Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ROX-26360: OCM AuthType Deleted and Replaced #2047

Merged
merged 3 commits into from
Sep 27, 2024
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 0 additions & 20 deletions e2e/e2e_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,26 +66,6 @@ var _ = Describe("AuthN/Z Fleet* components", Ordered, func() {
}
}

Describe("OCM auth type", func() {
BeforeEach(func() {
auth, err := fmImpl.NewOCMAuth(context.Background(), authOption.Ocm)
Expect(err).ToNot(HaveOccurred())
fmClient, err := fmImpl.NewClient(fleetManagerEndpoint, auth)
Expect(err).ToNot(HaveOccurred())
client = fmClient
})

DescribeTable("AuthN/Z tests",
testCase,
Entry("should allow access to fleet manager's public API endpoints",
publicAPI, false, 0, false),
Entry("should not allow access to fleet manager's internal API endpoints",
internalAPI, true, http.StatusNotFound, false),
Entry("should not allow access to fleet manager's admin API endpoints",
adminAPI, true, http.StatusNotFound, false),
)
})

Describe("Static token auth type", func() {
BeforeEach(func() {
auth, err := fmImpl.NewStaticAuth(context.Background(), authOption.Static)
Expand Down
6 changes: 0 additions & 6 deletions e2e/e2e_suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ var (
extendedWaitTimeout = getWaitTimeout() * 3
dpCloudProvider = getEnvDefault("DP_CLOUD_PROVIDER", "standalone")
dpRegion = getEnvDefault("DP_REGION", "standalone")
authType = "OCM"
fleetManagerEndpoint = "http://localhost:8000"
runAuthTests bool
runCentralTests bool
Expand Down Expand Up @@ -103,11 +102,6 @@ var _ = BeforeSuite(func() {
route53Client = route53.New(sess)
}

if val := os.Getenv("AUTH_TYPE"); val != "" {
authType = val
}
GinkgoWriter.Printf("AUTH_TYPE: %q\n", authType)

if val := os.Getenv("FLEET_MANAGER_ENDPOINT"); val != "" {
fleetManagerEndpoint = val
}
Expand Down
2 changes: 1 addition & 1 deletion internal/dinosaur/pkg/cmd/centrals/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ func NewCreateCommand() *cobra.Command {
Short: "Create a new central request",
Long: "Create a new central request.",
Run: func(cmd *cobra.Command, args []string) {
runCreate(fleetmanagerclient.AuthenticatedClientWithOCM(cmd.Context()), cmd, args)
runCreate(fleetmanagerclient.AuthenticatedClientWithStaticToken(cmd.Context()), cmd, args)
},
}

Expand Down
2 changes: 1 addition & 1 deletion internal/dinosaur/pkg/cmd/centrals/delete.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ func NewDeleteCommand() *cobra.Command {
Short: "Delete a central request",
Long: "Delete a central request.",
Run: func(cmd *cobra.Command, args []string) {
runDelete(fleetmanagerclient.AuthenticatedClientWithOCM(cmd.Context()), cmd, args)
runDelete(fleetmanagerclient.AuthenticatedClientWithStaticToken(cmd.Context()), cmd, args)
},
}

Expand Down
2 changes: 1 addition & 1 deletion internal/dinosaur/pkg/cmd/centrals/get.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ func NewGetCommand() *cobra.Command {
Short: "Get a central request",
Long: "Get a central request.",
Run: func(cmd *cobra.Command, args []string) {
runGet(fleetmanagerclient.AuthenticatedClientWithOCM(cmd.Context()), cmd, args)
runGet(fleetmanagerclient.AuthenticatedClientWithStaticToken(cmd.Context()), cmd, args)
},
}
cmd.Flags().String(FlagID, "", "Central ID (required)")
Expand Down
2 changes: 1 addition & 1 deletion internal/dinosaur/pkg/cmd/centrals/list.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ func NewListCommand() *cobra.Command {
Short: "lists all managed central requests",
Long: "lists all managed central requests",
Run: func(cmd *cobra.Command, args []string) {
runList(fleetmanagerclient.AuthenticatedClientWithOCM(cmd.Context()), cmd, args)
runList(fleetmanagerclient.AuthenticatedClientWithStaticToken(cmd.Context()), cmd, args)
},
}
cmd.Flags().String(FlagOwner, "test-user", "Username")
Expand Down
28 changes: 14 additions & 14 deletions internal/dinosaur/pkg/cmd/fleetmanagerclient/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ import (
)

var (
singletonOCMRefreshTokenInstance sync.Once
fmClientAuthWithOCMRefreshToken *fleetmanager.Client
singletonStaticTokenInstance sync.Once
fmAuthenticatedClientWithStaticToken *fleetmanager.Client

fmClientAuthWithRHOASToken *fleetmanager.Client
singletonRHOASTokenInstance sync.Once
Expand All @@ -24,7 +24,7 @@ var (
const (
defaultFleetManagerEndpoint = "http://localhost:8000"
fleetManagerEndpointEnvVar = "FMCLI_FLEET_MANAGER_ENDPOINT"
ocmRefreshTokenEnvVar = "OCM_TOKEN"
StaticTokenEnvVar = "STATIC_TOKEN"
rhoasTokenEnvVar = "RHOAS_TOKEN"
)

Expand Down Expand Up @@ -67,31 +67,31 @@ func AuthenticatedClientWithRHOASToken(ctx context.Context) *fleetmanager.Client
return fmClientAuthWithRHOASToken
}

// AuthenticatedClientWithOCM returns a rest client to the fleet-manager and receives the OCM refresh token.
// AuthenticatedClientWithStaticToken returns a rest client to the fleet-manager and receives the static refresh token.
// This function will panic on an error, designed to be used by the fleet-manager CLI.
func AuthenticatedClientWithOCM(ctx context.Context) *fleetmanager.Client {
ocmRefreshToken := os.Getenv(ocmRefreshTokenEnvVar)
if ocmRefreshToken == "" {
panic(fmt.Sprintf("%s not set. Please set OCM token with 'export %s=$(ocm token --refresh)'", ocmRefreshTokenEnvVar, ocmRefreshTokenEnvVar))
func AuthenticatedClientWithStaticToken(ctx context.Context) *fleetmanager.Client {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It makes sense to remove AuthenticatedClientWithRHOASToken function and use AuthenticatedClientWithStaticToken, they serve the same purpose

staticToken := os.Getenv(StaticTokenEnvVar)
if staticToken == "" {
panic(fmt.Sprintf("%s not set. Please set OCM token with 'export %s=$(ocm token --refresh)'", StaticTokenEnvVar, StaticTokenEnvVar))
aaa5kameric marked this conversation as resolved.
Show resolved Hide resolved
}

fleetManagerEndpoint := os.Getenv(fleetManagerEndpointEnvVar)
if fleetManagerEndpoint == "" {
fleetManagerEndpoint = defaultFleetManagerEndpoint
}

singletonOCMRefreshTokenInstance.Do(func() {
auth, err := impl.NewAuth(ctx, impl.OCMAuthName, impl.Option{
Ocm: impl.OCMOption{
RefreshToken: ocmRefreshToken,
singletonStaticTokenInstance.Do(func() {
auth, err := impl.NewAuth(ctx, impl.StaticTokenAuthName, impl.Option{
Static: impl.StaticOption{
StaticToken: staticToken,
},
})
if err != nil {
glog.Fatalf("Failed to create connection: %s", err)
return
}

fmClientAuthWithOCMRefreshToken, err = impl.NewClient(fleetManagerEndpoint, auth)
fmAuthenticatedClientWithStaticToken, err = impl.NewClient(fleetManagerEndpoint, auth)
if err != nil {
glog.Fatalf("Failed to create connection: %s", err)
return
Expand All @@ -103,5 +103,5 @@ func AuthenticatedClientWithOCM(ctx context.Context) *fleetmanager.Client {
if fleetManagerEndpoint == defaultFleetManagerEndpoint {
time.Sleep(5 * time.Second)
}
return fmClientAuthWithOCMRefreshToken
return fmAuthenticatedClientWithStaticToken
}
13 changes: 0 additions & 13 deletions pkg/client/fleetmanager/impl/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ type authFactory interface {
// Option for the different Auth types.
type Option struct {
Sso RHSSOOption
Ocm OCMOption
Static StaticOption
ServiceAccount ServiceAccountOption
}
Expand All @@ -40,12 +39,6 @@ type RHSSOOption struct {
Endpoint string `env:"RHSSO_ENDPOINT" envDefault:"https://sso.redhat.com"`
}

// OCMOption for the OCM Auth type.
type OCMOption struct {
RefreshToken string `env:"OCM_TOKEN"`
EnableLogger bool `env:"OCM_ENABLE_LOGGER"`
}

// StaticOption for the Static Auth type.
type StaticOption struct {
StaticToken string `env:"STATIC_TOKEN"`
Expand All @@ -60,7 +53,6 @@ var authFactoryRegistry map[string]authFactory

func init() {
authFactoryRegistry = map[string]authFactory{
ocmFactory.GetName(): ocmFactory,
rhSSOFactory.GetName(): rhSSOFactory,
staticTokenFactory.GetName(): staticTokenFactory,
serviceAccountTokenFactory.GetName(): serviceAccountTokenFactory,
Expand Down Expand Up @@ -91,11 +83,6 @@ func NewRHSSOAuth(ctx context.Context, opt RHSSOOption) (Auth, error) {
return newAuth(ctx, rhSSOFactory.GetName(), Option{Sso: opt})
}

// NewOCMAuth will return Auth that uses OCM to provide authentication for HTTP requests.
func NewOCMAuth(ctx context.Context, opt OCMOption) (Auth, error) {
return newAuth(ctx, ocmFactory.GetName(), Option{Ocm: opt})
}

// NewStaticAuth will return Auth that uses a static token to provide authentication for HTTP requests.
func NewStaticAuth(ctx context.Context, opt StaticOption) (Auth, error) {
return newAuth(ctx, staticTokenFactory.GetName(), Option{Static: opt})
Expand Down
82 changes: 0 additions & 82 deletions pkg/client/fleetmanager/impl/auth_ocm.go

This file was deleted.

1 change: 0 additions & 1 deletion pkg/client/fleetmanager/impl/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,5 @@ func TestAuthOptions(t *testing.T) {
assert.Equal(t, "https://sso.redhat.com", authOpt.Sso.Endpoint)
assert.Equal(t, "redhat-external", authOpt.Sso.Realm)
assert.Equal(t, tokenValue, authOpt.Static.StaticToken)
assert.Equal(t, tokenValue, authOpt.Ocm.RefreshToken)
assert.Equal(t, tokenFile, authOpt.ServiceAccount.TokenFile)
}
Loading