storcon: add peer token for peer to peer communication (#9695)

## Problem We wish to stop using admin tokens in the infra repo, but step down requests use the admin token. ## Summary of Changes Introduce a new "ControllerPeer" scope and use it for step-down requests.
2026-01-08 05:52:55 +00:00 · 2024-11-11 09:58:41 +00:00
parent 2fcac0e66b
commit ceaa80ffeb
4 changed files with 10 additions and 3 deletions
--- a/safekeeper/src/auth.rs
+++ b/safekeeper/src/auth.rs
@@ -20,7 +20,8 @@ pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<
            | Scope::PageServerApi
            | Scope::GenerationsApi
            | Scope::Infra
-            | Scope::Scrubber,
+            | Scope::Scrubber
+            | Scope::ControllerPeer,
            _,
        ) => Err(AuthError(
            format!(