hail
hail copied to clipboard
Deprecate and remove hail API tokens in favor of OAuth access tokens
What happened?
#13131 Adds the ability for users to authenticate with the hail service using access tokens from their hail identity provider (GCP IAM or Azure AAD) instead of using tokens minted by the hail auth service. It does not, however, remove the old form of authentication. There are two actions that must be taken to fully remove the old authentication method:
- In #13131, the hail python client attempts to use the new
identity.json
cloud credentials for authentication, but falls back to the oldtokens.json
credentials if present. - The
auth
server still supports the old/api/v1alpha/login
endpoint. This is unused in the new authentication flow and should ultimately be removed.
Removing these old code paths can be done in a two-step process, first with deprecation/warnings (the user need only run hailctl auth login
to start using the new code paths) and then with removal of the old code paths. This issue is considered complete when the new code paths are removed.
Version
0.2.120
Relevant log output
No response