feat(HMS-3416): Switch to service accounts for dev auth #792
Conversation
internal/headers/access_token.go
Outdated
| data.Add("client_id", clientId) | ||
| data.Add("client_secret", clientSecret) | ||
|
|
||
| req, err := http.NewRequest(http.MethodPost, provider.Endpoint().TokenURL, strings.NewReader(data.Encode())) |
There was a problem hiding this comment.
This is me being bit fancy just to resolve a static URL, for which we need extra module 🤔
provider.Endpoint().TokenURL is quite static value.
| } | ||
| res.Body.Close() | ||
| json.Unmarshal(body, &token) | ||
|
|
There was a problem hiding this comment.
Check return value, also use defer to ensure body is closed.
internal/headers/headers.go
Outdated
| if err != nil { | ||
| return err | ||
| } | ||
| zerolog.Ctx(ctx).Warn().Msgf("Service account authentication: %s", clientID) |
There was a problem hiding this comment.
This should not be warning, maybe info or debug.
There was a problem hiding this comment.
This is warning, because we don't want that to happen in Stage/Prod, so this makes it easier to spot in case by some accident we allow it there.
There was a problem hiding this comment.
Or that was the thinking why it was a warning for basic auth, I've kept the level.
ezr-ondrej
force-pushed
the
service_accounts
branch
2 times, most recently
from
bb56af5
to
fe4810d
Compare
Yeah exactly, I was thinking about it, but then decided against it for 1) I was lazy and 2) probably not as necessary for dev only. |
ezr-ondrej
force-pushed
the
service_accounts
branch
2 times, most recently
from
2d274a1
to
b143986
Compare
For developement we have been using basic auth to authenticate against stage services. This switches the auth to Service accounts.
ezr-ondrej
force-pushed
the
service_accounts
branch
from
b143986
to
0336971
Compare
|
/retest |
For developement we have been using basic auth to authenticate against stage services. This switches the auth to Service accounts.