Auth plugin to be used for Galley dial out#11068
Auth plugin to be used for Galley dial out#11068jeffmendoza wants to merge 4 commits intoistio:release-1.1from
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: jeffmendoza If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
| } | ||
|
|
||
| grpcOpts := []grpc.DialOption{ | ||
| grpc.WithPerRPCCredentials(oauth.TokenSource{creds.TokenSource}), |
There was a problem hiding this comment.
oauth.TokenSource composite literal uses unkeyed fields (from govet)
| "golang.org/x/oauth2/google" | ||
| "google.golang.org/grpc" | ||
| "google.golang.org/grpc/credentials" | ||
| "google.golang.org/grpc/credentials/oauth" |
There was a problem hiding this comment.
File is not goimports-ed (from goimports)
| package none | ||
|
|
||
| import ( | ||
| "google.golang.org/grpc" |
There was a problem hiding this comment.
File is not goimports-ed (from goimports)
| "istio.io/istio/galley/pkg/authplugin" | ||
| ) | ||
|
|
||
| func returnAuth(config map[string]string) ([]grpc.DialOption, error) { |
There was a problem hiding this comment.
returnAuth - config is unused (from unparam)
|
/test istio-pilot-e2e-envoyv2-v1alpha3 |
|
Removed |
|
@jeffmendoza: The following tests failed, say
DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
| findDC = google.FindDefaultCredentials | ||
| } | ||
|
|
||
| func returnAuth(config map[string]string) ([]grpc.DialOption, error) { |
There was a problem hiding this comment.
It looks like we don't have a need for config for the time being. Should we remove that?
There was a problem hiding this comment.
Correct, it is not being used. The main reason we would want it is if we wanted to specify a service account file through config, instead of setting the GOOGLE_APPLICATION_CREDENTIALS env var.
Other auth plugins might want some sort of parameters as well.
|
Superseded by #11291 |
This interacts with #10834. A section will be added to the config file to allow specification of dial out including which type of auth to use. Auth will reference a plugin as specified in this PR. Config will include a string map to be passed to auth plugin.
Next step is to add an auth plugin that will use in-cluster mtls (if configured).