-
Notifications
You must be signed in to change notification settings - Fork 655
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(concourse): support old and new concourse auth #762
Conversation
Fixes concourse authentication for clusters >= v6.1.0 by detecting version and providing different implementation accordingly. Addresses issue: spinnaker/spinnaker#5797
Sending basic auth header to /info endpoint causes 401 Addresses issue: spinnaker/spinnaker#5797
tokenExpiration = token.getExpiry(); | ||
return token; | ||
} | ||
|
||
public Response userInfo() { | ||
return skyServiceV1 != null ? skyServiceV1.userInfo() : skyServiceV2.userInfo(); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels a bit dirty to me. I'd consider creating a new SkyService
interface that both V1 and V2 extends from, given that they both just contains the userInfo()
method signature. Then you can have just a single skyService
field, and not care about the implementation and possible null
-values here.
And then do exactly the same with TokenService
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Example:
public interface SkyServiceV2 extends SkyService {
@GET("/api/v1/user")
@Override
Response userInfo();
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fully agree! unfortunately, the library in use here, retrofit, doesn't allow extending interfaces :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see square/retrofit#504 (appears this may have been fixed in a recent version; the one in use here is quite old)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I wasn't aware... Yuck. 😛
Maybe put a little comment in the code with that explanation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot! I think this is great 👍
I've suggested a couple of changes related to generalization of SkyService and TokenService to get rid of nullable fields in the ConcourseClient
class, but apart from that, this looks good to me.
Would it be possible for us to cherry-pick this commit into 1.21 and 1.20 as well? |
@Mergifyio backport release-1.20.x |
@jaredstehler is not allowed to run commands |
Noticed the above backport attempt failed and would also like to see this backported. @robzienert + @jervi are you the appropriate people to ping for that? |
FYI, we have a new backport policy that only accepts regressions. There isn't a regression that the community introduced, but an external service changed. Since we don't have any control of external services and we're supporting 3 minor versions, if concourse decided to change their auth and it broke a prior version, then Spinnaker as a service does have a regression and we'll need to backport the fix for it. @Mergifyio backport release-1.20.x release-1.21.x |
@Mergifyio backport release-1.20.x mergifyio seems to not be working, so we made #824 |
@Mergifyio backport release-1.21.x mergifyio doesn't work for some reason, so we just made #823 |
* fix(concourse): support old and new concourse auth Fixes concourse authentication for clusters >= v6.1.0 by detecting version and providing different implementation accordingly. Addresses issue: spinnaker/spinnaker#5797 * fix(concourse): support old and new concourse auth Sending basic auth header to /info endpoint causes 401 Addresses issue: spinnaker/spinnaker#5797 Co-authored-by: Jared Stehler <jared.stehler@edgenuity.com>
* fix(concourse): support old and new concourse auth Fixes concourse authentication for clusters >= v6.1.0 by detecting version and providing different implementation accordingly. Addresses issue: spinnaker/spinnaker#5797 * fix(concourse): support old and new concourse auth Sending basic auth header to /info endpoint causes 401 Addresses issue: spinnaker/spinnaker#5797 Co-authored-by: Jared Stehler <jared.stehler@edgenuity.com>
* fix(concourse): support old and new concourse auth Fixes concourse authentication for clusters >= v6.1.0 by detecting version and providing different implementation accordingly. Addresses issue: spinnaker/spinnaker#5797 * fix(concourse): support old and new concourse auth Sending basic auth header to /info endpoint causes 401 Addresses issue: spinnaker/spinnaker#5797 Co-authored-by: Jared Stehler <jared.stehler@edgenuity.com> Co-authored-by: Jared Stehler <jared.stehler@gmail.com> Co-authored-by: Jared Stehler <jared.stehler@edgenuity.com>
* fix(concourse): support old and new concourse auth Fixes concourse authentication for clusters >= v6.1.0 by detecting version and providing different implementation accordingly. Addresses issue: spinnaker/spinnaker#5797 * fix(concourse): support old and new concourse auth Sending basic auth header to /info endpoint causes 401 Addresses issue: spinnaker/spinnaker#5797 Co-authored-by: Jared Stehler <jared.stehler@edgenuity.com> Co-authored-by: Jared Stehler <jared.stehler@gmail.com> Co-authored-by: Jared Stehler <jared.stehler@edgenuity.com>
Command
|
Command
|
Command
|
Fixes concourse authentication for clusters >= v6.1.0 by detecting version and providing different implementation accordingly.
Addresses issue: spinnaker/spinnaker#5797