Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support login to UAA using API token #819

Merged
merged 2 commits into from
Oct 7, 2024
Merged

Support login to UAA using API token #819

merged 2 commits into from
Oct 7, 2024

Conversation

vuil
Copy link
Contributor

@vuil vuil commented Oct 3, 2024
edited
Loading

What this PR does / why we need it

Enables login via a previously obtained API token to a UAA based endpoint.
Also: fixed a bug where the expiration time on a token refresh is incorrect set to too close to current time.

Note : adding more tests and waiting for the alternative client id to be determined.

Which issue(s) this PR fixes

Fixes #

Describe testing done for PR

Obtain refresh token from CLI context
TANZU_API_TOKEN=obtainedtoken tanzu login --endpoint uaa-based-endpoint

Updated and ran unit tests.

Release note

Token obtained from the "api-token create" command can be used as value to environment variable TANZU_API_TOKEN to connect to uaa-based endpoint.

Additional information

Special notes for your reviewer

@vuil vuil changed the title WIP: Support login to UAA using API token WIP (incomplete): Support login to UAA using API token Oct 4, 2024
@vuil vuil force-pushed the uaa-api-token-login branch from 45623eb to 5a37a8a Compare October 4, 2024 22:24
@vuil vuil changed the title WIP (incomplete): Support login to UAA using API token WIP: Support login to UAA using API token Oct 4, 2024
@vuil vuil force-pushed the uaa-api-token-login branch from 5a37a8a to 1fa86db Compare October 4, 2024 23:13
@vuil vuil changed the title WIP: Support login to UAA using API token Support login to UAA using API token Oct 4, 2024
@vuil vuil marked this pull request as ready for review October 4, 2024 23:16
@vuil vuil requested a review from a team as a code owner October 4, 2024 23:16
@vuil vuil force-pushed the uaa-api-token-login branch 3 times, most recently from 506cd5a to 1e0a132 Compare October 7, 2024 18:40
@marckhouzam marckhouzam added this to the v1.5.1 milestone Oct 7, 2024
anujc25
anujc25 approved these changes Oct 7, 2024
View reviewed changes
Copy link
Contributor

@anujc25 anujc25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks.

pkg/auth/common/login_handler.go Outdated Show resolved Hide resolved
pkg/command/context.go Outdated Show resolved Hide resolved
marckhouzam
marckhouzam reviewed Oct 7, 2024
View reviewed changes
Copy link
Contributor

@marckhouzam marckhouzam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still reviewing but I have a question to clarify

pkg/auth/common/login_handler.go Outdated Show resolved Hide resolved
pkg/auth/common/token.go Show resolved Hide resolved
pkg/auth/common/token.go Show resolved Hide resolved
marckhouzam
marckhouzam reviewed Oct 7, 2024
View reviewed changes
pkg/auth/common/token.go
@@ -20,6 +20,8 @@ const (
extraIDToken = "id_token"
)

var currentTime = time.Now
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you mind adding a comment to explain that currentTime is used to allow tests to override it?

Copy link
Contributor

@anujc25 anujc25 Oct 7, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be removed and addressed as part of #820 (comment) by using separate package.

@anujc25 anujc25 mentioned this pull request Oct 7, 2024
Merged
vuil added 2 commits October 7, 2024 13:22
@vuil
Support login to UAA using API token
f9ad2cf 
- enable the API token login flow for UAA.
- sets token type to api-token
- supports use of alternate client ID
- update token refresh logic of UAA to use the alternate ID

Signed-off-by: Vui Lam <[email protected]>
@vuil
Fix incorrect storing of expiration time
dd641e4 
Signed-off-by: Vui Lam <[email protected]>
@vuil vuil force-pushed the uaa-api-token-login branch from 1e0a132 to dd641e4 Compare October 7, 2024 20:26
marckhouzam
marckhouzam approved these changes Oct 7, 2024
View reviewed changes
Copy link
Contributor

@marckhouzam marckhouzam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good (I didn't try it).
One question about the extendedApp value.

pkg/auth/uaa/tanzu.go Show resolved Hide resolved
@vuil vuil merged commit d3515fb into vmware-tanzu:main Oct 7, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anujc25 anujc25 anujc25 approved these changes

@marckhouzam marckhouzam marckhouzam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.5.1
Development

Successfully merging this pull request may close these issues.
3 participants
@vuil @marckhouzam @anujc25