Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iam: Phase I: API Key #151

Merged
merged 3 commits into from
Apr 17, 2019
Merged

iam: Phase I: API Key #151

merged 3 commits into from
Apr 17, 2019

Conversation

srl295
Copy link
Contributor

@srl295 srl295 commented Apr 17, 2019

Fixes #147

@srl295
iam: Phase I: use API-KEY for interim iam support
6d357d3 
- iam_endpoint and apikey required
- new CLI options and variables
- test updates
- docs

Fixes: #147
@srl295 srl295 requested review from pgaglani1 and yumaoka April 17, 2019 01:43
@srl295 srl295 self-assigned this Apr 17, 2019
@coveralls
Copy link

coveralls commented Apr 17, 2019
edited
Loading

Coverage Status

Coverage decreased (-1.9%) to 87.429% when pulling 603a60a on iam into a578eb8 on master.

srl295
srl295 commented Apr 17, 2019
View reviewed changes
lib/client.js
var missingField = utils.isMissingField(this._options.credentials, Object.keys(Consts.exampleCredentials));
if (missingField.length !== 0) {
throw new Error("g11n-pipeline: missing credentials fields: \"" + missingField.join(' ') + "\" - expected: " + Consts.exampleCredentialsString);
if(this._options.credentials.apikey) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if apikey is present, assume it is IAM.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the assumption is correct

srl295
srl295 commented Apr 17, 2019
View reviewed changes
lib/client.js
if(this._options.basicAuth) {
// ignore basicAuth.
// throw Error('basicAuth is not supported'); // TODO: support this- maybe?
if (this._options.credentials.apikey) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if apikey is present, use the IAM interceptor

srl295
srl295 commented Apr 17, 2019
View reviewed changes
lib/gp-iam.js

const authHeader = this.API_KEY + ' ' + this.credentials.apikey;
if(this.VERBOSE) console.log('hmacHeader = ' + authHeader);
obj.headers.Authorization = authHeader;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is the actual change.

@srl295
Copy link
Contributor Author

srl295 commented Apr 17, 2019

note that actually iam_endpoint is not actually used, but it will be in the future ( #150 ), so I want to require/document it now.

sid4
sid4 reviewed Apr 17, 2019
View reviewed changes
lib/gp-iam.js Outdated
if(obj.url.indexOf("/swagger.json") !== -1) return obj; // skip for swagger.json

const authHeader = this.API_KEY + ' ' + this.credentials.apikey;
if(this.VERBOSE) console.log('hmacHeader = ' + authHeader);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we want to log actual API_KEY in console?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only if VERBOSE is on.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that, but I wasn't sure if it should ever be logged, like we never log it in our server side code. So just wanted to make sure it is intentional. I don't know the best practice for JS.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will change it to Authorization: API-KEY **** (using replace to obfuscate the actual apikey)

sid4
sid4 approved these changes Apr 17, 2019
View reviewed changes
Copy link

@sid4 sid4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

yumaoka
yumaoka reviewed Apr 17, 2019
View reviewed changes
lib/gp-iam.js Outdated
if(obj.url.indexOf("/swagger.json") !== -1) return obj; // skip for swagger.json

const authHeader = this.API_KEY + ' ' + this.credentials.apikey;
if(this.VERBOSE) console.log('hmacHeader = ' + authHeader);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you really want hmacHeader= here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a debug comment, i can change it to authHeader

@srl295 srl295 requested a review from yumaoka April 17, 2019 19:36
yumaoka
yumaoka approved these changes Apr 17, 2019
View reviewed changes
Copy link

@yumaoka yumaoka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@srl295 srl295 merged commit 07059ed into master Apr 17, 2019
@srl295 srl295 deleted the iam branch April 17, 2019 19:45
@srl295 srl295 mentioned this pull request Apr 20, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sid4 sid4 sid4 approved these changes

@yumaoka yumaoka yumaoka approved these changes

@pgaglani1 pgaglani1 Awaiting requested review from pgaglani1

Assignees

@srl295 srl295

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

js: IAM support phase I (apikey)
4 participants
@srl295 @coveralls @yumaoka @sid4