Support automatic JWT generation for pipeline or other batch workloads

[erikerlandson]

One use case we will need is the ability to automatically reprovision JWT tokens with finite lifetime, for use by pipelines.

[erikerlandson]

talk reference from OSS: https://sched.co/146gO

[HumairAK]

Might be able to leverage: https://dexidp.io/docs/id-tokens/#refresh-tokens

@redmikhail also pointed out: https://github.com/observatorium/token-refresher

FYI: current auth service used to get jwt for trino: https://github.com/HumairAK/dex-auth-service

[HeatherAck]

Cannot run test cases via GitHub actions. Need the JWT tokens automated for testing purposes. (see line 40 of https://github.com/os-climate/ITR/blob/develop/test/test_vault_providers.py for example). connector between ITR tool and Data Commons. Running as dash; github actions - pytest - need service account created. maybe use oauth or osc-ingest tools with additional parameters. github actions to get environment variables - that lasts for X period of time.

[HeatherAck]

this is one aspect of creating a production data pipeline. Need to have a service account to provide automation functionality (system currently only supports manual)

[HeatherAck]

@ryanaslett look at vault as potential solution

[HeatherAck]

@redmikhail to look at length of time to store credentials

[HeatherAck]

@redmikhail to review the week of 15-May

[HeatherAck]

for more info: https://github.com/os-climate/ITR/blob/develop/test/test_vault_providers.py - Need a profile for ArgoCD service account to run the test case. Needs different users with different permissions based on access permissions/rights.