From f8a8b0d4550e425f30ef0604fd70ce5de33cc4f4 Mon Sep 17 00:00:00 2001
From: Sjur <mariatsji@users.noreply.github.com>
Date: Thu, 5 Dec 2024 15:07:24 +0100
Subject: [PATCH] fix: contain entire auth header in ProviderConfig (#51)

---
 internal/controller/group/group.go | 9 ++++-----
 internal/sdk/cloudian/sdk.go       | 8 ++++----
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/internal/controller/group/group.go b/internal/controller/group/group.go
index de6eb1b5..28aeb002 100644
--- a/internal/controller/group/group.go
+++ b/internal/controller/group/group.go
@@ -18,7 +18,6 @@ package group
 
 import (
 	"context"
-	"encoding/base64"
 	"fmt"
 
 	"github.com/pkg/errors"
@@ -52,9 +51,9 @@ const (
 type NoOpService struct{}
 
 var (
-	newCloudianService = func(providerConfig *apisv1alpha1.ProviderConfig, authHeader []byte) (*cloudian.Client, error) {
+	newCloudianService = func(providerConfig *apisv1alpha1.ProviderConfig, authHeader string) (*cloudian.Client, error) {
 		// FIXME: Don't require InsecureSkipVerify
-		return cloudian.NewClient(providerConfig.Spec.Endpoint, true, base64.StdEncoding.EncodeToString(authHeader)), nil
+		return cloudian.NewClient(providerConfig.Spec.Endpoint, true, authHeader), nil
 	}
 )
 
@@ -91,7 +90,7 @@ func Setup(mgr ctrl.Manager, o controller.Options) error {
 type connector struct {
 	kube         client.Client
 	usage        resource.Tracker
-	newServiceFn func(providerConfig *apisv1alpha1.ProviderConfig, authHeader []byte) (*cloudian.Client, error)
+	newServiceFn func(providerConfig *apisv1alpha1.ProviderConfig, authHeader string) (*cloudian.Client, error)
 }
 
 // Connect typically produces an ExternalClient by:
@@ -120,7 +119,7 @@ func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.E
 		return nil, errors.Wrap(err, errGetCreds)
 	}
 
-	svc, err := c.newServiceFn(pc, authHeader)
+	svc, err := c.newServiceFn(pc, string(authHeader))
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}
diff --git a/internal/sdk/cloudian/sdk.go b/internal/sdk/cloudian/sdk.go
index 9730fc7e..a7300cb8 100644
--- a/internal/sdk/cloudian/sdk.go
+++ b/internal/sdk/cloudian/sdk.go
@@ -15,7 +15,7 @@ import (
 type Client struct {
 	baseURL    string
 	httpClient *http.Client
-	token      string
+	authHeader string
 }
 
 type Group struct {
@@ -41,13 +41,13 @@ type User struct {
 
 var ErrNotFound = errors.New("not found")
 
-func NewClient(baseUrl string, tlsInsecureSkipVerify bool, tokenBase64 string) *Client {
+func NewClient(baseUrl string, tlsInsecureSkipVerify bool, authHeader string) *Client {
 	return &Client{
 		baseURL: baseUrl,
 		httpClient: &http.Client{Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: tlsInsecureSkipVerify}, // nolint:gosec
 		}},
-		token: tokenBase64,
+		authHeader: authHeader,
 	}
 }
 
@@ -258,7 +258,7 @@ func (client Client) newRequest(ctx context.Context, url string, method string,
 	}
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", "Basic "+client.token)
+	req.Header.Set("Authorization", client.authHeader)
 
 	return req, nil
 }