Skip to content

Implement basic authentication #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 19, 2020
Merged

Implement basic authentication #70

merged 3 commits into from
Jul 19, 2020
+102 −0

Conversation

frincon
Copy link
Contributor

@frincon frincon commented Jun 22, 2020

Basic auth was not supported yet. An example use-case is when using microk8s which by default uses basic auth in its configuration.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 22, 2020
@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jun 22, 2020
akshaymankar
akshaymankar suggested changes Jun 25, 2020
View reviewed changes
Copy link
Member

@akshaymankar akshaymankar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!
I think the header is set incorrectly (it might work, but IMO we should stick to the standard).
Can you please also add a test for detection to this directory.

kubernetes-client/src/Kubernetes/Client/Auth/Basic.hs
`setHeader` toHeader ("authorization", "Basic " <> encodeBasicAuth)
& L.set rAuthTypesL []
where
encodeBasicAuth = T.decodeUtf8 $ encode $ T.encodeUtf8 $ basicAuthUsername <> ":" <> basicAuthPassword
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has to be base64 encoded (at least according to RFC 7617. It is better to ues applyBasicAuth function from http-client instead of setHeader.

Copy link
Contributor Author

@frincon frincon Jun 26, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has to be base64 encoded (at least according to RFC 7617. It is better to ues applyBasicAuth function from http-client instead of setHeader.

@akshaymankar So the encode function is from Data.ByteString.Base64 so this encoding-decoding stuff what it does is Text -> ByteString -> Encode to base 64 -> Text. I understand it is quite ugly but it is encoding the username and password as base64.

I opted for converting to ByteString then encode, and then convert to Text again because the library base64-bytestring is already imported and did not want to introduce another library for just doing the base64 encoding.

Will do the test.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The applyBasicAuth works for raw WAI Requests, but here we are having KubernetesRequest which come from the OpenAPI generated code. I am not sure how I can use the applyBasicAuth here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. I totally missed encode in all of this. I think this ok then 👍

@akshaymankar
Copy link
Member

/assign @akshaymankar

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 18, 2020
@frincon
Copy link
Contributor Author

frincon commented Jul 18, 2020

@akshaymankar Added detect test in 7c3a8f5, let me know if this needs anything else.

@akshaymankar
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 19, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: akshaymankar, frincon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 19, 2020
@k8s-ci-robot k8s-ci-robot merged commit 779d619 into kubernetes-client:master Jul 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brendandburns brendandburns Awaiting requested review from brendandburns

@mbohlool mbohlool Awaiting requested review from mbohlool

1 more reviewer

@akshaymankar akshaymankar akshaymankar requested changes

Reviewers whose approvals may not affect merge requirements
Assignees

@akshaymankar akshaymankar

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@frincon @akshaymankar @k8s-ci-robot