Skip to content

ref(auth): read public keys from files on init #243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jan-auer merged 2 commits into from
Dec 17, 2025
Merged

ref(auth): read public keys from files on init #243

jan-auer merged 2 commits into from
Dec 17, 2025

Conversation

@matt-codecov
Copy link
Contributor

@matt-codecov matt-codecov commented Dec 16, 2025
edited
Loading

we will mount k8s secrets as files. our config schema must therefore be updated to take key files rather than key material.

additionally, a PublicKeyDirectory struct is now created on service initialization which pre-reads the key files and pre-parses them into DecodingKeys.

related to https://github.com/getsentry/ops/pull/18477

Ref FS-160
Ref FS-161

@matt-codecov matt-codecov requested a review from a team as a code owner December 16, 2025 03:22
@matt-codecov matt-codecov mentioned this pull request Dec 16, 2025
Merged
@linear
Copy link

linear bot commented Dec 16, 2025

FS-160 Implement (optional) JWT in Server

FS-161 Configure JWT in S4S

@jan-auer jan-auer enabled auto-merge (squash) December 17, 2025 20:35
@jan-auer jan-auer merged commit e6dd4ea into main Dec 17, 2025
19 checks passed
@jan-auer jan-auer deleted the matt/auth-key-files branch December 17, 2025 20:36
matt-codecov added a commit that referenced this pull request Dec 18, 2025
@matt-codecov
tests(client): enable authorization tokens in e2e client tests (#231)
20b1071 
depends on:
- #240
- #237
- #243

rust and python e2e tests now have authorization checks enabled. i added
new test cases to ensure requests fail when the token has the wrong
scope or wrong permissions, but currently the server throws 500 for any
issue so the tests can't actually assert 403 like they should

i am told the `.secret_scan_ignore` file should prevent our scanners
from yelling about the checked-in test keys. the format with escaped
slashes is strange but that's what was on the doc i was sent ¯\_(ツ)_/¯

Ref FS-202
jan-auer added a commit that referenced this pull request Dec 18, 2025
@jan-auer
Merge branch 'main' into ref/client-timeout-defaults
a8d27ab 
* main:
  tests(client): enable authorization tokens in e2e client tests (#231)
  feat(auth): python client support for bearer auth (#240)
  ref(auth): read public keys from files on init (#243)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jan-auer jan-auer jan-auer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matt-codecov @jan-auer