Page MenuHomePhabricator

[comm-lib] Let BlobServiceClient accept service-to-service token
ClosedPublic

Authored by bartek on Sep 13 2024, 2:28 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 16, 11:52 AM
Unknown Object (File)
Fri, Nov 15, 8:40 AM
Unknown Object (File)
Fri, Nov 15, 12:57 AM
Unknown Object (File)
Thu, Nov 14, 1:01 PM
Unknown Object (File)
Thu, Nov 14, 12:59 PM
Unknown Object (File)
Sun, Nov 10, 11:11 AM
Unknown Object (File)
Oct 20 2024, 2:57 PM
Unknown Object (File)
Oct 20 2024, 2:57 PM
Subscribers

Details

Summary

Updated BlobServiceClient to accept service-to-service token requests. This means HTTP services that rely on this Blob client, can accept service-to-service token and pass it through to Blob Service.

In short, previously:

  • client -[CSAT]-> backup -[S2SToken]-> blob was possible
  • identity -[S2SToken]-> backup -[S2SToken]-> blob wasn't possible

This diff makes the latter possible too, by overriding the accepts_services_token() for BlobServiceClient.

Test Plan

Ran Backup and Blob locally, supplied Backup request with service-to-service token instead of CSAT, made sure the COMM_SERVICES_DISABLE_CSAT_VERIFICATION is disabled. Request succeeded.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable