-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend oidc_cli security context generator to include calls to the v2… #20851
base: main
Are you sure you want to change the base?
Conversation
… API, remove idtoken security context generator, rename and consolidate tests and names accordingly Signed-off-by: Fittkau Luis <[email protected]>
Definitely a breaking change, but I can't add labels. |
Although the change is relatively small, b/c this is a break change and involves security. I wish to suggest that a proposal is needed for review and get approval from maintainers. If we reach a consensus to do this, there should also be some change needed in UI and Documentation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please write a proposal and get approval first.
Proposal: goharbor/community#250 |
This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days. |
Still relevant |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #20851 +/- ##
==========================================
+ Coverage 45.36% 46.23% +0.86%
==========================================
Files 244 247 +3
Lines 13333 13863 +530
Branches 2719 2867 +148
==========================================
+ Hits 6049 6409 +360
- Misses 6983 7117 +134
- Partials 301 337 +36
Flags with carried forward coverage won't be shown. Click here to find out more. |
This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days. |
Thank you for contributing to Harbor!
Comprehensive Summary of your change
Id Tokens can no longer be used to authenticate against the v2 API
Instead, basic auth with the CLI secret as password must be used.
The use of the OIDC ID token as a bearer token for authentication against the API is inconvenient since the ID token is hard to get as a normal user.
Issue being fixed
Fixes #14236
Please indicate you've done the following: