gcp authentication integration

[YangKeao]

What problem does this PR solve?

Issue Number: close #2213

Problem Summary:

What is changed and how it works?

What's Changed:

It provides three endpoints and adds a middleware:

GET /api/auth/gcp/redirect

It will redirect to the google login.

GET /api/auth/gcp/callback

It will exchange the oauth access_token and refresh_token. These token and the expiry will be included in the cookie. notice: the expiry will be URLEncoded (as in the cookie).

A middleware is added to the gin server, so that when the x-authentication-method is set to gcp, it will read token from the header and set the automatically refreshed token to the Authentication header.

It's waiting for the frontend change, or should we merge the PR first?

[ti-chi-bot]

[REVIEW NOTIFICATION]

This pull request has been approved by:

• cwen0
• g1eny0ung

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

[sonatype-lift]

Critical OSS Vulnerability:  

pkg:golang/golang.org/x/net@0.0.0-20180724234803-3673e40ba225

5 Critical, 0 Severe, 0 Moderate and 0 Unknown vulnerabilities have been found in a transitive dependency of pkg:golang/golang.org/x/oauth2@0.0.0-20200107190931-bf48bf16ab8d

CRITICAL Vulnerabilities (5)

---

CVE-2018-17143

[CVE-2018-17143] Improper Input Validation

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.

CVSS Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

---

CVE-2018-17848

[CVE-2018-17848] Data Handling

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.

CVSS Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

---

CVE-2018-17847

[CVE-2018-17847] Improper Input Validation

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.

CVSS Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

---

CVE-2018-17142

[CVE-2018-17142] Improper Input Validation

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.

CVSS Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

---

CVE-2018-17846

[CVE-2018-17846] Resource Management Errors

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.

CVSS Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

---

(at-me in a reply with help or ignore)

[codecov-commenter]

Codecov Report

Merging #2220 (0aa514d) into master (7e9ff3f) will decrease coverage by 13.79%.
The diff coverage is 41.74%.

❗ Current head 0aa514d differs from pull request most recent head 7f2f767. Consider uploading reports for the commit 7f2f767 to get more accurate results

@@             Coverage Diff             @@
##           master    #2220       +/-   ##
===========================================
- Coverage   55.78%   41.99%   -13.80%     
===========================================
  Files          68      126       +58     
  Lines        4383     8678     +4295     
===========================================
+ Hits         2445     3644     +1199     
- Misses       1768     4700     +2932     
- Partials      170      334      +164     

Impacted Files	Coverage Δ
api/v1alpha1/awschaos_types.go	0.00% <0.00%> (ø)
api/v1alpha1/dnschaos_type.go	0.00% <0.00%> (ø)
api/v1alpha1/gcpchaos_types.go	0.00% <0.00%> (ø)
api/v1alpha1/httpchaos_types.go	0.00% <0.00%> (ø)
api/v1alpha1/iochaos_types.go	0.00% <0.00%> (-40.00%)	⬇️
api/v1alpha1/jvmchaos_webhook.go	0.00% <0.00%> (ø)
api/v1alpha1/kernelchaos_types.go	0.00% <0.00%> (-20.00%)	⬇️
api/v1alpha1/kinds.go	23.52% <0.00%> (-3.14%)	⬇️
api/v1alpha1/networkchaos_types.go	0.00% <0.00%> (-22.99%)	⬇️
api/v1alpha1/podchaos_types.go	0.00% <0.00%> (-37.15%)	⬇️
... and 185 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9ed4f98...7f2f767. Read the comment docs.

[STRRL]

please update the install.sh

[cwen0]

LGTM

[YangKeao]

@g1eny0ung PTAL

[g1eny0ung]

LGTM

[g1eny0ung]

/merge

[ti-chi-bot]

@g1eny0ung: /merge in this pull request requires 2 approval(s).

In response to this:

/merge

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

[ti-chi-bot]

@cwen0: /merge in this pull request requires 2 approval(s).

In response to this:

/merge

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

[cwen0]

/merge

[ti-chi-bot]

This pull request has been accepted and is ready to merge.

Commit hash: c08602d

[ti-chi-bot]

@YangKeao: Your PR was out of date, I have automatically updated it for you.

At the same time I will also trigger all tests for you:

/run-all-tests

If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.