Require different static token for using fleet-manager's Admin API

stackrox · Aug 9, 2022 · 40ed76b · 40ed76b
1 parent ee13acd
commit 40ed76b
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 1 deletion.
diff --git a/.openshift-ci/tests/e2e.sh b/.openshift-ci/tests/e2e.sh
@@ -23,6 +23,7 @@ if [[ "${OPENSHIFT_CI:-}" == "true" ]]; then
         export "${secret_name}"="${secret_value}"
     done
     export STATIC_TOKEN="${FLEET_STATIC_TOKEN:-}"
+    export STATIC_TOKEN_ADMIN="${FLEET_STATIC_TOKEN_ADMIN:-}"
     export QUAY_USER="${IMAGE_PUSH_USERNAME:-}"
     export QUAY_TOKEN="${IMAGE_PUSH_PASSWORD:-}"
     export CLUSTER_TYPE="openshift-ci"

diff --git a/e2e/e2e_test.go b/e2e/e2e_test.go
@@ -13,6 +13,7 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	openshiftRouteV1 "github.com/openshift/api/route/v1"
+	"github.com/stackrox/acs-fleet-manager/e2e/envtokenauth"
 	"github.com/stackrox/acs-fleet-manager/fleetshard/pkg/fleetmanager"
 	"github.com/stackrox/acs-fleet-manager/internal/dinosaur/constants"
 	"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/api/public"
@@ -66,7 +67,9 @@ var _ = Describe("Central", func() {
 		client, err = fleetmanager.NewClient(fleetManagerEndpoint, "cluster-id", auth)
 		Expect(err).ToNot(HaveOccurred())
 
-		adminClient, err = NewAdminClient(fleetManagerEndpoint, auth)
+		adminAuth, err := envtokenauth.CreateAuth("STATIC_TOKEN_ADMIN")
+		Expect(err).ToNot(HaveOccurred())
+		adminClient, err = NewAdminClient(fleetManagerEndpoint, adminAuth)
 		Expect(err).ToNot(HaveOccurred())
 
 	})

diff --git a/e2e/envtokenauth/auth_env_token.go b/e2e/envtokenauth/auth_env_token.go
@@ -0,0 +1,33 @@
+package envtokenauth
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+
+	"github.com/stackrox/acs-fleet-manager/fleetshard/pkg/fleetmanager"
+)
+
+// Implements the Auth interface for simple static token based authentication
+// while fetching the token from a custom environment variable.
+type envTokenAuth struct {
+	token string
+}
+
+// CreateAuth creates a new Auth instance which implements static token authentication
+// while fetching the token from the environment using the specified environment variable name.
+func CreateAuth(name string) (fleetmanager.Auth, error) {
+	token := os.Getenv(name)
+	if token == "" {
+		return nil, fmt.Errorf("no token named %q found in current environment", name)
+	}
+	return &envTokenAuth{
+		token: token,
+	}, nil
+}
+
+// AddAuth adds an Authorization header to the provided HTTP request.
+func (a *envTokenAuth) AddAuth(req *http.Request) error {
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", a.token))
+	return nil
+}