fix: require authentication by default in standalone mode#431
fix: require authentication by default in standalone mode#431ambient-code[bot] wants to merge 4 commits intomainfrom
Conversation
✅ Deploy Preview for jumpstarter-docs ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Important Review skippedBot user detected. To trigger a single review, invoke the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@ambient-code you need to update the e2e tests most probably... |
|
Updated the e2e tests in
Commit: a25a70f |
Status UpdateReviewed the PR and its current state: Comments: The only actionable comment was from @mangelajo requesting e2e test updates. This was addressed in commit a25a70f which:
CI: No failures so far. Several checks have passed (lint-python, typos, pytest-matrix ubuntu 3.11/3.12, e2e-compat-old-client). Some checks are still pending (e2e-tests, macOS pytest-matrix runs). Will need to confirm once those complete. Code review notes:
No fixes required -- waiting on remaining CI checks to complete. |
| --tls-grpc-listener "$LISTENER_PORT" \ | ||
| --tls-grpc-insecure 2>"${BATS_TEST_TMPDIR}/exporter.log" & | ||
| LISTENER_PID=$! | ||
| echo "$LISTENER_PID" > "${BATS_TEST_TMPDIR}/exporter.pid" |
There was a problem hiding this comment.
How is the lifecycle of this exporter handled , will something kill it?
There was a problem hiding this comment.
The exporter's lifecycle is managed by the existing teardown() function (line 96), which calls stop_exporter(). The test writes the PID to ${BATS_TEST_TMPDIR}/exporter.pid (line 193), and stop_exporter() reads that file, kills the process, waits for it, and removes the PID file. This is the same mechanism used by all other tests in this file via _start_exporter().
Review feedback addressedAddressed 3 review comments from @raballew (commit 3deeba7): 1. Missing negative test for auto-generated passphrase (MEDIUM) -- Agreed and fixed. 2. Pre-existing misleading warning (MEDIUM) -- Agreed and fixed. 3. Fragile passphrase extraction (LOW) -- Acknowledged as a nit. The coupling between the CI: All checks passing prior to this push. |
Standalone mode previously defaulted to no passphrase, exposing an unauthenticated gRPC server. Now a random passphrase is auto-generated when --passphrase is not provided. Users must pass --unsafe-no-auth to explicitly disable authentication. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Existing tests that ran without authentication now use --unsafe-no-auth since the exporter auto-generates a passphrase when neither --passphrase nor --unsafe-no-auth is provided. Also adds tests for auto-generated passphrase output, --unsafe-no-auth flag, and mutual exclusivity of --passphrase and --unsafe-no-auth. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ading warning Address review feedback from @raballew: - Add negative test verifying wrong passphrase is rejected when using auto-generated passphrase (closes test coverage gap) - Reword pre-existing warning to clarify that passphrase auth IS active even without TLS, but the passphrase is transmitted in plaintext Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ambient-code
Bot
force-pushed
the
fix/356-standalone-auth-default
branch
from
3deeba7 to
b60ee8e
Compare
Rebased onto main to resolve merge conflictThe Resolution: Ported all auth-by-default e2e test changes to the new Go test framework:
The |
raballew
left a comment
raballew
left a comment
There was a problem hiding this comment.
All three previous review concerns have been addressed.
-
Negative test for auto-generated passphrase - resolved. The test now verifies that a wrong passphrase is rejected after auto-generation (lines 211-214 of direct_listener_test.go).
-
Misleading warning reworded - resolved. The warning now reads "passphrase authentication is active but TLS is disabled" instead of the previous inaccurate phrasing.
-
Fragile passphrase extraction - acknowledged. The Go test uses
SplitNwith a non-empty assertion, which is acceptable.
One minor observation noted inline. The core logic is sound: auto-generation is scoped to standalone mode only, validation is correct, and the security model (hmac.compare_digest, tiered warnings) is well implemented.
AI-generated review
…tion Reset pt.logs in StopAll() so that stale stderr data from earlier tests does not persist across test boundaries, avoiding confusion when debugging test failures. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Review feedback addressed (round 3)Addressed 1 review comment from @raballew (commit 2e6e038): Shared stderr buffer accumulates data across tests (LOW) -- Agreed and fixed. CI: All checks were passing prior to this push. |
2 participants
Summary
Fixes #356 — standalone mode previously exposed an unauthenticated, unencrypted gRPC server by default.
secrets.token_urlsafe(32)) when--passphraseis not provided in standalone mode, printed to stderr for sharing with clients--unsafe-no-authflag to explicitly disable authentication (mutually exclusive with--passphrase)--unsafe-no-authis used, with a stronger warning when combined with--tls-grpc-insecureTest plan
make lint-fix)--unsafe-no-auth allows unauthenticated accessauto-generated passphrase is printed to stderr and can be used to connect(includes negative test with wrong passphrase)--passphrase and --unsafe-no-auth are mutually exclusivejmp run --exporter myconfig --tls-grpc-listener 1234 --tls-grpc-insecurenow auto-generates and prints a passphrasejmp run --exporter myconfig --tls-grpc-listener 1234 --tls-grpc-insecure --unsafe-no-authwarns but allows unauthenticated access--passphraseand--unsafe-no-authtogether produces a UsageError🤖 Generated with Claude Code