runtime: provide credentials to services (#1817)

* runtime: inject credentials into service

* util/auth: self generate accounts (needed for jwt)

* runtime/kubernetes: add logging for creds

* runtime/kubernetes: serialize secret name

* runtime/kubernetes: remove unused code

* runtime/kubernetes: base64 encode secret

* runtime/kubernetes: remove metadata from secret

* util/kubernetes/client: omit empty secret metadata

* util/kubernetes/client: fix secret template

* util/kubernetes/client: fix secrets

* web: update auth util

* util/auth: fix missing arg

* extend token expiry

* extend token expiry

auth/jwt/jwt.go

@@ -51,17 +51,21 @@ func (j *jwt) Options() auth.Options {
 
 func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
 	options := auth.NewGenerateOptions(opts...)
+	if len(options.Issuer) == 0 {
+		options.Issuer = j.Options().Issuer
+	}
+
 	account := &auth.Account{
 		ID:       id,
 		Type:     options.Type,
 		Scopes:   options.Scopes,
 		Metadata: options.Metadata,
-		Issuer:   j.Options().Issuer,
+		Issuer:   options.Issuer,
 	}
 
 	// generate a JWT secret which can be provided to the Token() method
 	// and exchanged for an access token
-	secret, err := j.jwt.Generate(account)
+	secret, err := j.jwt.Generate(account, token.WithExpiry(time.Hour*24*365))
 	if err != nil {
 		return nil, err
 	}

auth/options.go

@@ -130,6 +130,8 @@ type GenerateOptions struct {
 	Type string
 	// Secret used to authenticate the account
 	Secret string
+	// Issuer of the account, e.g. micro
+	Issuer string
 }
 
 type GenerateOption func(o *GenerateOptions)
@@ -169,6 +171,13 @@ func WithScopes(s ...string) GenerateOption {
 	}
 }
 
+// WithIssuer for the generated account
+func WithIssuer(i string) GenerateOption {
+	return func(o *GenerateOptions) {
+		o.Issuer = i
+	}
+}
+
 // NewGenerateOptions from a slice of options
 func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
 	var options GenerateOptions