Add support for multiple auth tokens to round robin requests through. (#87)

2024-11-04 03:52:31 +03:00 · 2020-12-02 07:59:43 -06:00 · 2020-12-02 07:59:43 -06:00 · 738f152a6c
commit 738f152a6c
parent c3dabb2cba
2 changed files with 20 additions and 21 deletions
--- a/k8s/cron.yaml
+++ b/k8s/cron.yaml
@ -16,28 +16,12 @@ spec:
            - /bin/sh
            - -c
            - ./cron/cron.sh
-            volumeMounts:
-            - name: github-app-key
-              mountPath: "/etc/github/"
-              readOnly: true
            env:
-            - name: GITHUB_APP_KEY_PATH
-              value: /etc/github/app_key
-            - name: GITHUB_APP_ID
+            - name: GITHUB_AUTH_TOKEN
              valueFrom:
                secretKeyRef:
                  name: github
-                  key: app_id
-            - name: GITHUB_APP_INSTALLATION_ID
-              valueFrom:
-                secretKeyRef:
-                  name: github
-                  key: installation_id
+                  key: token
            - name: GCS_BUCKET
              value: ossf-scorecards
-
-          volumes:
-          - name: github-app-key
-            secret:
-              secretName: github
          restartPolicy: OnFailure
--- a/roundtripper/roundtripper.go
+++ b/roundtripper/roundtripper.go
@ -23,7 +23,9 @@ import (
 	"net/url"
 	"os"
 	"strconv"
+	"strings"
 	"sync"
+	"sync/atomic"
 	"time"

 	"github.com/bradleyfalzon/ghinstallation"
@ -44,15 +46,28 @@ type RateLimitRoundTripper struct {
 	InnerTransport http.RoundTripper
 }

+type RoundRobinTokenSource struct {
+	counter      int64
+	AccessTokens []string
+}
+
+func (r *RoundRobinTokenSource) Token() (*oauth2.Token, error) {
+	c := atomic.AddInt64(&r.counter, 1)
+	index := c % int64(len(r.AccessTokens))
+	return &oauth2.Token{
+		AccessToken: r.AccessTokens[index],
+	}, nil
+}
+
 // NewTransport returns a configured http.Transport for use with GitHub
 func NewTransport(ctx context.Context, logger *zap.SugaredLogger) http.RoundTripper {

 	// Start with oauth
 	transport := http.DefaultTransport
 	if token := os.Getenv(GITHUB_AUTH_TOKEN); token != "" {
-		ts := oauth2.StaticTokenSource(
-			&oauth2.Token{AccessToken: token},
-		)
+		ts := &RoundRobinTokenSource{
+			AccessTokens: strings.Split(token, ","),
+		}
 		transport = oauth2.NewClient(ctx, ts).Transport
 	} else if key_path := os.Getenv(GITHUB_APP_KEY_PATH); key_path != "" { // Also try a GITHUB_APP
 		app_id, err := strconv.Atoi(os.Getenv(GITHUB_APP_ID))