Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve support for service bearer token refresh #2241

Closed
tsandall opened this issue Mar 30, 2020 · 0 comments · Fixed by #2287
Closed

Improve support for service bearer token refresh #2241

tsandall opened this issue Mar 30, 2020 · 0 comments · Fixed by #2287
Assignees

Comments

@tsandall
Copy link
Member

tsandall commented Mar 30, 2020

Service clients using bearer tokens should be able to refresh those tokens without requiring a process restart. We support this today for mutual TLS so we should be able to do something similar for bearer token usage.

The easiest solution (IMO) would be to add a new services[_].credentials.bearer.path configuration field (name TBD) that specifies the path of a file containing the bearer token to read. OPA would re-read the file like it does with TLS certs/keys.

@patrick-east what do you think?

@ashutosh-narkar ashutosh-narkar self-assigned this Apr 10, 2020
ashutosh-narkar added a commit to ashutosh-narkar/opa that referenced this issue Apr 10, 2020
This change updates the bearer token config to allow clients to specify
a path to the token. With this refreshing tokens becomes easier as OPA
will now reload the token from file.

Fixes open-policy-agent#2241

Signed-off-by: Ashutosh Narkar <[email protected]>
ashutosh-narkar added a commit that referenced this issue Apr 11, 2020
This change updates the bearer token config to allow clients to specify
a path to the token. With this refreshing tokens becomes easier as OPA
will now reload the token from file.

Fixes #2241

Signed-off-by: Ashutosh Narkar <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

2 participants