Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add Oidc preferred username #3629

Merged
merged 42 commits into from
May 25, 2021
Merged

add Oidc preferred username #3629

merged 42 commits into from
May 25, 2021

Conversation

vdiskg
Copy link
Contributor

@vdiskg vdiskg commented Apr 4, 2021

What's the purpose of this PR

add a human readable username for oidc user

Which issue(s) this PR fixes:

Fixes #3625

@vdiskg vdiskg mentioned this pull request Apr 4, 2021
Closed
@codecov-io
Copy link

codecov-io commented Apr 4, 2021
edited
Loading

Codecov Report

Merging #3629 (7850814) into master (3de1d72) will decrease coverage by 0.50%.
The diff coverage is 4.50%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master    #3629      +/-   ##
============================================
- Coverage     50.97%   50.47%   -0.51%     
- Complexity     2329     2330       +1     
============================================
  Files           449      451       +2     
  Lines         14026    14178     +152     
  Branches       1426     1448      +22     
============================================
+ Hits           7150     7156       +6     
- Misses         6389     6536     +147     
+ Partials        487      486       -1
Impacted Files Coverage Δ Complexity Δ
.../com/ctrip/framework/apollo/common/dto/AppDTO.java 0.00% <0.00%> (ø) 0.00 <0.00> (ø)
...com/ctrip/framework/apollo/common/dto/BaseDTO.java 0.00% <0.00%> (ø) 0.00 <0.00> (ø)
...ork/apollo/common/utils/PreferredUsernameUtil.java 0.00% <0.00%> (ø) 0.00 <0.00> (?)
...work/apollo/portal/entity/bo/ReleaseHistoryBO.java 0.00% <0.00%> (ø) 0.00 <0.00> (ø)
...trip/framework/apollo/portal/entity/po/UserPO.java 4.16% <0.00%> (-0.60%) 1.00 <0.00> (ø)
...ctrip/framework/apollo/portal/spi/UserService.java 0.00% <0.00%> (ø) 0.00 <0.00> (?)
...lo/portal/spi/configuration/AuthConfiguration.java 5.55% <0.00%> (ø) 2.00 <0.00> (ø)
...i/oidc/OidcAuthenticationSuccessEventListener.java 0.00% <0.00%> (ø) 0.00 <0.00> (ø)
...ollo/portal/spi/oidc/OidcLocalUserServiceImpl.java 0.00% <0.00%> (ø) 0.00 <0.00> (?)
.../spi/springsecurity/SpringSecurityUserService.java 0.00% <0.00%> (ø) 0.00 <0.00> (ø)
... and 12 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3de1d72...7850814. Read the comment docs.

@nobodyiam
Copy link
Member

For oidc implementation, is it possible to follow the similar implementation of LdapUserService and CtripUserService to query the backend service when searching the users? So that no user info should be stored in local db and the user name could be retrieved on the fly.

https://github.com/ctripcorp/apollo/blob/943bbb4d56bd9d3bbec291ea17136099a3a60b7c/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/ldap/LdapUserService.java#L122-L129

https://github.com/ctripcorp/apollo/blob/943bbb4d56bd9d3bbec291ea17136099a3a60b7c/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/ctrip/CtripUserService.java#L100-L106

@vdiskg
Copy link
Contributor Author

vdiskg commented Apr 5, 2021

For oidc implementation, is it possible to follow the similar implementation of LdapUserService and CtripUserService to query the backend service when searching the users? So that no user info should be stored in local db and the user name could be retrieved on the fly.

https://github.com/ctripcorp/apollo/blob/943bbb4d56bd9d3bbec291ea17136099a3a60b7c/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/ldap/LdapUserService.java#L122-L129

https://github.com/ctripcorp/apollo/blob/943bbb4d56bd9d3bbec291ea17136099a3a60b7c/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/ctrip/CtripUserService.java#L100-L106

it seems impossible because there is no standard way to search users in the oidc scheme. some oidc provider such as keycloak, provided it's custom admin sdk for search users, while others like okta is not even provide a way to search users.

nobodyiam
nobodyiam reviewed Apr 11, 2021
View reviewed changes
apollo-common/src/main/java/com/ctrip/framework/apollo/common/utils/PreferredUsernameUtil.java Outdated Show resolved Hide resolved
apollo-common/src/main/java/com/ctrip/framework/apollo/common/utils/PreferredUsernameUtil.java Outdated Show resolved Hide resolved
apollo-common/src/main/java/com/ctrip/framework/apollo/common/utils/PreferredUsernameUtil.java Outdated Show resolved Hide resolved
apollo-common/src/main/java/com/ctrip/framework/apollo/common/utils/PreferredUsernameUtil.java Outdated Show resolved Hide resolved
apollo-portal/src/main/resources/static/scripts/directive/directive.js Outdated Show resolved Hide resolved
apollo-portal/src/main/resources/static/views/component/namespace-panel-master-tab.html Outdated Show resolved Hide resolved
apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/NamespaceService.java Outdated Show resolved Hide resolved
nobodyiam
nobodyiam reviewed May 1, 2021
View reviewed changes
Copy link
Member

@nobodyiam nobodyiam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the great effort, it looks much better!
Please find the latest comments below.

...lo-portal/src/main/java/com/ctrip/framework/apollo/portal/service/ReleaseHistoryService.java Outdated Show resolved Hide resolved
...main/java/com/ctrip/framework/apollo/portal/service/AdditionalUserInfoEnrichServiceImpl.java Show resolved Hide resolved
scripts/apollo-on-kubernetes/db/portal-db/apolloportaldb.sql Outdated
@@ -284,6 +284,7 @@ CREATE TABLE `Users` (
`Id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
`Username` varchar(64) NOT NULL DEFAULT 'default' COMMENT '用户名',
`Password` varchar(64) NOT NULL DEFAULT 'default' COMMENT '密码',
`PreferredUsername` varchar(512) NOT NULL DEFAULT 'default' COMMENT '用户名称',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering is it better to call it UserDisplayName or simply DisplayName so that the intention is only for display purpose?
Currently we already have this concept in CtripUserService and LdapUserService:

https://github.com/ctripcorp/apollo/blob/de05540e6c9a18cdf370ae95ca5e544d7b8d04bf/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/ctrip/CtripUserService.java#L100-L106

https://github.com/ctripcorp/apollo/blob/de05540e6c9a18cdf370ae95ca5e544d7b8d04bf/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/spi/ldap/LdapUserService.java#L122-L129

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we agree on this, then we may also update the variable names in the programs. I understand it will cause a big refactoring but I think it's worth to clarify the concept.

@github-actions
Copy link

github-actions bot commented May 15, 2021
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@vdiskg
Copy link
Contributor Author

vdiskg commented May 15, 2021

I have read the CLA Document and I hereby sign the CLA

@vdiskg
Copy link
Contributor Author

vdiskg commented May 15, 2021

recheck

nobodyiam
nobodyiam reviewed May 16, 2021
View reviewed changes
...tal/src/main/java/com/ctrip/framework/apollo/portal/enricher/AdditionalUserInfoEnricher.java Outdated
@@ -0,0 +1,22 @@
package com.ctrip.framework.apollo.portal.enricher;

import com.ctrip.framework.apollo.common.dto.BaseDTO;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please remove the unused imports

nobodyiam
nobodyiam reviewed May 16, 2021
View reviewed changes
...rc/main/java/com/ctrip/framework/apollo/portal/enricher/adapter/UserInfoEnrichedAdapter.java
/**
* @author vdisk <vdisk@foxmail.com>
*/
public interface UserInfoEnrichedAdapter {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This abstraction looks good to me.

@nobodyiam
Copy link
Member

@vdisk-group please check your email account (***@foxmail.com), there should be an invitation mail.

@nobodyiam nobodyiam added this to the 1.9.0 milestone May 23, 2021
nobodyiam
nobodyiam approved these changes May 25, 2021
View reviewed changes
Copy link
Member

@nobodyiam nobodyiam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nobodyiam nobodyiam merged commit 150955f into apolloconfig:master May 25, 2021
@github-actions github-actions bot locked and limited conversation to collaborators May 25, 2021
@vdiskg vdiskg deleted the oidc-preferred-username branch June 27, 2021 08:59
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nobodyiam nobodyiam nobodyiam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.9.0
Development

Successfully merging this pull request may close these issues.

Username is not corrected with ocdi user's subject
4 participants
@vdiskg @codecov-io @nobodyiam @codecov-commenter