Skip to content

feat(confidentialhttp): Go SDK builders for AuthConfig#132

Draft
wentzeld wants to merge 1 commit into
mainfrom
signingExpansion
Draft

feat(confidentialhttp): Go SDK builders for AuthConfig#132
wentzeld wants to merge 1 commit into
mainfrom
signingExpansion

Conversation

@wentzeld

Copy link
Copy Markdown

Summary

  • Hand-written client_helpers.go with builders for all 8 signing methods.
  • New Send(runtime, req, opts...) convenience wrapper over generated SendRequest.

Blocked by: chainlink-protos signingExpansion PR.

Remove-before-merge

  • replace directive in confidentialhttp/go.mod pointing at local chainlink-protos.

  Adds ergonomic builders (WithApiKey, WithBasicAuth, WithBearerToken,
  WithHmacSha256, WithAwsSigV4, WithHmacCustom, WithOAuth2ClientCredentials,
  WithOAuth2RefreshToken) plus a Send() convenience wrapper over SendRequest.

  // remove before merge: replace directive pinning local chainlink-protos
@@ -0,0 +1,354 @@
package confidentialhttp

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be made a lot more ergonomic. For example, looking at basic auth, I would want to do

WithBasicAuth(name: string, password: *SecretIdentifier)
or
WithBasicAuth(name: *SecretIdentifier, password: *SecretIdentifier)

Maybe it can be generic for the name to allow either type.

Then, I would want it to template in a new name and automatically add it to the list of secrets to fetch for me.

// WithAwsSigV4("aws_ak", "aws_sk", "us-east-1", "execute-api")
// WithAwsSigV4("aws_ak", "aws_sk", "us-east-1", "s3",
// WithSessionToken("aws_st"), WithUnsignedPayload(true))
func WithAwsSigV4(accessKeyIDSecretName, secretAccessKeySecretName, region, service string, opts ...SigV4Option) *AuthConfig {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we want to make this compatible with the SDK, we can drop region and service, then extract it from the request. Since the call is made with the AWS client, it'll be fake signed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants