Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to Panda v7 - support key rotation #27493

Merged
merged 1 commit into from
Sep 24, 2024

Conversation

rtyley
Copy link
Member

@rtyley rtyley commented Sep 19, 2024

This upgrades Panda from v5 to v7, allowing us to use key rotation as introduced with guardian/pan-domain-authentication#150.

  • Panda v6 updates:

See also:

Panda was re-introduced to Frontend with #27012 in May 2024, where it became the authentication system around pages like https://frontend.gutools.co.uk/.

Testing

This has been successfully deployed to CODE, and I've verified that I can successfully re-authenticate at https://frontend.code.dev-gutools.co.uk/admin:

Screen.Recording.2024-09-17.at.12.42.11.mov

@rtyley rtyley force-pushed the upgrade-to-panda-v7-support-key-rotation branch from 73841e1 to 6d93f23 Compare September 19, 2024 15:51
This upgrades Panda from v5 to v7, allowing us to use key rotation as introduced with
guardian/pan-domain-authentication#150.

See also guardian/pan-domain-authentication#160.
@rtyley rtyley force-pushed the upgrade-to-panda-v7-support-key-rotation branch from 6d93f23 to 65226f6 Compare September 19, 2024 16:03
Comment on lines -57 to +61
override lazy val panDomainSettings =
new PanDomainAuthSettingsRefresher(
domain = toolsDomainSuffix,
system,
bucketName = "pan-domain-auth-settings",
settingsFileKey = s"$toolsDomainSuffix.settings",
s3Client,
)
override lazy val panDomainSettings = PanDomainAuthSettingsRefresher(
domain = toolsDomainSuffix,
system,
S3BucketLoader.forAwsSdkV1(s3Client, "pan-domain-auth-settings"),
)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR:

...introduced the new S3BucketLoader abstraction, which simplifies constructing a PanDomainAuthSettingsRefresher and means that Panda is no longer tied to AWS SDK v1 - an alternative AWS SDK v2 implementation of S3BucketLoader could be introduced.

@rtyley rtyley marked this pull request as ready for review September 20, 2024 10:59
@rtyley rtyley requested a review from a team as a code owner September 20, 2024 10:59
Copy link
Contributor

@DanielCliftonGuardian DanielCliftonGuardian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@rtyley rtyley merged commit 0bdc86b into main Sep 24, 2024
6 checks passed
@rtyley rtyley deleted the upgrade-to-panda-v7-support-key-rotation branch September 24, 2024 11:28
@prout-bot
Copy link
Collaborator

Seen on FRONTS-PROD (merged by @rtyley 12 minutes and 7 seconds ago)

@prout-bot
Copy link
Collaborator

Seen on ADMIN-PROD (merged by @rtyley 12 minutes and 13 seconds ago)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants