Automatic util/http handling of dynamic credentials · renovatebot/renovate#11325

(1 comment) (19 reactions) (0 assignees)TypeScript (14,066 stars) (1,916 forks)batch import

help wantedpriority-3-medium

Description

What would you like Renovate to be able to do?

Support dynamic credentials such as for AWS CodeArtifact or ECR in a simpler and more generic manner.

If you have any ideas on how this should be implemented, please tell us here.

Instead of pushing credentials awareness up to the datasource layer, instead we could reuse the existing authType field to tell the http layer that a token or username/password is not your "regular" Bearer or Basic one. e.g. we could support authType=aws-ecr and authType=code-artifact. The datasource could be agnostic to it and the http layer is responsible for generating the "real" token to use in the auth headers, and maybe even caching it too.

Is this a feature you are interested in implementing yourself?

Yes

Contributor guide

Tech stack: typescriptnodejs
Domain: backendtoolingdevopsinfrastructure
Issue type: feature
Difficulty: 3
Estimated time: 1-2 days
Activity status: fresh
Clarity: mostly clear
Prerequisites: Understanding of Renovate's HTTP layerKnowledge of authentication mechanismsFamiliarity with AWS CodeArtifact/ECR
Newbie friendliness: 30
Research direction: Examine the existing http layer in Renovate, likely in packages/manager/http.ts, to understand how authType is currently used. Investigate how datasources like AWS ECR handle credentials. Design a mechanism to allow the http layer to dynamically generate tokens based on authType values. Consider caching and token refresh logic. No linked PRs or comments yet, so start by analyzing the codebase and proposing an implementation approach.