Configurable persistence of friendly name to KV #7572
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eladlachmi
added
include-changelog
E2E Test Results - DynamoDB Local - Local Block Adapter |
|
♻️ PR Preview 061bf05 has been successfully destroyed since this PR has been closed.
🤖 By surge-preview |
Isan-Rivkin
requested changes
Mar 18, 2024
|
@Isan-Rivkin, I've refactored the implementation to align it with the new design. I would appreciate your re-review. Thanks! 🙏🏻 |
Isan-Rivkin
requested changes
Mar 27, 2024
api/authorization.yml
Outdated
| put: | ||
| tags: | ||
| - auth | ||
| operationId: updateFriendlyName |
There was a problem hiding this comment.
Can we align both the swagger and the auth service to have the same name?
e.g updateUserFriendlyName
docs/reference/configuration.md
Outdated
| @@ -101,11 +101,13 @@ This reference uses `.` to denote the nesting of values. | |||
| * `auth.cookie_auth_verification.default_initial_groups` (string[] : [])` - By default, users will be assigned to these groups | |||
| * `auth.cookie_auth_verification.initial_groups_claim_name` `(string[] : [])` - Use this claim from the ID token to provide the initial group for new users. This will take priority if `auth.cookie_auth_verification.default_initial_groups` is also set. | |||
| * `auth.cookie_auth_verification.friendly_name_claim_name` `(string[] : )` - If specified, the value from the claim with this name will be used as the user's display name. | |||
| * `auth.cookie_auth_verification.persist_friendly_name` `(string : false)` - If set to `true`, the friendly name is persisted to the KV store and can be displayed in the user list. This is meant to be used in conjunction with `auth.oidc.friendly_name_claim_name`. | |||
There was a problem hiding this comment.
Suggested change
| * `auth.cookie_auth_verification.persist_friendly_name` `(string : false)` - If set to `true`, the friendly name is persisted to the KV store and can be displayed in the user list. This is meant to be used in conjunction with `auth.oidc.friendly_name_claim_name`. | |
| * `auth.cookie_auth_verification.persist_friendly_name` `(string : false)` - If set to `true`, the friendly name is persisted to the KV store and can be displayed in the user list. This is meant to be used in conjunction with `auth.cookie_auth_verification.friendly_name_claim_name`. |
pkg/api/auth_middleware.go
Outdated
Comment on lines
197
to
208
| func enhanceWithFriendlyName(ctx context.Context, user *model.User, friendlyName string, persistFriendlyName bool, authService auth.Service, logger logging.Logger) *model.User { | ||
| if friendlyName != "" { | ||
| user.FriendlyName = &friendlyName | ||
| if persistFriendlyName && swag.StringValue(user.FriendlyName) != friendlyName { | ||
| err := authService.UpdateUserFriendlyName(ctx, user.Username, friendlyName) | ||
| if err != nil { | ||
| logger.WithError(err).Error("update user friendly name") | ||
| } | ||
| } | ||
| } | ||
| return user | ||
| } |
There was a problem hiding this comment.
Suggested change
| func enhanceWithFriendlyName(ctx context.Context, user *model.User, friendlyName string, persistFriendlyName bool, authService auth.Service, logger logging.Logger) *model.User { | |
| if friendlyName != "" { | |
| user.FriendlyName = &friendlyName | |
| if persistFriendlyName && swag.StringValue(user.FriendlyName) != friendlyName { | |
| err := authService.UpdateUserFriendlyName(ctx, user.Username, friendlyName) | |
| if err != nil { | |
| logger.WithError(err).Error("update user friendly name") | |
| } | |
| } | |
| } | |
| return user | |
| } | |
| func enhanceWithFriendlyName(ctx context.Context, user *model.User, friendlyName string, persistFriendlyName bool, authService auth.Service, logger logging.Logger) *model.User { | |
| if swag.StringValue(user.FriendlyName) != friendlyName { | |
| user.FriendlyName = swag.String(friendlyName) | |
| if persistFriendlyName { | |
| if err := authService.UpdateUserFriendlyName(ctx, user.Username, friendlyName); err != nil { | |
| logger.WithError(err).Error("failed to update user friendly name") | |
| } | |
| } | |
| } | |
| return user | |
| } |
emulatorchen
pushed a commit
to emulatorchen/lakeFS
that referenced
this pull request
May 27, 2024
* Configurable persistence of friendly name to KV * Update docs and sample config with new property
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #7562
Change Description
Background
Please see the linked issue for context.
New Feature
This PR adds two new configuration flags with a default value of
false:cookie_auth_verification.persist_friendly_name- SAML-based auth APIoidc.persist_friendly_name- OIDC-based auth APIWhen this flag is set to
true, the friendly name claim pointed to byfriendly_name_claim_nameis saved with the user's record in the KV store. Each of the flags is only relevant to its respective authentication method.Before:
After:
Note: domain prefix intentionally removed.
Testing Details
Both positive and negative tests were done manually.
Breaking Change?
None.