-
Notifications
You must be signed in to change notification settings - Fork 556
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to Panda v7 - support key rotation #27493
Conversation
73841e1
to
6d93f23
Compare
This upgrades Panda from v5 to v7, allowing us to use key rotation as introduced with guardian/pan-domain-authentication#150. See also guardian/pan-domain-authentication#160.
6d93f23
to
65226f6
Compare
override lazy val panDomainSettings = | ||
new PanDomainAuthSettingsRefresher( | ||
domain = toolsDomainSuffix, | ||
system, | ||
bucketName = "pan-domain-auth-settings", | ||
settingsFileKey = s"$toolsDomainSuffix.settings", | ||
s3Client, | ||
) | ||
override lazy val panDomainSettings = PanDomainAuthSettingsRefresher( | ||
domain = toolsDomainSuffix, | ||
system, | ||
S3BucketLoader.forAwsSdkV1(s3Client, "pan-domain-auth-settings"), | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR:
...introduced the new S3BucketLoader
abstraction, which simplifies constructing a PanDomainAuthSettingsRefresher
and means that Panda is no longer tied to AWS SDK v1 - an alternative AWS SDK v2 implementation of S3BucketLoader
could be introduced.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Seen on FRONTS-PROD (merged by @rtyley 12 minutes and 7 seconds ago)
|
Seen on ADMIN-PROD (merged by @rtyley 12 minutes and 13 seconds ago)
|
This upgrades Panda from v5 to v7, allowing us to use key rotation as introduced with guardian/pan-domain-authentication#150.
S3BucketLoader
abstraction, which simplifies constructing aPanDomainAuthSettingsRefresher
and means that Panda is no longer tied to AWS SDK v1 - an alternative AWS SDK v2 implementation ofS3BucketLoader
could be introduced.See also:
Panda was re-introduced to Frontend with #27012 in May 2024, where it became the authentication system around pages like https://frontend.gutools.co.uk/.
Testing
This has been successfully deployed to CODE, and I've verified that I can successfully re-authenticate at https://frontend.code.dev-gutools.co.uk/admin:
Screen.Recording.2024-09-17.at.12.42.11.mov