Skip to content

Spike/federation test endpoint#145

Closed
alukach wants to merge 3 commits into
feat/oidc-providerfrom
spike/federation-test-endpoint
Closed

Spike/federation test endpoint#145
alukach wants to merge 3 commits into
feat/oidc-providerfrom
spike/federation-test-endpoint

Conversation

@alukach

@alukach alukach commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

What I'm changing

How I did it

How to test it

PR Checklist

  • This PR has no breaking changes.
  • I have updated or added new tests to cover the changes in this PR.
  • This PR affects the Source Cooperative Frontend & API,
    and I have opened issue/PR #XXX to track the change.

Related Issues

@alukach @claude
spike: /_test endpoint to validate OIDC->AWS federation
4ceda70 
Mints an RS256 OIDC assertion with the proxy's signing key, exchanges it at
AWS STS (AssumeRoleWithWebIdentity), and lists a bucket with the returned
temporary credentials via a self-contained SigV4 GET. Returns a step-by-step
JSON trace for debugging. Role ARN / bucket / region / audience / subject are
hardcoded constants at the top of src/federation_test.rs.

Throwaway spike for the federated-backend-auth design - do not merge.
Companion to #140.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown

🚀 Latest commit deployed to https://source-data-proxy-pr-145.source-coop.workers.dev

  • Date: 2026-06-03T03:56:21Z
  • Commit: b6184a6

@alukach alukach changed the base branch from main to feat/oidc-provider June 3, 2026 03:53
@alukach

alukach commented Jun 3, 2026

Copy link
Copy Markdown
Contributor Author

Confirmed working:

▶ curl --silent https://source-data-proxy-pr-145.source-coop.workers.dev/_test | jq
{
  "config": {
    "audience": "source-coop-data-proxy",
    "bucket": "alukach-demo-bucket",
    "discovery_url": "https://source-data-proxy-pr-145.source-coop.workers.dev/.well-known/openid-configuration",
    "issuer_used": "https://source-data-proxy-pr-145.source-coop.workers.dev",
    "region": "us-west-2",
    "role_arn": "arn:aws:iam::470592060578:role/test-data-source-coop-oidc",
    "subject": "scv1:conn:test:federation-spike"
  },
  "mint_token": {
    "ok": true
  },
  "s3_list": {
    "keys": [
      "aschild_verify.txt"
    ],
    "ok": true,
    "raw": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<ListBucketResult xmlns=\"http://s3.amazonaws.com/doc/2006-03-01/\"><Name>alukach-demo-bucket</Name><Prefix></Prefix><KeyCount>1</KeyCount><MaxKeys>100</MaxKeys><IsTruncated>false</IsTruncated><Contents><Key>aschild_verify.txt</Key><LastModified>2026-06-03T03:58:26.000Z</LastModified><ETag>&quot;b40c8a7d89ca5c2cdd026e04beacf043&quot;</ETag><ChecksumAlgorithm>CRC64NVME</ChecksumAlgorithm><ChecksumType>FULL_OBJECT</ChecksumType><Size>913</Size><StorageClass>STANDARD</StorageClass></Contents></ListBucketResult>",
    "status": 200
  },
  "sts": {
    "access_key_id": "ASIAW3ELY7SRPSG2R74Y",
    "expiration": "2026-06-03T04:22:37Z",
    "ok": true
  }
}

This was referenced Jun 3, 2026
Open
Open
@alukach alukach closed this Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alukach