Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: OCI authentication sidecar #1272

Merged
merged 36 commits into from
Aug 19, 2024
Merged

feat: OCI authentication sidecar #1272

merged 36 commits into from
Aug 19, 2024

Conversation

maciaszczykm
Copy link
Member

@maciaszczykm maciaszczykm commented Aug 9, 2024
edited
Loading

Test Plan

  • AWS - tested with region, key ID and secret auth, then also with assume role, used result token to login to the registry from CLI
  • Azure - tested with client secret auth, used result token to upload image to the registry from CLI
  • GCP - tested with app credentials
  • Basic - tested with username and password

Checklist

  • If required, I have updated the Plural documentation accordingly.
  • I have added tests to cover my changes.
  • I have added a meaningful title and summary to convey the impact of this PR to a user.

@linear Linear
Copy link

linear bot commented Aug 9, 2024

PROD-2497 OCI authentication sidecar

@maciaszczykm maciaszczykm added the enhancement New feature or request label Aug 9, 2024
@maciaszczykm maciaszczykm requested a review from a team August 14, 2024 12:33
@maciaszczykm maciaszczykm marked this pull request as ready for review August 14, 2024 12:33
michaeljguarino
michaeljguarino reviewed Aug 14, 2024
View reviewed changes
go/oci-auth/internal/router/router.go
_ = router.SetTrustedProxies(nil)
router.Use(authMiddleware())

rootGroup = router.Group("/")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably want a health check endpoint on here too (would need to be unauthed)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added /health endpoint.

go/oci-auth/internal/handlers/auth/authentication.go
}

type AuthenticationResponse struct {
authn.AuthConfig
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This struct has all the needed json tags right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes:

// AuthConfig contains authorization information for connecting to a Registry
// Inlined what we use from github.com/docker/cli/cli/config/types
type AuthConfig struct {
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
	Auth     string `json:"auth,omitempty"`

	// IdentityToken is used to authenticate the user and get
	// an access token for the registry.
	IdentityToken string `json:"identitytoken,omitempty"`

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string `json:"registrytoken,omitempty"`
}

@maciaszczykm maciaszczykm merged commit 4184e54 into master Aug 19, 2024
13 checks passed
@maciaszczykm maciaszczykm deleted the marcin/prod-2497-oci-authentication-sidecar branch August 19, 2024 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaeljguarino michaeljguarino michaeljguarino approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maciaszczykm @michaeljguarino