-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to Panda v7 - support key rotation #535
Conversation
7bbcb88
to
ecfaf18
Compare
8a075db
to
21ab1fc
Compare
ecfaf18
to
b248735
Compare
This upgrades Panda from v5 to v7, allowing us to use key rotation as introduced with guardian/pan-domain-authentication#150.
b248735
to
3b8d84a
Compare
val panDomainSettings = new PanDomainAuthSettingsRefresher( | ||
val panDomainSettings = PanDomainAuthSettingsRefresher( | ||
domain = config.pandaDomain, | ||
system = config.pandaSystemIdentifier, | ||
bucketName = config.pandaBucketName, | ||
settingsFileKey= config.pandaSettingsFileKey, | ||
s3Client = AWS.S3Client, | ||
S3BucketLoader.forAwsSdkV1(AWS.S3Client, "pan-domain-auth-settings") | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR:
...introduced the new S3BucketLoader
abstraction, which simplifies constructing a PanDomainAuthSettingsRefresher
and means that Panda is no longer tied to AWS SDK v1 - an alternative AWS SDK v2 implementation of S3BucketLoader
could be introduced.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think the recording is an incorrect attachment, but tested the auth dance in CODE and LGTM.
Darn, you're right, will remove... |
This upgrades Panda from v5 to v7, allowing us to use key rotation as introduced with guardian/pan-domain-authentication#150.
S3BucketLoader
abstraction, which simplifies constructing aPanDomainAuthSettingsRefresher
and means that Panda is no longer tied to AWS SDK v1 - an alternative AWS SDK v2 implementation ofS3BucketLoader
could be introduced.This PR sits on top of:
Testing
This has been successfully deployed to CODE, and I've checked that I'm able to re-authenticate with either the updated https://tagmanager.code.dev-gutools.co.uk/ or the unmodified https://composer.code.dev-gutools.co.uk/ - and they both accept each other's cookies.