Concourse
support old and new concourse auth (< and >= 6.1.0?) #5649
jaredstehler
started this conversation in
General
Replies: 2 comments
-
|
I found I was able to get authentication working again in igor with the following hack: index 1164e6b..b1b92c4 100644
--- a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/ConcourseClient.java
+++ b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/ConcourseClient.java
@@ -61,7 +61,7 @@ public class ConcourseClient {
@Override
public void intercept(RequestFacade request) {
refreshTokenIfNecessary();
- request.addHeader("Authorization", "bearer " + token.getAccessToken());
+ request.addHeader("Authorization", "bearer " + token.getIdToken());
}
};
@@ -101,16 +101,16 @@ public class ConcourseClient {
}
private void refreshTokenIfNecessary() {
- if (tokenExpiration.isBefore(ZonedDateTime.now())) {
- this.refreshToken();
- }
+// if (tokenExpiration.isBefore(ZonedDateTime.now())) {
+ this.refreshToken();
+// }
}
private Token refreshToken() {
token =
tokenService.passwordToken(
"password", user, password, "openid profile email federated:id groups");
- tokenExpiration = token.getExpiry();
+// tokenExpiration = token.getExpiry();
return token;
}
diff --git a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/OkHttpClientBuilder.java b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/OkHttpClientBuilder.java
index e406f97..65d2a15 100644
--- a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/OkHttpClientBuilder.java
+++ b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/OkHttpClientBuilder.java
@@ -119,7 +119,7 @@ public class OkHttpClientBuilder {
.request()
.newBuilder()
.header(
- "Authorization", "bearer " + refreshToken.get().getAccessToken())
+ "Authorization", "bearer " + refreshToken.get().getIdToken())
.build());
lastResponse.set(response);
}
@@ -171,7 +171,7 @@ public class OkHttpClientBuilder {
.request()
.newBuilder()
.header(
- "Authorization", "bearer " + refreshToken.get().getAccessToken())
+ "Authorization", "bearer " + refreshToken.get().getIdToken())
.build());
lastResponse.set(response);
}
diff --git a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/SkyService.java b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/SkyService.java
index a387762..adb0744 100644
--- a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/SkyService.java
+++ b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/SkyService.java
@@ -20,6 +20,6 @@ import retrofit.client.Response;
import retrofit.http.GET;
public interface SkyService {
- @GET("/sky/userinfo")
+ @GET("/api/v1/user")
Response userInfo();
}
diff --git a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/TokenService.java b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/TokenService.java
index 7d41abe..7282c5d 100644
--- a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/TokenService.java
+++ b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/TokenService.java
@@ -23,7 +23,7 @@ import retrofit.http.POST;
public interface TokenService {
@FormUrlEncoded
- @POST("/sky/token")
+ @POST("/sky/issuer/token")
Token passwordToken(
@Field("grant_type") String grantType,
@Field("username") String username,
diff --git a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/model/Token.java b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/model/Token.java
index 5d9a58c..a86d394 100644
--- a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/model/Token.java
+++ b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/model/Token.java
@@ -21,6 +21,6 @@ import lombok.Data;
@Data
public class Token {
- private String accessToken;
+ private String idToken;
private ZonedDateTime expiry;
}I believe I can clean this up and add a check on version. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
It looks like this endpoint changed in 16f4c66 In our current state we don't have a publicly supported API, so it's possible this will change again. Sorry, but I think the best bet right now is to change behavior based on the Concourse version. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Upgrading Concourse to 6.1.0 has broken authentication with Spinnaker, which uses the
/sky/tokenendpoint: https://github.com/spinnaker/igor/blob/master/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/client/TokenService.java#L24-L32error is:
Is there documentation on the new method for authenticating? Also, would you recommend doing a version check via
/api/v1/infoand branching based on that result, or is there a better way of supporting old and new concourse versions from igor?Beta Was this translation helpful? Give feedback.
All reactions