-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AGENT-875: Authenticate agents #8395
base: master
Are you sure you want to change the base?
AGENT-875: Authenticate agents #8395
Conversation
pawanpinjarkar
commented
May 11, 2024
•
edited
edited
- Set JWT token in the expected env var AGENT_AUTH_TOKEN
- Set authorization header in the API requests
@pawanpinjarkar: This pull request references AGENT-875 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.16.0" version, but no target version was set. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Skipping CI for Draft Pull Request. |
/hold |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
a8e2c8b
to
863fcec
Compare
@pawanpinjarkar: This pull request references AGENT-875 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/hold cancel |
/cc @rwsu @andfasano |
pkg/asset/agent/image/ignition.go
Outdated
} | ||
|
||
// Probably also need to add PULL_SECRET_TOKEN for authentication. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rwsu WDYT? I think the token will be needed for the nodes making API requests to assisted service once the new auth type is enabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -411,10 +411,12 @@ func getRendezvousHostEnv(serviceProtocol, nodeZeroIP string, workflowType workf | |||
return fmt.Sprintf(`NODE_ZERO_IP=%s | |||
SERVICE_BASE_URL=%s | |||
IMAGE_SERVICE_BASE_URL=%s | |||
PULL_SECRET_TOKEN=%s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This currently results in the same token being used for both the agents and the scripts that drive the assisted API. I can't remember what we said about how we would do authz in the future, but maybe it makes sense to pass them separately even if they have the same value right now.
I guess that would also solve the issue that "PULL_SECRET_TOKEN" is not the ideal name from assisted-service's perspective, bit is required for assisted-installer-agent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, its been renamed to AGENT_AUTH_TOKEN
@pawanpinjarkar: This pull request references AGENT-875 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
863fcec
to
779715e
Compare
To test the authentication feature, this and other code changes from relevant PRs need to work together.
And most importantly, updating the auth type env var |
779715e
to
4fe147f
Compare
…red by assisted installer agent
4fe147f
to
3ae28e8
Compare
@pawanpinjarkar: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |