Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

move the oauth server out of the main API server for structure #15744

Merged
merged 1 commit into from Aug 16, 2017
Merged

move the oauth server out of the main API server for structure #15744

merged 1 commit into from Aug 16, 2017

Conversation

deads2k
Copy link
Contributor

@deads2k deads2k commented Aug 11, 2017

@openshift/sig-security fyi

This moves the oauth API server to its own package to make it a little more obvious where pieces come from. It does not restructure the oauth server.

Doing this enables us to organize our handler chain into before and after the standard upstream chain.

@openshift-merge-robot openshift-merge-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Aug 11, 2017
@openshift-merge-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 11, 2017
@deads2k
Copy link
Contributor Author

deads2k commented Aug 11, 2017

I don't see how this can conflict without conflicting. Marking

@smarterclayton
Copy link
Contributor

Stop abusing retest :)

@deads2k
Copy link
Contributor Author

deads2k commented Aug 11, 2017

verify failed on an accidental match. #15733 will fix it.

deads2k
deads2k commented Aug 11, 2017
View reviewed changes
test/integration/web_console_access_test.go
@@ -194,7 +194,7 @@ func TestAccessOriginWebConsoleMultipleIdentityProviders(t *testing.T) {
linkRegexps := make([]string, 0)

// Verify that the plain /login URI is unavailable when multiple IDPs are in use.
urlMap["/login"] = urlResults{http.StatusForbidden, ""}
urlMap["/login"] = urlResults{http.StatusNotFound, ""}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this status code changed because the oauth server no longer falls through to our "normal" chain. If you request a path handled by the oauth server, it is the end of the chain and will 404 on you if you fall through.

deads2k
deads2k commented Aug 11, 2017
View reviewed changes
pkg/cmd/server/origin/master.go
@@ -33,6 +33,12 @@ import (
"github.com/openshift/origin/pkg/user/cache"
)

const (
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in later cleanup, we may move these to the oauth/apiserver package. We just don't really want people depending on the package to get a constant through.

@deads2k
Copy link
Contributor Author

deads2k commented Aug 11, 2017

/retest

1 similar comment
@deads2k
Copy link
Contributor Author

deads2k commented Aug 14, 2017

/retest

@deads2k
Copy link
Contributor Author

deads2k commented Aug 14, 2017

#15467

/retest

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 15, 2017
@openshift-merge-robot openshift-merge-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Aug 15, 2017
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 16, 2017
@ironcladlou
Copy link
Contributor

Doing this enables us to organize our handler chain into before and after the standard upstream chain.

Not stated in the description, but it also seems to be a step towards pluggable oauth servers in general.

Based on my limited exposure to this code and the overall context, everything looks good provided we have good regression tests.

@deads2k deads2k added lgtm Indicates that a PR is ready to be merged. retest-not-required labels Aug 16, 2017
@openshift-merge-robot
Copy link
Contributor

Automatic merge from submit-queue

@openshift-merge-robot openshift-merge-robot merged commit 5c2c56e into openshift:master Aug 16, 2017
@deads2k deads2k deleted the oauth-01-split branch January 24, 2018 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@soltysh soltysh

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. retest-not-required size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@deads2k @openshift-merge-robot @smarterclayton @ironcladlou @soltysh