Skip to content

Commit

Permalink
ROX-26360: OCM AuthType Deleted and Replaced (#2047)
Browse files Browse the repository at this point in the history
  • Loading branch information
aaa5kameric authored Sep 27, 2024
1 parent 7accd5d commit f636090
Show file tree
Hide file tree
Showing 10 changed files with 19 additions and 141 deletions.
20 changes: 0 additions & 20 deletions e2e/e2e_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,26 +66,6 @@ var _ = Describe("AuthN/Z Fleet* components", Ordered, func() {
}
}

Describe("OCM auth type", func() {
BeforeEach(func() {
auth, err := fmImpl.NewOCMAuth(context.Background(), authOption.Ocm)
Expect(err).ToNot(HaveOccurred())
fmClient, err := fmImpl.NewClient(fleetManagerEndpoint, auth)
Expect(err).ToNot(HaveOccurred())
client = fmClient
})

DescribeTable("AuthN/Z tests",
testCase,
Entry("should allow access to fleet manager's public API endpoints",
publicAPI, false, 0, false),
Entry("should not allow access to fleet manager's internal API endpoints",
internalAPI, true, http.StatusNotFound, false),
Entry("should not allow access to fleet manager's admin API endpoints",
adminAPI, true, http.StatusNotFound, false),
)
})

Describe("Static token auth type", func() {
BeforeEach(func() {
auth, err := fmImpl.NewStaticAuth(context.Background(), authOption.Static)
Expand Down
6 changes: 0 additions & 6 deletions e2e/e2e_suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ var (
extendedWaitTimeout = getWaitTimeout() * 3
dpCloudProvider = getEnvDefault("DP_CLOUD_PROVIDER", "standalone")
dpRegion = getEnvDefault("DP_REGION", "standalone")
authType = "OCM"
fleetManagerEndpoint = "http://localhost:8000"
runAuthTests bool
runCentralTests bool
Expand Down Expand Up @@ -103,11 +102,6 @@ var _ = BeforeSuite(func() {
route53Client = route53.New(sess)
}

if val := os.Getenv("AUTH_TYPE"); val != "" {
authType = val
}
GinkgoWriter.Printf("AUTH_TYPE: %q\n", authType)

if val := os.Getenv("FLEET_MANAGER_ENDPOINT"); val != "" {
fleetManagerEndpoint = val
}
Expand Down
2 changes: 1 addition & 1 deletion internal/dinosaur/pkg/cmd/centrals/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ func NewCreateCommand() *cobra.Command {
Short: "Create a new central request",
Long: "Create a new central request.",
Run: func(cmd *cobra.Command, args []string) {
runCreate(fleetmanagerclient.AuthenticatedClientWithOCM(cmd.Context()), cmd, args)
runCreate(fleetmanagerclient.AuthenticatedClientWithStaticToken(cmd.Context()), cmd, args)
},
}

Expand Down
2 changes: 1 addition & 1 deletion internal/dinosaur/pkg/cmd/centrals/delete.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ func NewDeleteCommand() *cobra.Command {
Short: "Delete a central request",
Long: "Delete a central request.",
Run: func(cmd *cobra.Command, args []string) {
runDelete(fleetmanagerclient.AuthenticatedClientWithOCM(cmd.Context()), cmd, args)
runDelete(fleetmanagerclient.AuthenticatedClientWithStaticToken(cmd.Context()), cmd, args)
},
}

Expand Down
2 changes: 1 addition & 1 deletion internal/dinosaur/pkg/cmd/centrals/get.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ func NewGetCommand() *cobra.Command {
Short: "Get a central request",
Long: "Get a central request.",
Run: func(cmd *cobra.Command, args []string) {
runGet(fleetmanagerclient.AuthenticatedClientWithOCM(cmd.Context()), cmd, args)
runGet(fleetmanagerclient.AuthenticatedClientWithStaticToken(cmd.Context()), cmd, args)
},
}
cmd.Flags().String(FlagID, "", "Central ID (required)")
Expand Down
2 changes: 1 addition & 1 deletion internal/dinosaur/pkg/cmd/centrals/list.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ func NewListCommand() *cobra.Command {
Short: "lists all managed central requests",
Long: "lists all managed central requests",
Run: func(cmd *cobra.Command, args []string) {
runList(fleetmanagerclient.AuthenticatedClientWithOCM(cmd.Context()), cmd, args)
runList(fleetmanagerclient.AuthenticatedClientWithStaticToken(cmd.Context()), cmd, args)
},
}
cmd.Flags().String(FlagOwner, "test-user", "Username")
Expand Down
30 changes: 15 additions & 15 deletions internal/dinosaur/pkg/cmd/fleetmanagerclient/client.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Package fleetmanagerclient is a fmClientAuthWithOCMRefreshToken for the CLI to connect to the fleetmanager.
// Package fleetmanagerclient is a fmAuthenticatedClientWithStaticToken for the CLI to connect to the fleetmanager.
package fleetmanagerclient

import (
Expand All @@ -14,8 +14,8 @@ import (
)

var (
singletonOCMRefreshTokenInstance sync.Once
fmClientAuthWithOCMRefreshToken *fleetmanager.Client
singletonStaticTokenInstance sync.Once
fmAuthenticatedClientWithStaticToken *fleetmanager.Client

fmClientAuthWithRHOASToken *fleetmanager.Client
singletonRHOASTokenInstance sync.Once
Expand All @@ -24,7 +24,7 @@ var (
const (
defaultFleetManagerEndpoint = "http://localhost:8000"
fleetManagerEndpointEnvVar = "FMCLI_FLEET_MANAGER_ENDPOINT"
ocmRefreshTokenEnvVar = "OCM_TOKEN"
StaticTokenEnvVar = "STATIC_TOKEN"
rhoasTokenEnvVar = "RHOAS_TOKEN"
)

Expand Down Expand Up @@ -67,31 +67,31 @@ func AuthenticatedClientWithRHOASToken(ctx context.Context) *fleetmanager.Client
return fmClientAuthWithRHOASToken
}

// AuthenticatedClientWithOCM returns a rest client to the fleet-manager and receives the OCM refresh token.
// AuthenticatedClientWithStaticToken returns a rest client to the fleet-manager and receives the static token.
// This function will panic on an error, designed to be used by the fleet-manager CLI.
func AuthenticatedClientWithOCM(ctx context.Context) *fleetmanager.Client {
ocmRefreshToken := os.Getenv(ocmRefreshTokenEnvVar)
if ocmRefreshToken == "" {
panic(fmt.Sprintf("%s not set. Please set OCM token with 'export %s=$(ocm token --refresh)'", ocmRefreshTokenEnvVar, ocmRefreshTokenEnvVar))
func AuthenticatedClientWithStaticToken(ctx context.Context) *fleetmanager.Client {
staticToken := os.Getenv(StaticTokenEnvVar)
if staticToken == "" {
panic(fmt.Sprintf("%s not set. Please set static token with 'export %s=<token>'", StaticTokenEnvVar, StaticTokenEnvVar))
}

fleetManagerEndpoint := os.Getenv(fleetManagerEndpointEnvVar)
if fleetManagerEndpoint == "" {
fleetManagerEndpoint = defaultFleetManagerEndpoint
}

singletonOCMRefreshTokenInstance.Do(func() {
auth, err := impl.NewAuth(ctx, impl.OCMAuthName, impl.Option{
Ocm: impl.OCMOption{
RefreshToken: ocmRefreshToken,
singletonStaticTokenInstance.Do(func() {
auth, err := impl.NewAuth(ctx, impl.StaticTokenAuthName, impl.Option{
Static: impl.StaticOption{
StaticToken: staticToken,
},
})
if err != nil {
glog.Fatalf("Failed to create connection: %s", err)
return
}

fmClientAuthWithOCMRefreshToken, err = impl.NewClient(fleetManagerEndpoint, auth)
fmAuthenticatedClientWithStaticToken, err = impl.NewClient(fleetManagerEndpoint, auth)
if err != nil {
glog.Fatalf("Failed to create connection: %s", err)
return
Expand All @@ -103,5 +103,5 @@ func AuthenticatedClientWithOCM(ctx context.Context) *fleetmanager.Client {
if fleetManagerEndpoint == defaultFleetManagerEndpoint {
time.Sleep(5 * time.Second)
}
return fmClientAuthWithOCMRefreshToken
return fmAuthenticatedClientWithStaticToken
}
13 changes: 0 additions & 13 deletions pkg/client/fleetmanager/impl/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ type authFactory interface {
// Option for the different Auth types.
type Option struct {
Sso RHSSOOption
Ocm OCMOption
Static StaticOption
ServiceAccount ServiceAccountOption
}
Expand All @@ -40,12 +39,6 @@ type RHSSOOption struct {
Endpoint string `env:"RHSSO_ENDPOINT" envDefault:"https://sso.redhat.com"`
}

// OCMOption for the OCM Auth type.
type OCMOption struct {
RefreshToken string `env:"OCM_TOKEN"`
EnableLogger bool `env:"OCM_ENABLE_LOGGER"`
}

// StaticOption for the Static Auth type.
type StaticOption struct {
StaticToken string `env:"STATIC_TOKEN"`
Expand All @@ -60,7 +53,6 @@ var authFactoryRegistry map[string]authFactory

func init() {
authFactoryRegistry = map[string]authFactory{
ocmFactory.GetName(): ocmFactory,
rhSSOFactory.GetName(): rhSSOFactory,
staticTokenFactory.GetName(): staticTokenFactory,
serviceAccountTokenFactory.GetName(): serviceAccountTokenFactory,
Expand Down Expand Up @@ -91,11 +83,6 @@ func NewRHSSOAuth(ctx context.Context, opt RHSSOOption) (Auth, error) {
return newAuth(ctx, rhSSOFactory.GetName(), Option{Sso: opt})
}

// NewOCMAuth will return Auth that uses OCM to provide authentication for HTTP requests.
func NewOCMAuth(ctx context.Context, opt OCMOption) (Auth, error) {
return newAuth(ctx, ocmFactory.GetName(), Option{Ocm: opt})
}

// NewStaticAuth will return Auth that uses a static token to provide authentication for HTTP requests.
func NewStaticAuth(ctx context.Context, opt StaticOption) (Auth, error) {
return newAuth(ctx, staticTokenFactory.GetName(), Option{Static: opt})
Expand Down
82 changes: 0 additions & 82 deletions pkg/client/fleetmanager/impl/auth_ocm.go

This file was deleted.

1 change: 0 additions & 1 deletion pkg/client/fleetmanager/impl/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,5 @@ func TestAuthOptions(t *testing.T) {
assert.Equal(t, "https://sso.redhat.com", authOpt.Sso.Endpoint)
assert.Equal(t, "redhat-external", authOpt.Sso.Realm)
assert.Equal(t, tokenValue, authOpt.Static.StaticToken)
assert.Equal(t, tokenValue, authOpt.Ocm.RefreshToken)
assert.Equal(t, tokenFile, authOpt.ServiceAccount.TokenFile)
}

0 comments on commit f636090

Please sign in to comment.