Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: look for vault cached token before login #544

Merged
merged 2 commits into from
Nov 8, 2023
Merged

fix: look for vault cached token before login #544

merged 2 commits into from
Nov 8, 2023

Conversation

DaThumpingRabbit
Copy link
Contributor

Description

This commit adds the check of the cached vault token before doing the authentication flow over again

Fixes: #536

Checklist

Please make sure that your PR fulfills the following requirements:

  • Reviewed the guidelines for contributing to this repository
  • The commit message follows the Conventional Commits Guidelines.
  • Tests for the changes have been updated
  • Are you adding dependencies? If so, please run go mod tidy -compat=1.17 to ensure only the minimum is pulled in.
  • Docs have been added / updated
  • Optional. My organization is added to USERS.md.

Type of Change

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • New tests
  • Build/CI related changes
  • Documentation content changes
  • Other (please describe)

Other information

@codecov-commenter
Copy link

codecov-commenter commented Sep 8, 2023

Codecov Report

Attention: Patch coverage is 85.29412% with 5 lines in your changes missing coverage. Please review.

Project coverage is 71.75%. Comparing base (61a4ef6) to head (9b76995).
Report is 19 commits behind head on main.

Files with missing lines Patch % Lines
pkg/utils/util.go 50.00% 4 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #544      +/-   ##
==========================================
+ Coverage   71.32%   71.75%   +0.43%     
==========================================
  Files          26       26              
  Lines        1953     1983      +30     
==========================================
+ Hits         1393     1423      +30     
  Misses        460      460              
  Partials      100      100              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@DaThumpingRabbit
Copy link
Contributor Author

@werne2j @jkayani
Can you please run the workflow again ?
I have added tests on the use of cached tokens
Thanks !

@DaThumpingRabbit
Copy link
Contributor Author

Hello @werne2j @jkayani
Any news on this ? Can you please run the workflow ?
Thank you 😄

@werne2j
Copy link
Member

werne2j commented Oct 24, 2023

@DaThumpingRabbit can you rebase your branch with main? Will run once up to date

@DaThumpingRabbit
Copy link
Contributor Author

Ah yes sorry I didn't notice the updates on the main branch, I just rebased it

@DaThumpingRabbit
Copy link
Contributor Author

Will you have a chance to review that ? I am waiting for this to reduce my vault lease consumption

@werne2j
Copy link
Member

werne2j commented Oct 25, 2023

@DaThumpingRabbit thanks for the PR. Looking it over, I think the approach I would like to see taken is to move all the token stuff (checking for and setting token) from the individual vault auth files to the vault backend https://github.com/argoproj-labs/argocd-vault-plugin/blob/main/pkg/backends/vault.go#L32.

We then call the v.AuthType.Authenticate func if can’t find a token, we can change that func to return the token and then call the set token func with that token.

@DaThumpingRabbit
Copy link
Contributor Author

I see, I started to do those changes, however, I think that the token storing part was delegated to the individual auth files because of the specific token use-case (where the vault client detects the variable itself)
Do you think I should still extract this part to the vault backend file and make an extra case for the token to be handled differently ?

@DaThumpingRabbit
Copy link
Contributor Author

Or if this seems cleaner to you, we could add a method to the AuthType type to indicate whether the storing / retrieving of the token should be considered (maybe a ShouldStoreToken function that returns a boolean and the vault backend conditions its behavior according to that)

@DaThumpingRabbit
Copy link
Contributor Author

@werne2j I just committed a proposition to remove duplicated code in the vault auth types as you mentioned by following the idea I posted above
Let me know if this isn't ok for you and I can revert this commit

@werne2j
Copy link
Member

werne2j commented Nov 5, 2023

@DaThumpingRabbit Looking back over it, i think going with the first strategy is fine. No need to over think it. If you want to roll back to that commit we can kick off the CI and try to get this into the next release

@DaThumpingRabbit
Copy link
Contributor Author

@werne2j Thanks for checking it, I just rolled back to the first solution as you said and I am ready on my side if you want to trigger the CI again and merge it !

@DaThumpingRabbit
Copy link
Contributor Author

@werne2j I am not sure I understand what went wrong with the pipeline on the mac tests
It doesn't look like something linked to what I added, what do you think ?

Copy link
Member

@werne2j werne2j left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants