming that review comments are addressed.

Authentication.md Outdated Show resolved Hide resolved
Authentication.md Outdated Show resolved Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py Outdated Show resolved Hide resolved
@pyrooka @rmkeezer
chore: set access_token properly
0795efa 
Co-authored-by: Matthew Keezer <Robert.Keezer@ibm.com>
dpopp07
dpopp07 approved these changes Oct 29, 2021
View reviewed changes
Copy link
Member

@dpopp07 dpopp07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! Just noticed a few copy/paste typos to correct

ibm_cloud_sdk_core/get_authenticator.py Outdated Show resolved Hide resolved
ibm_cloud_sdk_core/authenticators/vpc_instance_authenticator.py Outdated Show resolved Hide resolved
ibm_cloud_sdk_core/authenticators/vpc_instance_authenticator.py Show resolved Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py Outdated Show resolved Hide resolved
ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py Outdated Show resolved Hide resolved
pyrooka and others added 4 commits November 2, 2021 10:53
@pyrooka @rmkeezer
chore: address issues 1
e30e371 
Co-authored-by: Matthew Keezer <Robert.Keezer@ibm.com>
@pyrooka @padamstx
chore: address issues 2
2af6993 
Co-authored-by: Phil Adams <phil_adams@us.ibm.com>
@pyrooka
chore: update .secrets.baseline
7d5f498
@pyrooka @dpopp07
chore: fix typos
7f0f6f2 
Co-authored-by: Dustin Popp <dustinpopp@ibm.com>
@padamstx padamstx merged commit 5cb1c21 into main Nov 8, 2021
@padamstx padamstx deleted the vpc-authenticator branch November 8, 2021 17:25
ibm-devx-sdk pushed a commit that referenced this pull request Nov 8, 2021
@semantic-release-bot
chore(release): 3.13.0 release notes
1e29bfa 
# [3.13.0](v3.12.0...v3.13.0) (2021-11-08)

### Features

* **VPCInstanceAuthenticator:** add support for new VPC authentication flow ([#129](#129)) ([5cb1c21](5cb1c21))
@ibm-devx-sdk
Copy link

🎉 This PR is included in version 3.13.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmkeezer rmkeezer rmkeezer approved these changes

@dpopp07 dpopp07 dpopp07 approved these changes

@padamstx padamstx padamstx approved these changes

Assignees

@pyrooka pyrooka

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pyrooka @ibm-devx-sdk @rmkeezer @dpopp07 @padamstx