Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Watch the htpasswd file for changes and update the htpasswdMap #1701

Merged
merged 12 commits into from Sep 1, 2022
Merged

Watch the htpasswd file for changes and update the htpasswdMap #1701

merged 12 commits into from Sep 1, 2022

Conversation

aiciobanu
Copy link
Contributor

Description

  • watcher.go was moved to a package to be accessible globally
  • watcher.go - code was refactored to accommodate the implemented feature
  • htpasswd.go - code was refactored to allow updates while the service is up&running
  • htpasswd_test.go - new tests were added to validate the added feature

Based on these changes basic auth users can be dynamically added or removed

Motivation and Context

Fixes #1320

How Has This Been Tested?

  • Unit tests
  • Local Kubernetes environment:
    • deployed the oauth2-proxy chart
    • made changes to the htpasswd-file Secret while the service was running (used working/malformed/invalid user details)
    • tested the login based on different existing/non-existing user details

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.

@aiciobanu aiciobanu requested a review from a team as a code owner June 24, 2022 11:18
@aiciobanu aiciobanu mentioned this pull request Jun 24, 2022
Closed
braunsonm
braunsonm reviewed Jul 21, 2022
View reviewed changes
pkg/watcher/watcher.go Outdated Show resolved Hide resolved
pkg/watcher/watcher.go Outdated Show resolved Hide resolved
pkg/watcher/watcher.go Show resolved Hide resolved
pkg/authentication/basic/htpasswd.go Outdated Show resolved Hide resolved
pkg/authentication/basic/htpasswd.go Outdated Show resolved Hide resolved
pkg/authentication/basic/htpasswd.go Show resolved Hide resolved
pkg/authentication/basic/htpasswd_test.go Outdated Show resolved Hide resolved
pkg/watcher/watcher.go Outdated Show resolved Hide resolved
pkg/watcher/watcher.go Show resolved Hide resolved
@aiciobanu aiciobanu requested a review from braunsonm July 22, 2022 08:47
@tlawrie
Copy link

tlawrie commented Aug 16, 2022

Hi all. Checking into this PR to see if its now ready for merge?

@aiciobanu
Copy link
Contributor Author

@braunsonm The requested changes were implemented, could you please review it again?

braunsonm
braunsonm previously approved these changes Aug 21, 2022
View reviewed changes
Copy link
Collaborator

@braunsonm braunsonm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, @JoelSpeed

JoelSpeed
JoelSpeed reviewed Aug 31, 2022
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some styling nits but otherwise LGTM, thanks!

pkg/authentication/basic/htpasswd.go Outdated Show resolved Hide resolved
pkg/authentication/basic/htpasswd.go Outdated Show resolved Hide resolved
pkg/authentication/basic/htpasswd.go Outdated

err := h.loadHTPasswdFile(path)
if err != nil {
return nil, err
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please wrap errors you are returning with additional context

Suggested change
return nil, err
return nil, fmt.Errorf("could not load htpasswd file: %v", err)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already have the context in the oauthproxy.go file -> https://github.com/oauth2-proxy/oauth2-proxy/blob/master/oauthproxy.go#L114-L117.
We just need the value of the error retrieved from loadHTPasswdFile or WatchFileForUpdates.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typically, if you add context at every level, it's easy to see the exact error paths. Else you have to dig into each function call within this function to see which child error came up

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed the error message from oauthproxy.go and added the context for load and watch.

pkg/authentication/basic/htpasswd.go Outdated
}
})
if err != nil {
return nil, err
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please wrap with context

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The context in already in the oauthproxy.go file -- same as above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrapped the error with context

pkg/watcher/watcher.go Outdated Show resolved Hide resolved
@aiciobanu @JoelSpeed
Apply suggestions from code review
12b19bf 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
JoelSpeed
JoelSpeed approved these changes Sep 1, 2022
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, let's get this merged!

@JoelSpeed JoelSpeed merged commit 037cb04 into oauth2-proxy:master Sep 1, 2022
@tlawrie
Copy link

tlawrie commented Sep 1, 2022

Amazing!

msaf1980 pushed a commit to msaf1980/oauth2-proxy that referenced this pull request Sep 27, 2022
@aiciobanu @JoelSpeed @msaf1980
Watch the htpasswd file for changes and update the htpasswdMap (o…
fd7fa6c 
…auth2-proxy#1701)

* dynamically update the htpasswdMap based on the changes made to the htpasswd file

* added tests to validate that htpasswdMap is updated after the htpasswd file is changed

* refactored `htpasswd` and `watcher` to lower cognitive complexity

* returned errors and refactored tests

* added `CHANGELOG.md` entry for oauth2-proxy#1701 and fixed the codeclimate issue

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix lint issue from code suggestion

* Wrap htpasswd load and watch errors with context

* add the htpasswd wrapped error context to the test

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
@crbednarz crbednarz mentioned this pull request Oct 12, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoelSpeed JoelSpeed JoelSpeed approved these changes

@braunsonm braunsonm braunsonm left review comments

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Need to allow oauth2-proxy to allow watching the changes in the content behind htpasswd-file
4 participants
@aiciobanu @tlawrie @braunsonm @JoelSpeed