WG529 Auth styling and flags improvements #1624
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AlinaGoaga
changed the title
|
@foot Hey Simon! Got one issue here which seems to have to do with the proxy but not sure how to fix. If you log in with OIDC, you start with |
|
Can you change to |
|
Yup sorry I left 9001 in the example, I am testing with |
5 tasks
yiannistri
force-pushed
the
auth-updates
branch
from
9ec32c8
to
ce0230d
Compare
yiannistri
approved these changes
Mar 11, 2022
yiannistri
force-pushed
the
auth-updates
branch
from
ce0230d
to
aa9bd5f
Compare
ozamosi
pushed a commit
that referenced
this pull request
Mar 14, 2022
There were quite a few conflicts, but many of them were very easy to resolve: anything related to acceptance tests has been deleted, lots of import conflicts, conficts in generated files, and some things that don't have a common ancestor and yet have almost the same content which makes git twitchy. There were a few more significant conflicts I've dealt with manually: * There's 2 independent implementations of https listeners (#1537, #1483). This also means it's been implemented in two places, `gitops run ui` and `gitops-server`. Keep the rate limiting from the main one, but otherwise mostly stick to the v2 one - it's been written to only work in docker. This means no more certificate generation code: v2 expects you to mount your certificates into the pod. TODO this deletes all gitops-server tests because they're all incompatible * The auth system in main has grown a username, which isn't present in v2. Add it to relevant files. * gitops profile upgrade is new. I've not really investigated how it works or if it still works, I've just adapted the API to the kind of changes we've done and checked that the tests pass. * There's been a lot of tilt rewrites in both branches. Since what you need to deploy the app and what it needs has changed in v2, I've mostly ignored main. * v2 and main disagreed on how to embed many svg images - v2 imported the images via filesystem path where they reside, while main imported them through images.ts. I've followed the v2 pattern. * Commit "Get auth working" (fdd15fb) in v2 rewrote how feature flags work, while main continued developing the old API. I've ported the new main code to the v2 API. * UserSettings had conflicts introduced in "Fix proxy port and user settings styling" (84bdc98) vs "WG529 Auth styling and flags improvements (#1624)" (f7098fb), I've tried to merge those. * Both main and v2 have turned a bunch of hard-coded auth secret name strings into constants. They've placed those constants in different places and given them different values. I gave up on trying to make this good and sensible and decided to just make everything compile and pass tests and start, and am looking forward to someone asking themselves "who would do this!?"
ozamosi
pushed a commit
that referenced
this pull request
Mar 14, 2022
There were quite a few conflicts, but many of them were very easy to resolve: anything related to acceptance tests has been deleted, lots of import conflicts, conficts in generated files, and some things that don't have a common ancestor and yet have almost the same content which makes git twitchy. There were a few more significant conflicts I've dealt with manually: * There's 2 independent implementations of https listeners (#1537, #1483). This also means it's been implemented in two places, `gitops run ui` and `gitops-server`. Keep the rate limiting from the main one, but otherwise mostly stick to the v2 one - it's been written to only work in docker. This means no more certificate generation code: v2 expects you to mount your certificates into the pod. * The auth system in main has grown a username, which isn't present in v2. Add it to relevant files. * gitops profile upgrade is new. I've not really investigated how it works or if it still works, I've just adapted the API to the kind of changes we've done and checked that the tests pass. * There's been a lot of tilt rewrites in both branches. Since what you need to deploy the app and what it needs has changed in v2, I've mostly ignored main. * v2 and main disagreed on how to embed many svg images - v2 imported the images via filesystem path where they reside, while main imported them through images.ts. I've followed the v2 pattern. * Commit "Get auth working" (fdd15fb) in v2 rewrote how feature flags work, while main continued developing the old API. I've ported the new main code to the v2 API. * UserSettings had conflicts introduced in "Fix proxy port and user settings styling" (84bdc98) vs "WG529 Auth styling and flags improvements (#1624)" (f7098fb), I've tried to merge those. * Both main and v2 have turned a bunch of hard-coded auth secret name strings into constants. They've placed those constants in different places and given them different values. I gave up on trying to make this good and sensible and decided to just make everything compile and pass tests and start.
Merged
ozamosi
pushed a commit
that referenced
this pull request
Mar 14, 2022
There were quite a few conflicts, but many of them were very easy to resolve: anything related to acceptance tests has been deleted, lots of import conflicts, conficts in generated files (which I've just re-generated and ignored), and some things that don't have a common ancestor and yet have almost the same content which makes git twitchy. There were a few more significant conflicts I've dealt with manually: * There's 2 independent implementations of https listeners (#1537, #1483). This also means it's been implemented in two places, `gitops run ui` and `gitops-server`. Keep the rate limiting from the main one, but otherwise mostly stick to the v2 one - it's been written to only work in docker. This means no more certificate generation code: v2 expects you to mount your certificates into the pod. * The auth system in main has grown a username, which isn't present in v2. Add it to relevant files. * gitops profile upgrade is new. I've not really investigated how it works or if it still works, I've just adapted the API to the kind of changes we've done and checked that the tests pass. * There's been a lot of tilt rewrites in both branches. Since what you need to deploy the app and what it needs has changed in v2, I've mostly ignored main. * v2 and main disagreed on how to embed many svg images - v2 imported the images via filesystem path where they reside, while main imported them through images.ts. I've followed the v2 pattern. * Commit "Get auth working" (fdd15fb) in v2 rewrote how feature flags work, while main continued developing the old API. I've ported the new main code to the v2 API. * UserSettings had conflicts introduced in "Fix proxy port and user settings styling" (84bdc98) vs "WG529 Auth styling and flags improvements (#1624)" (f7098fb), I've tried to merge those. * Both main and v2 have turned a bunch of hard-coded auth secret name strings into constants. They've placed those constants in different places and given them different values. I gave up on trying to make this good and sensible and decided to just make everything compile and pass tests and start.
ozamosi
pushed a commit
that referenced
this pull request
Mar 14, 2022
There were quite a few conflicts, but many of them were very easy to resolve: anything related to acceptance tests has been deleted, lots of import conflicts, conficts in generated files (which I've just re-generated and ignored), and some things that don't have a common ancestor and yet have almost the same content which makes git twitchy. There were a few more significant conflicts I've dealt with manually: * There's 2 independent implementations of https listeners (#1537, #1483). This also means it's been implemented in two places, `gitops run ui` and `gitops-server`. Keep the rate limiting from the main one, but otherwise mostly stick to the v2 one - it's been written to only work in docker. This means no more certificate generation code: v2 expects you to mount your certificates into the pod. * The auth system in main has grown a username, which isn't present in v2. Add it to relevant files. * gitops profile upgrade is new. I've not really investigated how it works or if it still works, I've just adapted the API to the kind of changes we've done and checked that the tests pass. * There's been a lot of tilt rewrites in both branches. Since what you need to deploy the app and what it needs has changed in v2, I've mostly ignored main. * v2 and main disagreed on how to embed many svg images - v2 imported the images via filesystem path where they reside, while main imported them through images.ts. I've followed the v2 pattern. * Commit "Get auth working" (fdd15fb) in v2 rewrote how feature flags work, while main continued developing the old API. I've ported the new main code to the v2 API. * UserSettings had conflicts introduced in "Fix proxy port and user settings styling" (84bdc98) vs "WG529 Auth styling and flags improvements (#1624)" (f7098fb), I've tried to merge those. * Both main and v2 have turned a bunch of hard-coded auth secret name strings into constants. They've placed those constants in different places and given them different values. I gave up on trying to make this good and sensible and decided to just make everything compile and pass tests and start.
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes:
What changed?
sign_inroute redirects to applications page if auth flag is not switched onDocumentation Changes
Added in: #1599
Use to log in with username/password (admin/my-secret-password):
Use to log in with OIDC (if this is not added to the cluster you can pass the CLI params in e.g:
--oidc-issuer-url https://dex-01.wge.dev.weave.works/ --oidc-client-id weave-gitops --oidc-client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 --oidc-redirect-url https://localhost:4567/oauth2/callback):