Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

skip rotation for read Apis #1254

Merged
merged 7 commits into from
Dec 5, 2024
Merged

skip rotation for read Apis #1254

merged 7 commits into from
Dec 5, 2024

Conversation

paragjain0910
Copy link
Contributor

@paragjain0910 paragjain0910 commented Dec 2, 2024

Description

This PR targets to only rotate the token on calls to PUT/POST/DELETE in system namespace

How to test

  1. Show that calls to systems/ APIs don't rotate the token, only to PUT/POST /systems/*:

  2. PUT /systems , PUT/POST/DELETE /systems/products

  3. POST /systems/products/synchronize

  4. Show that the current token gets returned in the response header

  5. Have it well documented in swagger (RMT has no swagger)

> docker run --network=host --rm -ti registry.suse.com/suse/sle15:15.5 /bin/bash
$ zypper rm -y container-suseconnect
$ zypper in -y suseconnect-ng
$ suseconnect --url http://localhost:4224
$ cat /etc/zypp/credentials.d/SCCcredentials # see that token got set
$ suseconnect --keepalive
$ cat /etc/zypp/credentials.d/SCCcredentials # see that token updated
$ suseconnect -d -p sle-module-python3/15.5/x86_64
$ cat /etc/zypp/credentials.d/SCCcredentials # see that token updated
$ suseconnect --rollback
$ cat /etc/zypp/credentials.d/SCCcredentials # see that token updated
$ suseconnect --list-extensions
$ cat /etc/zypp/credentials.d/SCCcredentials # see that token _not_ updated
$ suseconnect --status
$ cat /etc/zypp/credentials.d/SCCcredentials # see that token _not_ updated
 /systems/activations doesn't rotate token: 
>curl -u <credentials from system above> -H "System-Token: <token from system above>" -I "http://localhost:4224/connect/systems/activations"

Change Type

Please select the correct option.

  • [ 8] New Feature (a non-breaking change which adds new functionality)

Review

Please check out our review guidelines
and get in touch with the author to get a shared understanding of the change.

digitaltom and others added 2 commits December 4, 2024 00:09
add testcases for header token addition in read api
Copy link
Member

@digitaltom digitaltom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work! Could you add a line to package/obs/rmt-server.changes regarding this change? Like "Skip system token rotation in read-only APIs".

@paragjain0910 paragjain0910 merged commit c1cb62f into master Dec 5, 2024
3 checks passed
@paragjain0910 paragjain0910 deleted the skip_token_rotation branch December 5, 2024 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants