-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added multiple providers support - take 2 #1657
added multiple providers support - take 2 #1657
Conversation
Tests are still to be adjusted once maintainers are happy with the code |
contrib/local-environment/oauth2-proxy-alpha-config-multiple-providers.yaml
Show resolved
Hide resolved
Is there any specific reason this is stuck? Can I do something to help? This feature would be really useful. |
I concur! |
Let's do it! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies for the delay in reviewing this, not getting a lot of time to spend on the project recently.
Thanks for putting this together, left some feedback
@@ -53,7 +53,7 @@ services: | |||
httpbin: {} | |||
etcd: | |||
container_name: etcd | |||
image: gcr.io/etcd-development/etcd:v3.4.7 | |||
image: gcr.io/etcd-development/etcd:v3.6.0-alpha.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why use an alpha image here? Can this be pinned to a stable release
server: | ||
BindAddress: 0.0.0.0:4180 | ||
SecureBindAddress: "" | ||
TLS: null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please finish this file with a new line character
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=" | ||
email_domains="example.com" | ||
cookie_secure="false" | ||
redirect_url="http://localhost:4180/oauth2/callback" | ||
banner="Sign in with your specific company provider" | ||
cookie_refresh="0h1m0s" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why has this change been made?
server: | ||
BindAddress: 0.0.0.0:4180 | ||
SecureBindAddress: "" | ||
TLS: null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please make sure to add a new line at the end of the file
providerNameArray := make([]string, 0) | ||
providerIDArray := make([]string, 0) | ||
providerNameArray = append(providerNameArray, "<provider-name>") | ||
providerIDArray = append(providerIDArray, "0") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please condense
@@ -36,18 +36,9 @@ const ( | |||
// All options must be provided. | |||
type StoredSessionLoaderOptions struct { | |||
// Session storage backend | |||
SessionStore sessionsapi.SessionStore | |||
|
|||
// How often should sessions be refreshed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we dropping the comments
refreshed, err := s.sessionRefresher(req.Context(), session) | ||
func (s *storedSessionLoader) refreshSession(rw http.ResponseWriter, req *http.Request, providerMap providers.ProviderMap, session *sessionsapi.SessionState) error { | ||
|
||
refreshed, err := s.providerMap[session.ProviderID].RefreshSession(req.Context(), session) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to get the provider from the map and check it isn't nil, in case there's an invalid ID. Every function that gets it requires this please
if len(paths) == 0 { | ||
return nil, fmt.Errorf("invalid empty list of Root CAs file paths") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why have we dropped this one?
RootCAs: pool, | ||
MinVersion: tls.VersionTLS12, | ||
} else { | ||
caFiles := make([]string, 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need for make here
caFiles := make([]string, 0) | |
caFiles := []string{} |
This pull request has been inactive for 60 days. If the pull request is still relevant please comment to re-activate the pull request. If no action is taken within 7 days, the pull request will be marked closed. |
Do we have time to address the review comments? |
Hi, sorry I barely have the time to even sleep right now (new child). I will maybe have time soon but cannot guarantee anything. |
No worries @hevans-dglcom, we appreciate the time you've put in and, when you do have the time to come back to this, we can get back to it. Family and looking after yourself is more important than this project |
added default provider .
955336f
to
59bf792
Compare
This pull request has been inactive for 60 days. If the pull request is still relevant please comment to re-activate the pull request. If no action is taken within 7 days, the pull request will be marked closed. |
Hi @hevans-dglcom, is there a way how we can support on that Change-Request. May be incorporating the review comments on your repo, or forking the master and do the changes on a different repo to bring this implementation further. Thanks for any thoughts on that. @JoelSpeed Or is there any other issue taking this over already that I missed? or is #1923 more likely to be followed up ? and if so how can we help there |
Hi @mteubner, honestly I'm not intending to try and follow this up, at least until the project gets a few more maintainers. I just don't see it even being reviewed again any time soon and as the changes touch a lot of code, It's too much work to fix all the conficts after every merge. Feel free to fork my fork and try to bring it further, and I can help if you have any questions. |
Hello,
I spent a few days in december implementing the multiple providers feature. I have finally found the time to revisit this since the structural provider changes were made. Also since the structural changes this feature is completely rewritten, so I decided to create a new PR.
You can currently test this yourself by checking out the branch and then running the following from the /contrib/local-environment/ folder:
make alpha-config-multiple-providers-build-up
Description
Motivation and Context
Important for environments with multiple companies etc #926
Closes #926
How Has This Been Tested?
**** Other providers need to be tested to ensure pointers in the provider setup do not overwrite configs when using multiple providers from the same type **** - but this is not a breaking bug for existing 1 provider users
Checklist: