Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cherry-pick superuser stuff from main #1549

Merged
merged 6 commits into from
Mar 1, 2022
Merged

Cherry-pick superuser stuff from main #1549

merged 6 commits into from
Mar 1, 2022

Conversation

jpellizzari
Copy link
Contributor

@jpellizzari jpellizzari commented Feb 28, 2022

Picks some stuff of of main for us to work on in V2. Having the super-user stuff on the v2 branch will unblock some other work.

@jpellizzari jpellizzari marked this pull request as ready for review February 28, 2022 18:10
@jpellizzari jpellizzari requested review from yiannistri, AlinaGoaga, Callisto13 and ozamosi and removed request for AlinaGoaga February 28, 2022 18:10
@@ -1,6 +1,6 @@
{
"/v1": {
"target": "http://localhost:9001/",
"target": "http://localhost:9000/",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I must admit I'm quite confused about the 9000 vs 9001 - the manifests/helm chart only exports 9001, so what's listening to 9000?

Copy link
Contributor Author

@jpellizzari jpellizzari Feb 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

k8s_resource('wego-app', port_forwards='9000', resource_deps=['gitops-bin'])

AlinaGoaga and others added 5 commits February 28, 2022 10:34
* WG309 Auth Context and Welcome screen - WIP

* WG309 Auth Context and Welcome screen - WIP2

* WG309 Auth Context and Welcome screen - WIP

* Add sign_in handler

* WG309 Update welcome screen form

* WG309 Update sign in formData submit

* WG309 Update sign in req and payload

* Fix format in helm testdata

* Enable CORS for dev

* Remove unnecessary package

* WG309 Userinfo draft and cleanup

* Callback working - use REACT_API_URL=http://0.0.0.0:9001

* WG309 User info returns 200

* WG309 Remove CORS related code

* WG309 Remove CORS related code - update

* Add tests for Signin handler

* Update tests

* Remove username from sign in form

* Add token signer/verifier

* Fix test

* Add new middleware

* Add tests for Signin handler

* User from stash

* WG309 AuthContext update on user info check

* WG309 AuthContext update on user info check - 2

* WG309 Refactor loading in AuthContext

* WG309 AuthContext reruns on history change

* Fix conflict

* WG309 AuthContext refactor

* WG309 On refresh page doesnt go to 404 anymore

* Wrap loading page

* WG309 Fix oidc return url

* Issued cookies should have the Secure attribute to true

* WG309 Display alert error

* Remove secret yaml example

* WG309 Improve loading transition

* Add OIDC flow test for user info endpoint

* WG309 Improve loading transition - 2

* Fix eslint errors

* Split out authchecking from the authcontext, single router

* WG309 Add switch for password visibility

* WG309 Add switch for password visibility - updated

* Update package.json with main version

* Lint it

* Rm security risk printing user-supplied value

* WG309 Hide UI behind flag - WIP

* Push first pass at GET /v1/config

* https in tests

* Revert "https in tests"

This reverts commit 286211b.

* get feature flags innit

* WG309 Hide UI behind feature flag - updated

* Linting and testing

* Update exports

* untagglin

* fix fix fix

* OIDC is optional now

* Update package.lock

* WG309 Hide UI behind feature flag - updated2

* Fix issues in package-lock.json

* Fix issues in package-lock.json - 2

Co-authored-by: Yiannis <yiannis@weave.works>
Co-authored-by: Simon Howe <footless@gmail.com>
* WG309 Auth Context and Welcome screen - WIP

* WG309 Auth Context and Welcome screen - WIP2

* WG309 Auth Context and Welcome screen - WIP

* Add sign_in handler

* WG309 Update welcome screen form

* WG309 Update sign in formData submit

* WG309 Update sign in req and payload

* Fix format in helm testdata

* Enable CORS for dev

* Remove unnecessary package

* WG309 Userinfo draft and cleanup

* Callback working - use REACT_API_URL=http://0.0.0.0:9001

* WG309 User info returns 200

* WG309 Remove CORS related code

* WG309 Remove CORS related code - update

* Add tests for Signin handler

* Update tests

* Remove username from sign in form

* Add token signer/verifier

* Fix test

* Add new middleware

* Add tests for Signin handler

* User from stash

* WG309 AuthContext update on user info check

* WG309 AuthContext update on user info check - 2

* WG309 Refactor loading in AuthContext

* WG309 AuthContext reruns on history change

* Fix conflict

* WG309 AuthContext refactor

* WG309 On refresh page doesnt go to 404 anymore

* Wrap loading page

* WG309 Fix oidc return url

* Issued cookies should have the Secure attribute to true

* WG309 Display alert error

* Remove secret yaml example

* WG309 Improve loading transition

* Add OIDC flow test for user info endpoint

* WG309 Improve loading transition - 2

* Fix eslint errors

* Split out authchecking from the authcontext, single router

* WG309 Add switch for password visibility

* WG309 Add switch for password visibility - updated

* Add BE logout code

* Update package.json with main version

* Lint it

* WG407 Add user settings section - WIP

* Rm security risk printing user-supplied value

* WG407 Add user settings section - WIP2

* WG309 Hide UI behind flag - WIP

* Push first pass at GET /v1/config

* https in tests

* Revert "https in tests"

This reverts commit 286211b.

* get feature flags innit

* WG309 Hide UI behind feature flag - updated

* Linting and testing

* Update exports

* untagglin

* fix fix fix

* OIDC is optional now

* Update package.lock

* WG407 Hide userSettings when authFlag is null

* WG309 Hide UI behind feature flag - updated2

* WG407 Hide userSettings when authFlag is null - 2

* Fix issues in package-lock.json

* Fix issues in package-lock.json - 2

* WG407 Add FeatureFlags context

* WG407 Add FeatureFlags context - updated

* WG407 Add FeatureFlags context - updated2

* Fix linting error

* Update ui/contexts/AuthContext.tsx

Co-authored-by: Simon <footless@gmail.com>

* Implement PR feedback

* Implement PR feedback - 2

Co-authored-by: Yiannis <yiannis@weave.works>
Co-authored-by: Simon Howe <footless@gmail.com>
* Add logout endpoint

* linting

* more linting

* Add test

* Remove extra cookie

* Add failure test
Copy link
Contributor

@yiannistri yiannistri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes for admin flow look fine 👍. Just a note that you'll need to add the relevant RBAC manifests for the admin user to work.

@Callisto13
Copy link
Contributor

Just a note that you'll need to add the relevant RBAC manifests for the admin user to work.

Will we need #1524 as well then?

@Callisto13
Copy link
Contributor

I'll take this as-is now, and will pull over the role pr when i need it.

@Callisto13 Callisto13 merged commit 20630b3 into v2 Mar 1, 2022
@yiannistri
Copy link
Contributor

@Callisto13 apologies just seen your message. Yes you'll likely need that otherwise the admin user won't be able to do much. But you may also need additional permissions, depending on what you need to access as that user.

By the way, that role should not be called resources-reader as it allows all verbs for some resources.

@Callisto13
Copy link
Contributor

Callisto13 commented Mar 1, 2022

Yes you'll likely need that otherwise the admin user won't be able to do much. But you may also need additional permissions, depending on what you need to access as that user.

Cool i will pull the PR over into v2 branch and add more things as i need them

By the way, that role should not be called resources-reader as it allows all verbs for some resources.

Yeh i think I saw that sara changed the name of that role

@jpellizzari jpellizzari deleted the jp-v2-superuser branch March 1, 2022 15:50
jpellizzari added a commit that referenced this pull request Mar 3, 2022
* Auth SignIn - OIDC / Superuser (#1490)

* WG309 Auth Context and Welcome screen - WIP

* WG309 Auth Context and Welcome screen - WIP2

* WG309 Auth Context and Welcome screen - WIP

* Add sign_in handler

* WG309 Update welcome screen form

* WG309 Update sign in formData submit

* WG309 Update sign in req and payload

* Fix format in helm testdata

* Enable CORS for dev

* Remove unnecessary package

* WG309 Userinfo draft and cleanup

* Callback working - use REACT_API_URL=http://0.0.0.0:9001

* WG309 User info returns 200

* WG309 Remove CORS related code

* WG309 Remove CORS related code - update

* Add tests for Signin handler

* Update tests

* Remove username from sign in form

* Add token signer/verifier

* Fix test

* Add new middleware

* Add tests for Signin handler

* User from stash

* WG309 AuthContext update on user info check

* WG309 AuthContext update on user info check - 2

* WG309 Refactor loading in AuthContext

* WG309 AuthContext reruns on history change

* Fix conflict

* WG309 AuthContext refactor

* WG309 On refresh page doesnt go to 404 anymore

* Wrap loading page

* WG309 Fix oidc return url

* Issued cookies should have the Secure attribute to true

* WG309 Display alert error

* Remove secret yaml example

* WG309 Improve loading transition

* Add OIDC flow test for user info endpoint

* WG309 Improve loading transition - 2

* Fix eslint errors

* Split out authchecking from the authcontext, single router

* WG309 Add switch for password visibility

* WG309 Add switch for password visibility - updated

* Update package.json with main version

* Lint it

* Rm security risk printing user-supplied value

* WG309 Hide UI behind flag - WIP

* Push first pass at GET /v1/config

* https in tests

* Revert "https in tests"

This reverts commit 286211b.

* get feature flags innit

* WG309 Hide UI behind feature flag - updated

* Linting and testing

* Update exports

* untagglin

* fix fix fix

* OIDC is optional now

* Update package.lock

* WG309 Hide UI behind feature flag - updated2

* Fix issues in package-lock.json

* Fix issues in package-lock.json - 2

Co-authored-by: Yiannis <yiannis@weave.works>
Co-authored-by: Simon Howe <footless@gmail.com>

* Auth logout (#1492)

* WG309 Auth Context and Welcome screen - WIP

* WG309 Auth Context and Welcome screen - WIP2

* WG309 Auth Context and Welcome screen - WIP

* Add sign_in handler

* WG309 Update welcome screen form

* WG309 Update sign in formData submit

* WG309 Update sign in req and payload

* Fix format in helm testdata

* Enable CORS for dev

* Remove unnecessary package

* WG309 Userinfo draft and cleanup

* Callback working - use REACT_API_URL=http://0.0.0.0:9001

* WG309 User info returns 200

* WG309 Remove CORS related code

* WG309 Remove CORS related code - update

* Add tests for Signin handler

* Update tests

* Remove username from sign in form

* Add token signer/verifier

* Fix test

* Add new middleware

* Add tests for Signin handler

* User from stash

* WG309 AuthContext update on user info check

* WG309 AuthContext update on user info check - 2

* WG309 Refactor loading in AuthContext

* WG309 AuthContext reruns on history change

* Fix conflict

* WG309 AuthContext refactor

* WG309 On refresh page doesnt go to 404 anymore

* Wrap loading page

* WG309 Fix oidc return url

* Issued cookies should have the Secure attribute to true

* WG309 Display alert error

* Remove secret yaml example

* WG309 Improve loading transition

* Add OIDC flow test for user info endpoint

* WG309 Improve loading transition - 2

* Fix eslint errors

* Split out authchecking from the authcontext, single router

* WG309 Add switch for password visibility

* WG309 Add switch for password visibility - updated

* Add BE logout code

* Update package.json with main version

* Lint it

* WG407 Add user settings section - WIP

* Rm security risk printing user-supplied value

* WG407 Add user settings section - WIP2

* WG309 Hide UI behind flag - WIP

* Push first pass at GET /v1/config

* https in tests

* Revert "https in tests"

This reverts commit 286211b.

* get feature flags innit

* WG309 Hide UI behind feature flag - updated

* Linting and testing

* Update exports

* untagglin

* fix fix fix

* OIDC is optional now

* Update package.lock

* WG407 Hide userSettings when authFlag is null

* WG309 Hide UI behind feature flag - updated2

* WG407 Hide userSettings when authFlag is null - 2

* Fix issues in package-lock.json

* Fix issues in package-lock.json - 2

* WG407 Add FeatureFlags context

* WG407 Add FeatureFlags context - updated

* WG407 Add FeatureFlags context - updated2

* Fix linting error

* Update ui/contexts/AuthContext.tsx

Co-authored-by: Simon <footless@gmail.com>

* Implement PR feedback

* Implement PR feedback - 2

Co-authored-by: Yiannis <yiannis@weave.works>
Co-authored-by: Simon Howe <footless@gmail.com>

* Add logout endpoint (#1472)

* Add logout endpoint

* linting

* more linting

* Add test

* Remove extra cookie

* Add failure test

* Set UI proxy port back to 9000

* Render UI even when featureflags route has an error

* run make proto

Co-authored-by: AlinaGoaga <35202557+AlinaGoaga@users.noreply.github.com>
Co-authored-by: Yiannis <yiannis@weave.works>
Co-authored-by: Simon Howe <footless@gmail.com>
Co-authored-by: sarataha <sara@weave.works>
Co-authored-by: Claudia Beresford <claudiaberesford@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

6 participants