Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login endpoint at /api/traces/v1/{tenent}/login #274

Closed
wants to merge 1 commit into from
Closed

Login endpoint at /api/traces/v1/{tenent}/login #274

wants to merge 1 commit into from

Conversation

esnible
Copy link
Contributor

@esnible esnible commented Apr 6, 2022

Resolves #266

This creates the endpoint /api/traces/v1/{tenent}/login which redirects to that tenant's provider-specific login endpoint.

This allows the trace UI to log out using a relative path, e.g. ./logout, rather than requiring knowledge of the authentication provider specified in tenants.yaml.

Currently only exposed for tracing, but all the plumbing is there other UIs.

PR is created as a draft so please comment on the direction/idea. If the approach is good I will begin work on tests.

@esnible
full path
bb15b78 
Signed-off-by: Ed Snible <snible@us.ibm.com>
saswatamcode
saswatamcode reviewed Apr 7, 2022
View reviewed changes
authentication/oidc.go
@@ -434,3 +434,7 @@ func (a oidcAuthenticator) checkAuth(ctx context.Context, token string) (context

return ctx, "", http.StatusOK, codes.OK
}

func (a oidcAuthenticator) LoginPath(tenant string) string {
return strings.ReplaceAll("/oidc/{tenant}/login", "{tenant}", tenant)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe path.Join("/oidc", tenant, "login") would be better here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am happy to make this change.

We currently have handlerPrefix = "/oidc/{tenant}" and return "/oidc/{tenant}", a.handler. My thought was that it was nice to keep a similar appearance in related code. Eventually those two fragments and my new piece should be merged.

Similar code exists in authentication/openshift.go. Let me know what you think and I will make it happen.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd still say path.Join is more common in our code base as well as easier on the eyes, it's a minor point though.

@esnible esnible marked this pull request as ready for review April 13, 2022 12:34
@esnible esnible mentioned this pull request Apr 13, 2022
Closed
@frzifus
Copy link
Contributor

frzifus commented Apr 14, 2022

Hi, whats the status here?

matej-g
matej-g reviewed Apr 19, 2022
View reviewed changes
Copy link
Contributor

@matej-g matej-g left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @esnible is this still draft? I think the solution looks good 👍

@esnible
Copy link
Contributor Author

esnible commented Apr 19, 2022

@matej-g I marked this ready for review six days ago.

matej-g
matej-g approved these changes Apr 20, 2022
View reviewed changes
Copy link
Contributor

@matej-g matej-g left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking good to me, thanks @esnible 👍

authentication/oidc.go
@@ -434,3 +434,7 @@ func (a oidcAuthenticator) checkAuth(ctx context.Context, token string) (context

return ctx, "", http.StatusOK, codes.OK
}

func (a oidcAuthenticator) LoginPath(tenant string) string {
return strings.ReplaceAll("/oidc/{tenant}/login", "{tenant}", tenant)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd still say path.Join is more common in our code base as well as easier on the eyes, it's a minor point though.

squat
squat requested changes Apr 20, 2022
View reviewed changes
Copy link
Member

@squat squat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see any changes / additions to the API accompanied by a proposal with concrete plans about how to standardize this behavior and a discussion of alternatives. Otherwise I'm afraid we'll perpetually lock ourselves into one-off behavior.

@esnible
Copy link
Contributor Author

esnible commented Apr 20, 2022

I'd like to see any changes / additions to the API accompanied by a proposal with concrete plans about how to standardize this behavior and a discussion of alternatives. Otherwise I'm afraid we'll perpetually lock ourselves into one-off behavior.

Fair enough.

I was trying to be helpful by offering a proposal for how a user might log out of one tenant and into another. How do you envision it working for logs and metrics?

@esnible esnible closed this Jul 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saswatamcode saswatamcode saswatamcode left review comments

@squat squat squat requested changes

@matej-g matej-g matej-g approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

tenant logout handler
5 participants
@esnible @frzifus @squat @matej-g @saswatamcode