Skip to content

feat: add OAuth2 password grant support for event generator log-cache access#1265

Open
bonzofenix wants to merge 3 commits into
mainfrom
split/oauth2-password-grant
Open

feat: add OAuth2 password grant support for event generator log-cache access#1265
bonzofenix wants to merge 3 commits into
mainfrom
split/oauth2-password-grant

Conversation

@bonzofenix

@bonzofenix bonzofenix commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Adds OAuth2 resource owner password grant support to the CF client and event generator, enabling log-cache access via user credentials instead of client credentials.

Changes

  • cf/config.go: Add password grant fields to CF client configuration
  • cf/cfclient_wrapper.go: Support password grant in CF client wrapper
  • models/uaa_creds.go: New UaaCreds model for password grant config
  • eventgenerator/metric/cf_oauth2_client.go: New OAuth2 token client with thundering-herd prevention (sync.Once)
  • eventgenerator/metric/fetcher_factory.go: Wire password grant into fetcher factory

Testing

  • Full unit test coverage for cf_oauth2_client (490 lines)
  • Updated fetcher_factory tests
  • Updated CF config tests

Part 1 of 4 — Split from #1149 for easier review.

  1. This PR — OAuth2 password grant (code)
  2. feat: add OrgManager user support to acceptance test framework #1266 — Acceptance test OrgManager support (test framework)
  3. feat: support shared org and space-scoped broker for PR deployments #1267 — Deployment scripts: shared org + space-scoped broker
  4. ci: wire shared org deployment into CI/CD workflows #1268 — CI/CD workflows wiring

@bonzofenix
feat: add OAuth2 password grant support for event generator log-cache…
667a1fd 
… access

- Add password grant support to CF client configuration
- New cf_oauth2_client for event generator to authenticate via resource owner password grant
- Prevent thundering herd in token refresh with sync.Once pattern
- Update fetcher factory to support password grant credentials
- Add UaaCreds model for password grant configuration
This was referenced Jun 17, 2026
Open
Open
Open
@bonzofenix
refactor: simplify oauth2 password grant code
3a3077f 
- Inline validateAPI() into Validate() — single call site, no reuse benefit
- Precompute tokenURL and basicAuthHeader in CFOauth2HTTPClient constructor
- Use models.GrantTypePassword constant instead of hardcoded "password" string
- Add missing tests: UAACreds.IsPasswordGrant and introspect Basic auth header
@bonzofenix
fix: resolve reviewdog CI failure
6997d52 
- Remove extra blank line at cf/cfclient_wrapper_test.go:281 that caused gofmt formatting violation
@sonarqubecloud

sonarqubecloud Bot commented Jun 17, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bonzofenix