-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication cleanup #1403
Authentication cleanup #1403
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1403 +/- ##
=====================================
Coverage 7.75% 7.75%
=====================================
Files 69 69
Lines 7273 7273
=====================================
Hits 564 564
Misses 6669 6669
Partials 40 40
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Look ok.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks ok.
wondering however if our tests actually check the various code paths of auth, i.e. try to trigger the various auth failures.
Thanks @andreas-kupries! Actually yes, there are few tests that are checking the basic auth and session authentication (they failed me for a couple of things, so it was interesting to see that the auth is working fine!). In the next PR I will add a couple of tests to check also the authorization. |
@@ -18,13 +19,17 @@ type UserKey struct{} | |||
type LoggerKey struct{} | |||
|
|||
// WithUser adds the user name to the context | |||
func WithUser(ctx context.Context, val string) context.Context { | |||
func WithUser(ctx context.Context, val auth.User) context.Context { | |||
return context.WithValue(ctx, UserKey{}, val) | |||
} | |||
|
|||
// User returns the user name from the context |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment is now outdated (sorry for the post-merge review)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, good catch, thanks. I will update it in the next PR!
Note
This PR needs the new users from this helm-charts PR
It would work also without it, but I guess it's better to merge that before.
This is a cleanup/refactor made before the authorization spike. It should not change the behaviour of the API.
The main changes are in the
internal/auth/auth.go
.Some unused structs and func were removed:
Then a new
auth.User
struct was added, and all the methods were adapted accordingly. This struct will match an Epinio User (or account maybe?), and it will be the one that will be returned from the different functions and package (I don't think we should move too much around with secrets and the kubernetes internal, generally speaking). This struct will be also the one that is going to be keep around in the context and session.So a
NewUserFromSecret
func was added, and the otherGetUserAccounts
,GetFirstUserAccount
andGetUserSecretsByAge
were updated accordingly.It's probably easier to have a look at the result: https://github.com/epinio/epinio/blob/auth-cleanup/internal/auth/auth.go
Other important changes are in the
internal/cli/server/server.go
, so that now we are going to persist theauth.User
in the session and context. I've also removed the BasicAuth header decoding, that can be done with just