-
Notifications
You must be signed in to change notification settings - Fork 899
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor default required credential fields in authentication mixin #10690
Refactor default required credential fields in authentication mixin #10690
Conversation
06a3717
to
219ae4e
Compare
else | ||
[:userid] | ||
end | ||
[] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why don't we need it anymore?
- 👍 thanks, fixed the authentication_mixin to return
[:userid]
like the current fallback. - We do need the functionality, the code in Container provider multi endpoint #7950 does it wrong and need fixing :-(
I suppose there was a reasoning to add this in #7950
The problem was that if the type was :hawkular
we got [:userid]
, but the authentication did not have one, #7950 fixed it.
Why we need to this refactor/fix ?
The fix in #7950 did two things wrong
- Type
:hawkular
should return[:auth_key]
and not[]
, the same as type:bearer
- The default answer for
required_credential_fields
in the case of container manager is[:auth_key]
and not[:userid]
When writing #7950 I did not notice this problems because:
a. I always added a :userid => '_'
thinking it was something we need to do, and not just an artefact.
b. I didn't know that other providers override this function when they want to, like openstack/infra_manager.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the test you're adding demonstrating that we don't need this in any case?
👍 Added a test to check that now we can not create an authentication type :hawkular
without the :auth_key
field, The test in the original version of this PR did not check that.
The new test will fail without the fix in this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@chessbyte
Authentication connected to a container manager provider use :auth_key
,
Overriding the required_credential_fields
method is nice here because it covers all the authentications, :bearer, :hawkular ( and nil, :default ... that should not be used here )
do we need a similar override for hawkular or the default will work for it?
hawkular will work. All authentications currently connected to a container manager require the [:auth_key] field.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, do we need a similar override for hawkular or the default [:userid] will work for it?
Sorry, I didn't understand the question.
The hawkular middleware use the :default
authentication type, it requires the [:unierid, :password]
fields. it will work with the new default [:userid]
.
219ae4e
to
2b44ac7
Compare
@miq-bot assign yaacov |
3afcb56
to
fef33eb
Compare
@rubenvp8510 please review this- to see that doesn't cause a regression in the hawkular provider auth. thank you |
I verified this on the hawkular provider, there is no regression. this looks good to me. |
@@ -79,14 +79,7 @@ def authentication_service_account(type = nil) | |||
end | |||
|
|||
def required_credential_fields(type) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the type
parameter should be renamed _type
because is not used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rubenvp8510 Thanks 👍 , how did rubocop miss that :-)
fef33eb
to
12b2cac
Compare
I like how this turned out (cleaner code). 👍 @miq-bot assign chessbyte |
@miq-bot add_label bug This is a bug as it prevents a legitimate API call {"action": "refresh"} from completing successfully. |
@blomquisg can we merge this? |
@blomquisg ping |
<pr_mergeability_checker />This pull request is not mergeable. Please rebase and repush. |
@yaacov looks like I just want to make sure that the inheritance chain never gets messed up there in the future. |
6e1cd9c
to
396d077
Compare
396d077
to
f94a597
Compare
9c0337e
to
a7ca610
Compare
@blomquisg Thanks, add two specs to check the required_credential_fields, one for in 5dd6746 a new authentication type |
…tion When checking for required_credential_fields for a container manager authentication we get wrong fields Issue ManageIQ#10689
a7ca610
to
5e59040
Compare
Checked commit yaacov@5e59040 with ruby 2.2.5, rubocop 0.37.2, and haml-lint 0.16.1 |
Thanks, @yaacov The region changes look good and the behavior looks to be the same for everything except hawkular. If that's been cleared then this looks good to me 👍 |
@carbonin Thanks, I've added a spec for in |
@blomquisg It already has an extensive spec for the regular cases [1] e.g. [:userid] , the added specs in this PR are for the the irregular cases of container_manger [2] and miq_region ( @carbonin ) [3] [1] https://github.com/ManageIQ/manageiq/blob/master/spec/models/mixins/authentication_mixin_spec.rb#L59 [2] https://github.com/ManageIQ/manageiq/pull/10690/files#diff-5fa47523d0443aa7bedb8f5b6a19ef41L23 |
Description
Container provider manager does not implement the function
required_credential_fields
, it relays on a wrong implementation in authentication_mixin. This PR implements therequired_credential_fields
in the container provider and remove the bad implementation in authentication_mixinScreenshot
Before
After
Issue
#10689