new updateCheck API with auth

[scrajesh]

• new /auth/updateCheck api requires SSO auth token to get authorized
• this new API if authenticated, it supplies updates of any package as per the incoming request
• the existing /updateCheck supply updates only to those packages that are public
• Packages those required authentication to get an upgrade can be protected through CCM configs packsProtected
• above CCM config will have the deployment keys of the packages to be protected

[datvong-wm]

who's calling /auth/updateCheck ? are they creating a custom ota client? where's the sso part of this code?

[jchip]

So this change basically says, if updateCheck is requested at route /auth/updateCheck for a package that's been listed in CCM as protected, then return 401.

So how does a protected package get authed and goes through? I don't see any code for doing auth work. Is that already existing or something?

[scrajesh]

no tests

added unit tests for isProtected()

added basic tests for the updateCheck route handler

[scrajesh]

So this change basically says, if updateCheck is requested at route /auth/updateCheck for a package that's been listed in CCM as protected, then return 401.

So how does a protected package get authed and goes through? I don't see any code for doing auth work. Is that already existing or something?

Actually if /updateCheck is trying to access a protected package, it issues 401. Auth is implemented in Walmart's instance of the OTA Server.

[scrajesh]

who's calling /auth/updateCheck ? are they creating a custom ota client? where's the sso part of this code?

Yes, it has to be a custom OTA client(will explore more on this). SSO part can be found in Walmart's instance of the OTA Server.