pccs: only pass ApiKey if it is set #475
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some endpoints on the api.trustedservices.intel.com site do not require an API token. The pcs_client code, however, will always set the Ocp-Apim-Subscription-Key HTTP header, even if it is the empty string. The server will reject the empty string as invalid, rather than prcessing it as an non-authenticated request. This leads to PCCS being unable to fetch PCK certs in an out of the box config unless the admin sets the API token, which should not be required for "LAZY" caching. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some endpoints on the api.trustedservices.intel.com site do not require an API token. The pcs_client code, however, will always set the Ocp-Apim-Subscription-Key HTTP header, even if it is the empty string. The server will reject the empty string as invalid, rather than prcessing it as an non-authenticated request.
This leads to PCCS being unable to fetch PCK certs in an out of the box config unless the admin sets the API token, which should not be required for "LAZY" caching.