Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow using a custom service account on an ipc-registration. #461

Merged
merged 2 commits into from
Nov 25, 2024
Merged

Allow using a custom service account on an ipc-registration. #461

merged 2 commits into from
Nov 25, 2024

Conversation

ensonic
Copy link
Contributor

@ensonic ensonic commented Nov 22, 2024

One can already configure a custom service account by using the annotation on the configmap. The api will be added in teh next changes.

@ensonic
Allow using a custom service account on an ipc-registration.
871ae06 
One can already configure a custom service account by using the annotation on
the configmap. The api will be added in teh next changes.
@ensonic ensonic requested a review from csieber November 22, 2024 15:53
@ensonic
Copy link
Contributor Author

ensonic commented Nov 22, 2024

Mostly FYI (and to save my changes).

ensonic
ensonic commented Nov 22, 2024
View reviewed changes
src/go/cmd/token-vendor/app/tokenvendor.go
if err != nil {
return nil, errors.Wrapf(err, "failed to retrieve a cloud token for device %q", deviceID)
}
slog.Info("Handing out cloud token", slog.String("DeviceID", deviceID))
slog.Info("Handing out cloud token", slog.String("DeviceID", deviceID), slog.String("ServiceAccount", sa))
Copy link
Contributor Author

@ensonic ensonic Nov 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logging this here is not so nice, as this part of the code does not know about the fallback-service account and the TokenSource does not log at all and does not know the DeviceId. Also the token-repo does not know about the fallback sa-name, maybe passing it there is the best option.
Ideally we log only one per invocation.

csieber
csieber approved these changes Nov 22, 2024
View reviewed changes
src/go/cmd/token-vendor/app/tokenvendor.go Outdated Show resolved Hide resolved
src/go/cmd/token-vendor/repository/k8s/k8s.go Outdated Show resolved Hide resolved
src/go/cmd/token-vendor/tokensource/gcp.go Outdated Show resolved Hide resolved
@ensonic
Copy link
Contributor Author

ensonic commented Nov 25, 2024
edited
Loading

PTAL. Maybe as a followup I pass the defaultSA to the tokenvendor app and not to the token source. Then the token source is just receiving the sa-name and getting a token for it. That also fixes the logging issue. WDYT?

@csieber
Copy link
Contributor

csieber commented Nov 25, 2024

PTAL. Maybe as a followup I pass the defaultSA to the tokenvendor app and not to the token source. Then the token source is just receiving the sa-name and getting a token for it. That also fixes the logging issue. WDYT?

Maybe two arguments. func(contect.Context, string) (*TokenSource, error) and default service account.

@ensonic
Add repository.go to contain the api and a Key struct.
fe01b1f 
This avoids returning multiple values.
@ensonic
Copy link
Contributor Author

ensonic commented Nov 25, 2024

PTAL. Maybe as a followup I pass the defaultSA to the tokenvendor app and not to the token source. Then the token source is just receiving the sa-name and getting a token for it. That also fixes the logging issue. WDYT?

Maybe two arguments. func(contect.Context, string) (*TokenSource, error) and default service account.

Yep, I'll do in a followup.

@ensonic ensonic enabled auto-merge (squash) November 25, 2024 14:48
@ensonic ensonic merged commit 19b76a6 into main Nov 25, 2024
6 checks passed
@ensonic ensonic deleted the ensonic/custom-sa branch November 25, 2024 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csieber csieber csieber approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ensonic @csieber