Skip to content

Toolkit package created for OIDC client #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 46 commits into
base: main
Choose a base branch
from
Open

Toolkit package created for OIDC client #1

wants to merge 46 commits into from

Conversation

souravchanduka
Copy link
Owner

In order to get the temporary credentials for accessing cloud resources, we need to get the ID Token from the action service. This ID Token will be used by login actions of different cloud providers. Since the code to fetch the ID Token will be same for all the login actions, we have decided to create a toolkit package for it. All the login actions would import this package and get the ID token for further use.

dwivedine
dwivedine reviewed Aug 2, 2021
View reviewed changes
@navin22
Copy link

navin22 commented Aug 2, 2021

@souravchanduka Are we covering telemetry in here ? Can you please add the details ?

TingluoHuang
TingluoHuang reviewed Aug 2, 2021
View reviewed changes
TingluoHuang
TingluoHuang reviewed Aug 2, 2021
View reviewed changes
thboop
thboop reviewed Aug 4, 2021
View reviewed changes
thboop
thboop reviewed Aug 4, 2021
View reviewed changes
luketomlinson
luketomlinson suggested changes Aug 11, 2021
View reviewed changes
Copy link

@luketomlinson luketomlinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @souravchanduka! I think some logic could be simplified by using postJson from the HTTP Client

luketomlinson
luketomlinson reviewed Aug 11, 2021
View reviewed changes
luketomlinson
luketomlinson reviewed Aug 11, 2021
View reviewed changes
luketomlinson
luketomlinson reviewed Aug 12, 2021
View reviewed changes
cpratap994
cpratap994 reviewed Aug 16, 2021
View reviewed changes
cpratap994
cpratap994 reviewed Aug 16, 2021
View reviewed changes
luketomlinson
luketomlinson reviewed Aug 16, 2021
View reviewed changes
luketomlinson
luketomlinson reviewed Aug 17, 2021
View reviewed changes
luketomlinson
luketomlinson reviewed Aug 17, 2021
View reviewed changes
packages/core/package.json Outdated
@@ -1,6 +1,6 @@
{
"name": "@actions/core",
"version": "1.4.0",
"version": "1.5.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we are already on 1.5.0, so this might need to be updated in your main branch

Copy link
Owner Author

@souravchanduka souravchanduka Aug 18, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can see 1.4.0 in main branch right now. If there is any PR with 1.5.0 version then should we wait for it to be merged before this PR? If yes, here version should be 1.5.1, right?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ha I had a PR open for it, but it hasn't gotten merged: actions#873

luketomlinson
luketomlinson reviewed Aug 17, 2021
View reviewed changes
Copy link

@luketomlinson luketomlinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple small things @souravchanduka and I think this one should be good to go!

packages/core/README.md Outdated

const audience = core.getInput('audience', {required: false})
const id_token = await core.getIDToken(audience)
core.setOutput('id_token', id_token)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it good practice to set this as an output? I don't know, I think we should just be careful what we put as an example. @thboop @TingluoHuang

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have removed the setOutput, instead have just put a comment saying it can further be used to fetch access token from any third party cloud providers. Does this make sense?

luketomlinson
luketomlinson approved these changes Aug 18, 2021
View reviewed changes
Copy link

@luketomlinson luketomlinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a couple minor comments @souravchanduka. But otherwise looks good to me!

packages/core/package.json Outdated
@@ -1,6 +1,6 @@
{
"name": "@actions/core",
"version": "1.4.0",
"version": "1.5.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ha I had a PR open for it, but it hasn't gotten merged: actions#873

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TingluoHuang TingluoHuang TingluoHuang left review comments

@cpratap994 cpratap994 cpratap994 left review comments

@thboop thboop thboop left review comments

@dwivedine dwivedine dwivedine left review comments

@luketomlinson luketomlinson luketomlinson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@souravchanduka @navin22 @TingluoHuang @cpratap994 @luketomlinson @thboop @dwivedine