PR comments + remove gh secrets thanks to repo visiblity change

.gitignore

@@ -26,6 +26,3 @@ qa-lxd
 /cloudinit.temp.yaml
 
 local/traefik/certs/ca.srl
-
-ghpat
-ghuser

Makefile

@@ -11,9 +11,6 @@ GIT_VERSION := $(shell git describe --abbrev=0 --dirty)
 GO_VERSION := $(shell go list -f {{.GoVersion}} -m)
 ARCH := $(shell dpkg --print-architecture)
 
-GH_USER = $(shell git config user.name)
-GH_PAT = $(shell echo url=https://github.com/git/git.git | git credential fill | head -4 | tail -1 | cut -d '=' -f2)
-
 default: build
 
 build: version/commit.txt version/version.txt
@@ -35,18 +32,14 @@ clean:
 certs:
 	@cd local/traefik/certs; ./certs.sh; cd -
 
-secrets:
-	@echo ${GH_USER} > ./local/ghuser
-	@echo ${GH_PAT} > ./local/ghpat
-
 test-env: sys-deps certs
 	@touch ./local/vault/approle.json && touch ./local/vault/roleid.txt && touch ./local/vault/vault.env
 	@docker compose up --force-recreate -d --wait
 
 test-env-cleanup:
 	@docker compose down -v --remove-orphans
 
-dev-env-setup: sys-deps certs secrets
+dev-env-setup: sys-deps certs
 	@touch ./local/vault/approle.json && touch ./local/vault/roleid.txt && touch ./local/vault/vault.env
 	@make version/commit.txt && make version/version.txt
 
@@ -150,6 +143,6 @@ help:
 	@echo 'make rock - Build the JIMM rock.'
 	@echo 'make load-rock - Load the most recently built rock into your local docker daemon.'
 
-.PHONY: build check install release clean format server simplify sys-deps help FORCE certs secrets
+.PHONY: build check install release clean format server simplify sys-deps help FORCE
 
 FORCE:

docker-compose.yaml

@@ -31,9 +31,8 @@ services:
       - bash
       - -c
       - >-
-        echo "machine github.com login $(cat ./local/ghuser) password $(cat ./local/ghpat)" > /root/.netrc && chmod 600 /root/.netrc &&
-        go install github.com/go-delve/delve/cmd/dlv@latest &&
-        air
+        go install github.com/go-delve/delve/cmd/dlv@latest
+        && air
     ports:
       - 17070:80
       - 2345:2345

internal/rebac/auth.go

@@ -12,7 +12,8 @@ type Authenticator struct{}
 
 var _ interfaces.Authenticator = &Authenticator{}
 
-// Authenticate for now lets everything through to fulfill the requirement of admin rebac backend to have an authenticator
+// Authenticate extracts the calling user's information from the given HTTP request
 func (a *Authenticator) Authenticate(r *http.Request) (any, error) {
+	// TODO(CSS-9386): replace with real authentication
 	return "joe", nil
 }

service.go

@@ -376,12 +376,9 @@ func NewService(ctx context.Context, p Params) (*Service, error) {
 		return nil, errors.E(op, err, "failed to parse final redirect url for the dashboard")
 	}
 
-	rebacBackend, err := rebachandlers.NewReBACAdminBackend(rebachandlers.ReBACAdminBackendParams{
-		Authenticator: &rebac.Authenticator{},
-	})
+	rebacBackend, err := s.setupRebacBackend(ctx)
 	if err != nil {
-		zapctx.Error(ctx, "failed to create rebac admin backend", zap.Error(err))
-		return nil, errors.E(op, err, "failed to create rebac admin backend")
+		return nil, errors.E(op, err)
 	}
 
 	// Setup all HTTP handlers.
@@ -463,6 +460,20 @@ func (s *Service) setupDischarger(p Params) (*discharger.MacaroonDischarger, err
 	return MacaroonDischarger, nil
 }
 
+func (s *Service) setupRebacBackend(ctx context.Context) (*rebachandlers.ReBACAdminBackend, error) {
+	const op = errors.Op("setupRebacBackend")
+
+	rebacBackend, err := rebachandlers.NewReBACAdminBackend(rebachandlers.ReBACAdminBackendParams{
+		Authenticator: &rebac.Authenticator{},
+	})
+	if err != nil {
+		zapctx.Error(ctx, "failed to create rebac admin backend", zap.Error(err))
+		return nil, errors.E(op, err, "failed to create rebac admin backend")
+	}
+
+	return rebacBackend, nil
+}
+
 func (s *Service) setupSessionStore(ctx context.Context, sessionSecret []byte) (*pgstore.PGStore, error) {
 	const op = errors.Op("setupSessionStore")