Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/8.0] Resource service supports API key authentication #3582

Merged
merged 1 commit into from
Apr 11, 2024
Merged

[release/8.0] Resource service supports API key authentication #3582

merged 1 commit into from
Apr 11, 2024

Conversation

drewnoakes
Copy link
Member

@drewnoakes drewnoakes commented Apr 11, 2024
edited by dotnet-policy-service bot
Loading

Manual backport of #3400.

Microsoft Reviewers: Open in CodeFlow

@drewnoakes
Resource service supports API key authentication (dotnet#3400)
c676ed8 
* Make CompareHelpers shared

* Resource service supports API keys

Unless unsecured, the app host will generate an API key and pass it to the dashboard via an environment variable. The dashboard then includes this key in a header for all gRPC calls. The app host's resource service validates that the expected key is received and rejects requests where the key is omitted.

* Remove test's exposure to ambient environment variables

* Review feedback

* Require authenticated user

* Renaming
@dotnet-policy-service dotnet-policy-service bot added the Servicing-consider Issue for next servicing release review label Apr 11, 2024
@danmoseley danmoseley added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Apr 11, 2024
@danmoseley
Copy link
Member

Approved, part of planned security work

@drewnoakes drewnoakes mentioned this pull request Apr 11, 2024
Merged
@RussKie RussKie enabled auto-merge (squash) April 11, 2024 04:52
@RussKie RussKie merged commit e0b62df into dotnet:release/8.0 Apr 11, 2024
8 checks passed
@drewnoakes drewnoakes deleted the backport/pr-3400-to-release/8.0 branch April 11, 2024 05:45
@danmoseley danmoseley mentioned this pull request Apr 12, 2024
Closed
@github-actions github-actions bot locked and limited conversation to collaborators May 11, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@RussKie RussKie RussKie approved these changes

@davidfowl davidfowl davidfowl approved these changes

@JamesNK JamesNK Awaiting requested review from JamesNK

@kvenkatrajan kvenkatrajan Awaiting requested review from kvenkatrajan

Assignees
No one assigned
Labels
area-dashboard Servicing-approved Approved for servicing release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@drewnoakes @danmoseley @davidfowl @RussKie