plugin/rest: Add GCP metadata server support #2938
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kelseyhightower
force-pushed
the
gcp-metadata-auth
branch
from
d11fae9 to
3cdd195
Compare
srenatus
reviewed
Nov 23, 2020
|
|
||
| request.Header.Add("Metadata-Flavor", "Google") | ||
|
|
||
| timeout := time.Duration(5) * time.Second |
There was a problem hiding this comment.
This hardcoded 5s looks weird. I suppose we could also use c.ResponseHeaderTimeoutSeconds? https://github.com/open-policy-agent/opa/pull/2938/files#diff-99a9ce78de44f106d9f1ade633bb6c6f425af0e6704663032abb475bb00f3d37R83
Not worse than
Lines 308 to 309 in 5c6c963
I guess there's some potential for improving the timeout config here cross the different plugins. Outside of the scope of this PR, of course.
kelseyhightower
force-pushed
the
gcp-metadata-auth
branch
3 times, most recently
from
94540e6 to
459ebd0
Compare
srenatus
previously approved these changes
Nov 23, 2020
Adds support for fetching access and identity tokens from a GCP metadata server. Identity tokens are used to authenticate to third party applications running behind Google authentication proxies such as containers deployed to Google's Cloud Run. Access tokens are used to authenticate to first party GCP services such as Google Cloud Storage. Signed-off-by: Kelsey Hightower <kelsey.hightower@gmail.com>
kelseyhightower
force-pushed
the
gcp-metadata-auth
branch
from
ae9628d to
28b566b
Compare
This was referenced Nov 1, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds support for fetching access and identity tokens from a GCP
metadata server. Identity tokens are used to authenticate to third
party applications running behind Google authentication proxies
such as containers deployed to Google's Cloud Run.
Access tokens are used to authenticate to first party GCP services
such as Google Cloud Storage.
Signed-off-by: Kelsey Hightower kelsey.hightower@gmail.com