Open val500 opened 1 month ago
General naming question: the use of the word "client" suggests (to me at least) that we are authenticating machines rather than users (I am using the term "user" here broadly, it could refer to teams as well). It's not too important and I might be wrong, I am just querying what the intention is, i.e. what we are trying to convey with the term.
General naming question: the use of the word "client" suggests (to me at least) that we are authenticating machines rather than users (I am using the term "user" here broadly, it could refer to teams as well). It's not too important and I might be wrong, I am just querying what the intention is, i.e. what we are trying to convey with the term.
Alright, after reading around a little bit I retract that comment. We could be authenticating users, machines or applications and the general term used for all these is indeed "client". And, in our case, we could really be authenticating users (submitting jobs) or agents (requesting jobs) so a general term is what we need.
Description
In order to support authorized clients sending jobs to Testflinger with priority, we need some way to identify clients and their permissions. Every authorized client will have client_id and client-key(stored as a hash in the database) with a list of permissions. This PR adds a new endpoint which takes in a client_id and client-key and returns an encoded list of their permissions in the form of a JWT:
The JWT is then signed with a secret key, provided by the environment variable JWT_SIGNING_KEY, which is set in the charm config. The client can then use this token to submit privileged jobs.
Resolved issues
Resolves https://warthogs.atlassian.net/browse/CERTTF-370
Documentation
Documentation for the new endpoint was added in the server README and documentation regarding the new environment variable was added to the server configuration docs.
Web service API changes
GET /v1/authenticate/token/