[CC-30333] auth: use JWT for authentication #249
Merged
+81
−27
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pritesh-lahoti
force-pushed
the
jwt-auth
branch
from
db96756
to
2d18ab4
Compare
fantapop
reviewed
Nov 15, 2024
fantapop
reviewed
Nov 15, 2024
fantapop
reviewed
Nov 15, 2024
kathancox
reviewed
Nov 15, 2024
pritesh-lahoti
force-pushed
the
jwt-auth
branch
from
2d18ab4
to
4079e87
Compare
@kathancox, requesting another round of review, as there have been further changes to the docs. Thank you! |
|
This one seems a bit off, but lets fix the message in another round. We can fix later. It's talking about both JWT Issuer and Invalid API key. |
fantapop
approved these changes
Nov 15, 2024
|
@pritesh-lahoti i just noticed the commit message needs to be updated with the new env var names. |
kathancox
approved these changes
Nov 15, 2024
docs/index.md
Outdated
| @@ -20,8 +20,9 @@ provider "cockroach" { | |||
| # Instructions for getting an API Key | |||
| # https://www.cockroachlabs.com/docs/cockroachcloud/console-access-management.html#api-access | |||
| # | |||
| # The Terraform provider requires an environment variable COCKROACH_API_KEY | |||
| # The Terraform provider requires either COCKROACH_API_KEY or COCKROACH_API_JWT environment variable for performing authentication. | |||
There was a problem hiding this comment.
Suggested change
| # The Terraform provider requires either COCKROACH_API_KEY or COCKROACH_API_JWT environment variable for performing authentication. | |
| # The Terraform provider requires either the COCKROACH_API_KEY or COCKROACH_API_JWT environment variable for performing authentication. |
examples/provider/provider.tf
Outdated
| @@ -5,6 +5,7 @@ provider "cockroach" { | |||
| # Instructions for getting an API Key | |||
| # https://www.cockroachlabs.com/docs/cockroachcloud/console-access-management.html#api-access | |||
| # | |||
| # The Terraform provider requires an environment variable COCKROACH_API_KEY | |||
| # The Terraform provider requires either COCKROACH_API_KEY or COCKROACH_API_JWT environment variable for performing authentication. | |||
There was a problem hiding this comment.
Suggested change
| # The Terraform provider requires either COCKROACH_API_KEY or COCKROACH_API_JWT environment variable for performing authentication. | |
| # The Terraform provider requires either the COCKROACH_API_KEY or COCKROACH_API_JWT environment variable for performing authentication. |
This PR allows using the Terraform Provider via JWT authentication, in addition to API Keys. The JWT auth mechanism requires a COCKROACH_VANITY_NAME env var capturing the vanity name of the org with the corresponding JWT Issuer. In case the JWT is issued against multiple identities, it also requires a COCKROACH_USERNAME env var capturing the user / service account to impersonate. Eventually, we will add a CI stage for running acceptance tests via this auth mechanism.
|
I'm going to go ahead and make these small nit changes and land the PR. There is still time to get the release out. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR allows using the Terraform Provider via JWT authentication, in addition to API Keys. The JWT auth mechanism requires a CC_VANITY_NAME env capturing the vanity name of the org with the corresponding JWT Issuer. In case the JWT is issued against multiple identities, it also requires a CC_USERNAME env capturing the user / service account to impersonate. Eventually, we will add a CI stage for running acceptance tests via this auth mechanism.
Commit checklist
make generate)