Refactor default required credential fields in authentication mixin #10690
Conversation
yaacov
force-pushed
the
refactor-default-required-credential-fields-in-authentication-mixin
branch
from
06a3717
to
219ae4e
Compare
| else | ||
| [:userid] | ||
| end | ||
| [] |
There was a problem hiding this comment.
Why don't we need it anymore?
- 👍 thanks, fixed the authentication_mixin to return
[:userid]like the current fallback. - We do need the functionality, the code in Container provider multi endpoint #7950 does it wrong and need fixing :-(
I suppose there was a reasoning to add this in #7950
The problem was that if the type was :hawkular we got [:userid], but the authentication did not have one, #7950 fixed it.
Why we need to this refactor/fix ?
The fix in #7950 did two things wrong
- Type
:hawkularshould return[:auth_key]and not[], the same as type:bearer - The default answer for
required_credential_fieldsin the case of container manager is[:auth_key]and not[:userid]
When writing #7950 I did not notice this problems because:
a. I always added a :userid => '_' thinking it was something we need to do, and not just an artefact.
b. I didn't know that other providers override this function when they want to, like openstack/infra_manager.
There was a problem hiding this comment.
Is the test you're adding demonstrating that we don't need this in any case?
👍 Added a test to check that now we can not create an authentication type :hawkular without the :auth_key field, The test in the original version of this PR did not check that.
The new test will fail without the fix in this PR.
There was a problem hiding this comment.
@chessbyte
Authentication connected to a container manager provider use :auth_key,
Overriding the required_credential_fields method is nice here because it covers all the authentications, :bearer, :hawkular ( and nil, :default ... that should not be used here )
do we need a similar override for hawkular or the default will work for it?
hawkular will work. All authentications currently connected to a container manager require the [:auth_key] field.
There was a problem hiding this comment.
So, do we need a similar override for hawkular or the default [:userid] will work for it?
Sorry, I didn't understand the question.
The hawkular middleware use the :defaultauthentication type, it requires the [:unierid, :password] fields. it will work with the new default [:userid].
yaacov
force-pushed
the
refactor-default-required-credential-fields-in-authentication-mixin
branch
from
219ae4e
to
2b44ac7
Compare
|
@miq-bot assign yaacov |
yaacov
force-pushed
the
refactor-default-required-credential-fields-in-authentication-mixin
branch
3 times, most recently
from
3afcb56
to
fef33eb
Compare
|
@rubenvp8510 please review this- to see that doesn't cause a regression in the hawkular provider auth. thank you |
|
I verified this on the hawkular provider, there is no regression. this looks good to me. |
| @@ -79,14 +79,7 @@ def authentication_service_account(type = nil) | |||
| end | |||
|
|
|||
| def required_credential_fields(type) | |||
There was a problem hiding this comment.
I think the type parameter should be renamed _type because is not used.
There was a problem hiding this comment.
@rubenvp8510 Thanks 👍 , how did rubocop miss that :-)
yaacov
force-pushed
the
refactor-default-required-credential-fields-in-authentication-mixin
branch
from
fef33eb
to
12b2cac
Compare
|
I like how this turned out (cleaner code). 👍 @miq-bot assign chessbyte |
|
@miq-bot add_label bug This is a bug as it prevents a legitimate API call {"action": "refresh"} from completing successfully. |
|
@blomquisg can we merge this? |
|
@blomquisg ping |
|
<pr_mergeability_checker />This pull request is not mergeable. Please rebase and repush. |
|
@yaacov looks like I just want to make sure that the inheritance chain never gets messed up there in the future. |
yaacov
force-pushed
the
refactor-default-required-credential-fields-in-authentication-mixin
branch
2 times, most recently
from
6e1cd9c
to
396d077
Compare
yaacov
force-pushed
the
refactor-default-required-credential-fields-in-authentication-mixin
branch
from
396d077
to
f94a597
Compare
yaacov
force-pushed
the
refactor-default-required-credential-fields-in-authentication-mixin
branch
from
9c0337e
to
a7ca610
Compare
|
@blomquisg Thanks, add two specs to check the required_credential_fields, one for in 5dd6746 a new authentication type |
…tion When checking for required_credential_fields for a container manager authentication we get wrong fields Issue ManageIQ#10689
yaacov
force-pushed
the
refactor-default-required-credential-fields-in-authentication-mixin
branch
from
a7ca610
to
5e59040
Compare
|
Checked commit yaacov@5e59040 with ruby 2.2.5, rubocop 0.37.2, and haml-lint 0.16.1 |
|
Thanks, @yaacov The region changes look good and the behavior looks to be the same for everything except hawkular. If that's been cleared then this looks good to me 👍 |
@carbonin Thanks, I've added a spec for in |
@blomquisg It already has an extensive spec for the regular cases [1] e.g. [:userid] , the added specs in this PR are for the the irregular cases of container_manger [2] and miq_region ( @carbonin ) [3] [1] https://github.com/ManageIQ/manageiq/blob/master/spec/models/mixins/authentication_mixin_spec.rb#L59 [2] https://github.com/ManageIQ/manageiq/pull/10690/files#diff-5fa47523d0443aa7bedb8f5b6a19ef41L23 |
Description
Container provider manager does not implement the function
required_credential_fields, it relays on a wrong implementation in authentication_mixin. This PR implements therequired_credential_fieldsin the container provider and remove the bad implementation in authentication_mixinScreenshot
Before
After
Issue
#10689