feat: Support pre-configured supertoken authentication #687
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
We want to run automated CI tests on a dockerized version of quetz (deployed with helm/Kubernetes). To be able to use the API there without any real user (e.g. authenticated via GitHub) we would like to be able to define a supertoken in the TOML config. It should act as an initial technical service account.
This token does not have to support all API endpoints (that could depend on an actual user being present). However, it should at least support creating new "real users" with username/password authentication (in our case https://github.com/mamba-org/quetz-sql-authenticator).
Changes
Introduce a new config element
users.supertoken
and allow theRules
class to bypass this token in the server role assertions.