Open jim-minter opened 6 years ago
Haishi2016
commented
6 years ago This is not in the spec. Spec states
Unless there is some out of band communication and agreement between a platform and a service broker, the marketplace MUST authenticate with the service broker using HTTP basic authentication.
So the broker you gave isn't following the spec.
jim-minter
commented
6 years ago I disagree. The spec clearly allows for the case where the platform and broker agree to authenticate via a different mechanism. It does not specify how that agreement should take place. It defines basic behaviour that must take place if authentication of any type is enabled. It warns that out of band agreement and non-basic authentication may lead to interoperability problems.
Bearer authentication is not uncommon; it is used extensively by Kubernetes.
You may decide that osb-checker won't help its users out of the box with authentication options such as Bearer, e.g. given that it is not explicitly mentioned in the spec, but that does not mean that brokers that use Bearer authentication are non-compliant. In this case, osb-checker would not be assisting with the evaluation of the compliance of such brokers, which seems to me to be a pity.
Haishi2016
commented
6 years ago The "out of band" agreements are reached outside the governance of the spec. and osb_checker is for checking against the spec. I'm reopening the issue because I don't want to disregard popularity of bearer token and k8s. If you have some ideas to create bearer authentication validation, please create a pull request.
https://github.com/openshift/origin/tree/master/pkg/templateservicebroker/servicebroker allows authentication via bearer token ("Authorization: Bearer" header). It'd be great if osb-checker could support this as well as basic and no-auth.