This document explains the changes made to the export client to require identity headers for CreateExport calls.
The export client has been modified to require Red Hat Identity headers when making CreateExport requests to the export service. This ensures that export requests are properly authenticated and associated with the correct user and organization.
Before:
func (c *Client) CreateExport(ctx context.Context, req ExportRequest) (*ExportStatusResponse, error)After:
func (c *Client) CreateExport(ctx context.Context, req ExportRequest, identityHeader string) (*ExportStatusResponse, error)A new method was added to generate identity headers from organization ID and username:
func (c *Client) GenerateIdentityHeader(orgID, username string) (string, error)This method creates a base64-encoded identity header in the format expected by Red Hat services:
{
"identity": {
"account_number": "000001",
"org_id": "user-org-id",
"type": "User",
"auth_type": "jwt-auth",
"internal": {
"org_id": "user-org-id"
},
"user": {
"username": "user-username",
"user_id": "user-username-id"
}
}
}A new internal method was added to create HTTP requests with custom identity headers:
func (c *Client) createRequestWithIdentity(ctx context.Context, method, endpoint string, body interface{}, identityHeader string) (*http.Request, error)The job executor now generates identity headers when creating exports:
// Generate identity header for the export request
identityHeader, err := e.exportClient.GenerateIdentityHeader(job.OrgID, job.Username)
if err != nil {
return fmt.Errorf("failed to generate identity header: %w", err)
}
// Create the export
result, err := e.exportClient.CreateExport(ctx, req, identityHeader)client := export.NewClient("https://export-service/api/v1", "000001", "org123")
// Generate identity header
identityHeader, err := client.GenerateIdentityHeader("org123", "john.doe")
if err != nil {
return err
}
// Create export with identity
req := export.ExportRequest{
Name: "My Export",
Format: export.FormatJSON,
Sources: []export.Source{
{
Application: export.AppAdvisor,
Resource: "recommendations",
},
},
}
result, err := client.CreateExport(ctx, req, identityHeader)When jobs are executed, the identity header is automatically generated from the job's organization ID and username:
// This happens automatically in the job executor
identityHeader, err := e.exportClient.GenerateIdentityHeader(job.OrgID, job.Username)
result, err := e.exportClient.CreateExport(ctx, req, identityHeader)- Authentication: All export requests now include proper Red Hat identity information
- Authorization: Export service can validate the user's permissions
- Audit Trail: Export requests are associated with specific users and organizations
- Multi-Tenancy: Ensures exports are created within the correct organizational context
All tests have been updated to use the new CreateExport signature:
func TestClient_CreateExport(t *testing.T) {
client := NewClient(server.URL, "123456", "org123")
// Generate identity header for the test
identityHeader, err := client.GenerateIdentityHeader("org123", "testuser")
if err != nil {
t.Fatalf("GenerateIdentityHeader failed: %v", err)
}
result, err := client.CreateExport(context.Background(), req, identityHeader)
// ... rest of test
}A dedicated test was added to verify the GenerateIdentityHeader functionality:
func TestClient_GenerateIdentityHeader(t *testing.T) {
// Verifies that the identity header is properly formatted and contains correct data
}- The old
createRequestmethod is preserved for other API calls that use default identity - The
CreateExportmethod signature change is intentional and requires updating all callers - Examples and tests have been updated to demonstrate proper usage
Any existing code calling CreateExport will need to be updated to:
- Generate an identity header using
GenerateIdentityHeader(orgID, username) - Pass the identity header as the third parameter to
CreateExport
This ensures all export creation requests are properly authenticated with user context.