Caching the OAuth tokens in Application Gateway #15924

mvshao · 2022-10-27T11:00:31Z

Description

Changes proposed in this pull request:

OAuth tokens are stored per whole OAuth credentials -> clientID + clientSecret + authURL
mTLS OAuth tokens are stored per whole credentials -> clientID + sha256Certificate + sha256Key + authURL
minor improvement in the documentation regarding Application Gateway testing

Related issue(s)
For more information visit https://extra.secret.repository/kyma/backlog/issues/2774

netlify · 2022-10-27T11:03:06Z

✅ 🥰 Documentation preview ready! 🥰

Name	Link
🔨 Latest commit	`a7feb47`
🔍 Latest deploy log	https://app.netlify.com/sites/kyma-project-docs-preview/deploys/63622be30f562300081be2dc
😎 Deploy Preview	https://deploy-preview-15924--kyma-project-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

franpog859

Please, add also the test case for the normal OAuth, mentioned in the issue

franpog859 · 2022-10-31T09:25:15Z

...ateway-test/charts/test/templates/applications/credentials/mtls-oauth-nagative-other-ca.yaml

+  crt: {{ $files.Get "certs/invalid-ca/client.crt" | b64enc  }}
+  key: {{ $files.Get "certs/invalid-ca/client.key" | b64enc  }}
+  clientId: {{ "clientID" | b64enc }}


I think in the tests, we can change all the clientIDs from someClientID... to just clientID, right?

Yes, we can also change that

franpog859 · 2022-10-31T09:25:42Z

...ateway-test/charts/test/templates/applications/credentials/mtls-oauth-nagative-other-ca.yaml

+  crt: {{ $files.Get "certs/invalid-ca/client.crt" | b64enc  }}
+  key: {{ $files.Get "certs/invalid-ca/client.key" | b64enc  }}


Why is the ...negative... changed to the ...invalid-ca... there?

The same CA signs a positive certificate and a negative certificate. For this test, I generated certificates that are signed by other CA.

franpog859 · 2022-10-31T11:04:40Z

...gateway-test/charts/test/templates/applications/credentials/oauth-negative-incorrect-id.yaml

@@ -5,5 +5,5 @@ metadata:
  namespace: kyma-integration
 type: Opaque
 data:
-  clientId: {{ "bad id" | b64enc }}
+  clientId: {{ "clientID" | b64enc }}


I believe this one should not be changed :d It's the oauth-negative-incorrect-id case

mvshao · 2022-10-31T11:17:12Z

/test pre-main-kyma-integration-k3d

mvshao · 2022-11-02T08:59:26Z

/test pre-main-kyma-integration-k3d

mvshao added 6 commits October 18, 2022 14:06

add clientSecret to cache key

6767831

cache key, first approach

08f33a7

cache key by SHA on mTLS OAuth

7789846

invalidate mTLS token cache

c62373a

fix nil pointer, doc update, secret modify

91060ee

delete unnecessary files

0f977e4

mvshao added the area/application-connector Issues or PRs related to application connectivity label Oct 27, 2022

mvshao added this to the 2.8.2 milestone Oct 27, 2022

mvshao requested review from mmitoraj, majakurcius, NHingerl, grego952, IwonaLanger, VOID404, akgalwas, koala7659 and franpog859 as code owners October 27, 2022 11:00

kyma-bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 27, 2022

mvshao added 2 commits October 27, 2022 13:36

generate client cert with incorrect ca

797d7e1

bump images

0b891b8

majakurcius previously approved these changes Oct 27, 2022

View reviewed changes

kyma-bot assigned majakurcius Oct 27, 2022

kyma-bot added the lgtm Looks good to me! label Oct 27, 2022

mvshao added the hacktoberfest-accepted label Oct 28, 2022

franpog859 self-assigned this Oct 31, 2022

franpog859 reviewed Oct 31, 2022

View reviewed changes

apply review sugestions

01e86a6

mvshao dismissed majakurcius’s stale review via 01e86a6 October 31, 2022 10:58

kyma-bot removed the lgtm Looks good to me! label Oct 31, 2022

franpog859 reviewed Oct 31, 2022

View reviewed changes

revert clientid

e614edc

franpog859 approved these changes Nov 2, 2022

View reviewed changes

kyma-bot added lgtm Looks good to me! labels Nov 2, 2022

Merge branch 'main' into oauth-cache

a7feb47

kyma-bot removed lgtm Looks good to me! labels Nov 2, 2022

grego952 approved these changes Nov 2, 2022

View reviewed changes

kyma-bot assigned grego952 Nov 2, 2022

kyma-bot added the lgtm Looks good to me! label Nov 2, 2022

kyma-bot merged commit d965167 into kyma-project:main Nov 2, 2022

mvshao deleted the oauth-cache branch November 2, 2022 10:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Caching the OAuth tokens in Application Gateway #15924

Caching the OAuth tokens in Application Gateway #15924

mvshao commented Oct 27, 2022

netlify bot commented Oct 27, 2022 •

edited

franpog859 left a comment

franpog859 Oct 31, 2022

mvshao Oct 31, 2022

franpog859 Oct 31, 2022

mvshao Oct 31, 2022

franpog859 Oct 31, 2022

mvshao commented Oct 31, 2022

mvshao commented Nov 2, 2022

		crt: {{ $files.Get "certs/invalid-ca/client.crt" \| b64enc }}
		key: {{ $files.Get "certs/invalid-ca/client.key" \| b64enc }}

Caching the OAuth tokens in Application Gateway #15924

Caching the OAuth tokens in Application Gateway #15924

Conversation

mvshao commented Oct 27, 2022

netlify bot commented Oct 27, 2022 • edited

✅ 🥰 Documentation preview ready! 🥰

franpog859 left a comment

Choose a reason for hiding this comment

franpog859 Oct 31, 2022

Choose a reason for hiding this comment

mvshao Oct 31, 2022

Choose a reason for hiding this comment

franpog859 Oct 31, 2022

Choose a reason for hiding this comment

mvshao Oct 31, 2022

Choose a reason for hiding this comment

franpog859 Oct 31, 2022

Choose a reason for hiding this comment

mvshao commented Oct 31, 2022

mvshao commented Nov 2, 2022

netlify bot commented Oct 27, 2022 •

edited