changed the config of the API_CLIENTS to be more easily configurable and reused.

Having dictionary keys being secrets is complicated to do for many automation tools like ansible, where (yaml-) keys need to be static strings. Using the key as a static token allows for easy token: {{secret}} configuration as well as getting the API-token for client services like {{ name.token }}, which is not possible/easy otherwise.

requested review from @julian

the cccv deployment does not seem to deploy API-keys (tbd). I tried to use it and it's a PITA to use, so I suggest we adapt it to be easier usable.

added 1 commit

• 73ef141c - changed the config of the API_CLIENTS to be more easily configurable and reused.

Compare with previous version

added 1 commit

• e6b22bc0 - changed the config of the API_CLIENTS to be more easily configurable and reused.

Compare with previous version

added 1 commit

• e4f05477 - changed the config of the API_CLIENTS to be more easily configurable and reused.

Compare with previous version

See #107 (closed) (part of the %v2.0.0 milestone). I think it would make more sense if you moved the API credentials to the database instead of changing the config schema.

However the current API credentials have a problem besides being difficult to use with Ansible: They don't have a client_id/name/whatever field. That is the reason why the current credential checking code iterates through all codes and compares them with a constant-time function.

API authentication generally requires some more though. Maybe we should combine API credentials with OAuth2 credentials.

resolved all threads

closed