-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NO-ISSUE: Deprecate and disable support for OCM offline token #6307
NO-ISSUE: Deprecate and disable support for OCM offline token #6307
Conversation
@jhernand: This pull request explicitly references no jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jhernand The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
b49124d
to
efbe9f9
Compare
Currently or `ocm/client` package supports authentication to OCM using an offline token via the `OCM_SELF_TOKEN` environment variable. But the OCM team has deprecated this authentication mechanism and will remove it in the future. The alternative is to use a client identifier and client secret, which is what we use in the SaaS environment. This patch disables by default that support, and will make the server fail with an explicit error message if it is used. Users that really need to use it will need to explicitly enable it setting the `ACKNOWLEDGE_DEPRECATED_OCM_SELF_TOKEN` environment variable to `yes`. In that case the server will start, but a warning will be written to the log. Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com>
efbe9f9
to
0dcfead
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #6307 +/- ##
==========================================
+ Coverage 68.29% 68.98% +0.69%
==========================================
Files 241 245 +4
Lines 35863 39450 +3587
==========================================
+ Hits 24491 27213 +2722
- Misses 9212 9813 +601
- Partials 2160 2424 +264 |
/retest |
/test edge-e2e-metal-assisted |
/lgtm |
/retest |
@@ -113,7 +125,25 @@ func (c *Client) newConnection() error { | |||
if c.Config.ClientID != "" && c.Config.ClientSecret != "" { | |||
builder = builder.Client(c.Config.ClientID, c.Config.ClientSecret) | |||
} else if c.Config.SelfToken != "" { | |||
builder = builder.Tokens(c.Config.SelfToken) | |||
if strings.EqualFold(c.Config.AcknowledgeDeprecatedSelfToken, "yes") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: if we invert this condition we can exit early and remove else
condition
@jhernand: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
[ART PR BUILD NOTIFIER] This PR has been included in build ose-agent-installer-api-server-container-v4.17.0-202405272012.p0.g5b71872.assembly.stream.el9 for distgit ose-agent-installer-api-server. |
Currently or
ocm/client
package supports authentication to OCM using an offline token via theOCM_SELF_TOKEN
environment variable. But the OCM team has deprecated this authentication mechanism and will remove it in the future. The alternative is to use a client identifier and client secret, which is what we use in the SaaS environment. This patch disables by default that support, and will make the server fail with an explicit error message if it is used. Users that really need to use it will need to explicitly enable it setting theACKNOWLEDGE_DEPRECATED_OCM_SELF_TOKEN
environment variable toyes
. In that case the server will start, but a warning will be written to the log.List all the issues related to this PR
What environments does this code impact?
How was this code tested?
Checklist
docs
, README, etc)Reviewers Checklist