armadaproject
diff --git a/‎.github/workflows/java-client-release-to-maven.yml‎
Lines changed: 1 addition & 4 deletions b/‎.github/workflows/java-client-release-to-maven.yml‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎client/java/pom.xml‎
Lines changed: 11 additions & 12 deletions b/‎client/java/pom.xml‎
Lines changed: 11 additions & 12 deletions
diff --git a/‎client/java/settings.xml‎
Lines changed: 0 additions & 24 deletions b/‎client/java/settings.xml‎
Lines changed: 0 additions & 24 deletions
diff --git a/‎client/scala/armada-scala-client/pom.xml‎
Lines changed: 1 addition & 1 deletion b/‎client/scala/armada-scala-client/pom.xml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎config/lookout/config.yaml‎
Lines changed: 2 additions & 0 deletions b/‎config/lookout/config.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎internal/lookout/application.go‎
Lines changed: 9 additions & 0 deletions b/‎internal/lookout/application.go‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎internal/lookout/configuration/types.go‎
Lines changed: 3 additions & 0 deletions b/‎internal/lookout/configuration/types.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎internal/lookout/gen/restapi/configure_lookout.go‎
Lines changed: 35 additions & 4 deletions b/‎internal/lookout/gen/restapi/configure_lookout.go‎
Lines changed: 35 additions & 4 deletions
diff --git a/‎internal/lookout/repository/getjobs.go‎
Lines changed: 5 additions & 3 deletions b/‎internal/lookout/repository/getjobs.go‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎internal/lookout/repository/groupjobs.go‎
Lines changed: 6 additions & 3 deletions b/‎internal/lookout/repository/groupjobs.go‎
Lines changed: 6 additions & 3 deletions
@@ -12,7 +12,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Set up Maven Central Repository
-      uses: actions/setup-java@c3ac5dd0ed8db40fedb61c32fbe677e6b355e94c
+      uses: actions/setup-java@v4
       with:
         java-version: '11'
         distribution: 'temurin'
@@ -27,11 +27,8 @@ jobs:
 
     - name: Build
       run: |
-        cp client/java/settings.xml /home/runner/.m2
         cd client/java
         mvn clean install
-      env:
-        MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
 
     - name: Release artifacts
       run: |
 
@@ -46,20 +46,12 @@
   </developers>
 
   <scm>
-    <connection>scm:git:git://github.com/armadaproject/java-client.git</connection>
-    <developerConnection>scm:git:ssh://github.com:armadaproject/java-client.git
-    </developerConnection>
-    <url>http://github.com/armadaproject/java-client/tree/main</url>
+    <connection>scm:git:git://github.com/armadaproject/armada.git</connection>
+    <developerConnection>scm:git:ssh://github.com:armadaproject/armada.git</developerConnection>
+    <url>https://github.com/armadaproject/armada/tree/master/client/java</url>
     <tag/>
   </scm>
 
-  <distributionManagement>
-    <repository>
-      <id>central</id>
-      <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-    </repository>
-  </distributionManagement>
-
   <profiles>
     <profile>
       <id>local</id>
@@ -297,11 +289,12 @@
           <plugin>
             <groupId>org.sonatype.central</groupId>
             <artifactId>central-publishing-maven-plugin</artifactId>
-            <version>0.6.0</version>
+            <version>0.7.0</version>
             <extensions>true</extensions>
             <configuration>
               <publishingServerId>central</publishingServerId>
               <autoPublish>true</autoPublish>
+              <waitUntil>published</waitUntil>
             </configuration>
           </plugin>
 
@@ -318,6 +311,12 @@
                 </goals>
               </execution>
             </executions>
+            <configuration>
+              <gpgArguments>
+                <arg>--pinentry-mode</arg>
+                <arg>loopback</arg>
+              </gpgArguments>
+            </configuration>
           </plugin>
 
           <!-- generate java sources from proto -->
 
@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>io.armadaproject</groupId>
   <artifactId>armada-scala-client_2.13</artifactId>
-  <version>0.1.0-SNAPSHOT</version>
+  <version>0.2.0-SNAPSHOT</version>
   <name>Armada Scala Client</name>
   <description>A Scala client for Armada.</description>
   <inceptionYear>2025</inceptionYear>
 
@@ -1,5 +1,7 @@
 apiPort: 10000
 metricsPort: 9003
+auth:
+  anonymousAuth: true
 corsAllowedOrigins:
   - "http://localhost:3000"
   - "http://localhost:8089"
 
@@ -3,6 +3,8 @@
 package lookout
 
 import (
+	"fmt"
+
 	"github.com/IBM/pgxpoolprometheus"
 	"github.com/go-openapi/loads"
 	"github.com/go-openapi/runtime/middleware"
@@ -11,6 +13,7 @@ import (
 
 	"github.com/armadaproject/armada/internal/common"
 	"github.com/armadaproject/armada/internal/common/armadacontext"
+	"github.com/armadaproject/armada/internal/common/auth"
 	"github.com/armadaproject/armada/internal/common/compress"
 	"github.com/armadaproject/armada/internal/common/database"
 	"github.com/armadaproject/armada/internal/common/logging"
@@ -174,6 +177,12 @@ func Serve(configuration configuration.LookoutConfig) error {
 		server.Port = configuration.ApiPort
 	}
 
+	authServices, err := auth.ConfigureAuth(configuration.Auth)
+	if err != nil {
+		return fmt.Errorf("creating auth services: %w", err)
+	}
+
+	restapi.SetAuthService(auth.NewMultiAuthService(authServices))
 	restapi.SetCorsAllowedOrigins(configuration.CorsAllowedOrigins) // This needs to happen before ConfigureAPI
 	server.ConfigureAPI()
 	if err := server.Serve(); err != nil {
 
@@ -3,11 +3,14 @@ package configuration
 import (
 	"time"
 
+	authconfig "github.com/armadaproject/armada/internal/common/auth/configuration"
 	profilingconfig "github.com/armadaproject/armada/internal/common/profiling/configuration"
 	"github.com/armadaproject/armada/internal/server/configuration"
 )
 
 type LookoutConfig struct {
+	Auth authconfig.AuthConfig
+
 	ApiPort     int
 	Profiling   *profilingconfig.ProfilingConfig
 	MetricsPort int
 
@@ -14,6 +14,7 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 	"golang.org/x/exp/slices"
 
+	"github.com/armadaproject/armada/internal/common/auth"
 	"github.com/armadaproject/armada/internal/common/serve"
 	"github.com/armadaproject/armada/internal/lookout/configuration"
 	"github.com/armadaproject/armada/internal/lookout/gen/restapi/operations"
@@ -28,6 +29,12 @@ func SetCorsAllowedOrigins(allowedOrigins []string) {
 	corsAllowedOrigins = allowedOrigins
 }
 
+var authService auth.AuthService
+
+func SetAuthService(s auth.AuthService) {
+	authService = s
+}
+
 func configureFlags(api *operations.LookoutAPI) {
 	// api.CommandLineOptionsGroups = []swag.CommandLineOptionsGroup{ ... }
 }
@@ -91,7 +98,33 @@ var UIConfig configuration.UIConfig
 // The middleware configuration happens before anything, this middleware also applies to serving the swagger.json document.
 // So this is a good place to plug in a panic handling middleware, logging and metrics.
 func setupGlobalMiddleware(apiHandler http.Handler) http.Handler {
-	return recordRequestDuration(allowCORS(uiHandler(apiHandler), corsAllowedOrigins))
+	return allowCORS(
+		uiHandler(
+			authHandler(
+				recordRequestDuration(
+					apiHandler,
+				),
+			),
+		), corsAllowedOrigins)
+}
+
+func authHandler(handler http.Handler) http.Handler {
+	mux := http.NewServeMux()
+
+	// do not authenticate requests to healthchecker endpoint
+	mux.Handle("/health", handler)
+
+	authFunction := auth.CreateHttpMiddlewareAuthFunction(authService)
+	mux.Handle("/api/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctxWithPrincipal, err := authFunction(w, r)
+		if err != nil {
+			return
+		}
+
+		handler.ServeHTTP(w, r.WithContext(ctxWithPrincipal))
+	}))
+
+	return mux
 }
 
 func uiHandler(apiHandler http.Handler) http.Handler {
@@ -128,13 +161,11 @@ func allowCORS(handler http.Handler, corsAllowedOrigins []string) http.Handler {
 
 func recordRequestDuration(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// TODO: for autheticated users, record the username
-		const unknownUser = "unknown"
 		start := time.Now()
 		handler.ServeHTTP(w, r)
 		duration := time.Since(start)
 		if strings.HasPrefix(r.URL.Path, "/api/v1/") {
-			metrics.RecordRequestDuration(unknownUser, r.URL.Path, float64(duration.Milliseconds()))
+			metrics.RecordRequestDuration(auth.GetPrincipal(r.Context()).GetName(), r.URL.Path, float64(duration.Milliseconds()))
 		}
 	})
 }
 
@@ -9,6 +9,7 @@ import (
 	"k8s.io/utils/clock"
 
 	"github.com/armadaproject/armada/internal/common/armadacontext"
+	"github.com/armadaproject/armada/internal/common/auth"
 	"github.com/armadaproject/armada/internal/common/database"
 	"github.com/armadaproject/armada/internal/common/database/lookout"
 	"github.com/armadaproject/armada/internal/lookout/model"
@@ -63,21 +64,22 @@ func (r *SqlGetJobsRepository) GetJobs(ctx *armadacontext.Context, filters []*mo
 }
 
 func (r *SqlGetJobsRepository) getJobs(ctx *armadacontext.Context, filters []*model.Filter, activeJobSets bool, order *model.Order, skip int, take int) (*GetJobsResult, error) {
+	user := auth.GetPrincipal(ctx).GetName()
 	query, err := NewQueryBuilder(r.lookoutTables).GetJobs(filters, activeJobSets, order, skip, take)
 	if err != nil {
 		return nil, err
 	}
-	logQueryDebug(query, "GetJobs")
+	logQueryDebug(user, query, "GetJobs")
 	var jobs []*model.Job
 
 	queryStart := time.Now()
 	rows, err := r.db.Query(ctx, query.Sql, query.Args...)
 	queryDuration := time.Since(queryStart)
 	if err != nil {
-		logQueryError(query, "GetJobs", queryDuration)
+		logQueryError(user, query, "GetJobs", queryDuration)
 		return nil, err
 	}
-	logSlowQuery(query, "GetJobs", queryDuration)
+	logSlowQuery(user, query, "GetJobs", queryDuration)
 
 	defer rows.Close()
 	for rows.Next() {
 
@@ -10,6 +10,7 @@ import (
 	"github.com/pkg/errors"
 
 	"github.com/armadaproject/armada/internal/common/armadacontext"
+	"github.com/armadaproject/armada/internal/common/auth"
 	"github.com/armadaproject/armada/internal/common/slices"
 	"github.com/armadaproject/armada/internal/lookout/model"
 )
@@ -54,22 +55,24 @@ func (r *SqlGroupJobsRepository) GroupBy(
 	skip int,
 	take int,
 ) (*GroupByResult, error) {
+	user := auth.GetPrincipal(ctx).GetName()
+
 	query, err := NewQueryBuilder(r.lookoutTables).GroupBy(filters, activeJobSets, order, groupedField, aggregates, skip, take)
 	if err != nil {
 		return nil, err
 	}
-	logQueryDebug(query, "GroupBy")
+	logQueryDebug(user, query, "GroupBy")
 
 	var groups []*model.JobGroup
 
 	queryStart := time.Now()
 	groupRows, err := r.db.Query(ctx, query.Sql, query.Args...)
 	queryDuration := time.Since(queryStart)
 	if err != nil {
-		logQueryError(query, "GroupBy", queryDuration)
+		logQueryError(user, query, "GroupBy", queryDuration)
 		return nil, err
 	}
-	logSlowQuery(query, "GroupBy", queryDuration)
+	logSlowQuery(user, query, "GroupBy", queryDuration)
 
 	groups, err = rowsToGroups(groupRows, groupedField, aggregates, filters)
 	if err != nil {