-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove PGP endpoint auth requirement #4256
Remove PGP endpoint auth requirement #4256
Conversation
internal/pkg/api/handlePGPRequest.go
Outdated
@@ -52,10 +53,9 @@ func (pt *PGPRetrieverT) handlePGPKey(zlog zerolog.Logger, w http.ResponseWriter | |||
return ErrTLSRequired | |||
} | |||
key, err := authAPIKey(r, pt.bulker, pt.cache) | |||
if err != nil { | |||
return err | |||
if err == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Asking out of curiosity; what is the reason we are leaving the authAPIKey call in here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in order to log the api key id if one is present; but i'll remove this so we don't have to make another request in order to authenticate the key
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good to me. I just have a question about the authAPIKey call.
Quality Gate passedIssues Measures |
Remove PGP endpoint auth requirement (cherry picked from commit 4915d7c)
Remove PGP endpoint auth requirement (cherry picked from commit 4915d7c)
Remove PGP endpoint auth requirement (cherry picked from commit 4915d7c)
Remove PGP endpoint auth requirement (cherry picked from commit 4915d7c) Co-authored-by: Michel Laterman <[email protected]>
Remove PGP endpoint auth requirement (cherry picked from commit 4915d7c) Co-authored-by: Michel Laterman <[email protected]>
Remove PGP endpoint auth requirement (cherry picked from commit 4915d7c) Co-authored-by: Michel Laterman <[email protected]>
What is the problem this PR solves?
Air gapped agents are unable to retreive PGP key from fleet-server.
How does this PR solve the problem?
Remove auth key requirement from PGP retrieval endpoint
Design Checklist
I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.Checklist
I have commented my code, particularly in hard-to-understand areasI have made corresponding changes to the documentationI have made corresponding change to the default configuration files./changelog/fragments
using the changelog toolRelated issues