Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for local auth configuration #3632

Merged
merged 32 commits into from
Jul 6, 2019
Merged

Add support for local auth configuration #3632

merged 32 commits into from
Jul 6, 2019

Conversation

kreinecke
Copy link
Contributor

Add an option in jetstream config to set up a user for local authentication as an alternative to remote auth. Will eventually remove the mandatory provisioning of a UAA.

@cfdreddbot
Copy link

✅ Hey kreinecke! The commit authors and yourself have already signed the CLA.

@codecov
Copy link

codecov bot commented Jun 5, 2019
edited
Loading

Codecov Report

Merging #3632 into v2-master will increase coverage by <.01%.
The diff coverage is 28.57%.

@@              Coverage Diff              @@
##           v2-master    #3632      +/-   ##
=============================================
+ Coverage      51.42%   51.43%   +<.01%     
=============================================
  Files            725      726       +1     
  Lines          20567    20569       +2     
  Branches        3682     3682              
=============================================
+ Hits           10577    10579       +2     
  Misses          9990     9990

@kreinecke kreinecke force-pushed the local-admin-option branch 4 times, most recently from d6f056c to ad10abb Compare June 7, 2019 08:21
@kreinecke
Copy link
Contributor Author

NOTE default.config.properties should be excluded from merge until the corresponding front-end changes have been completed.

kreinecke
kreinecke commented Jun 7, 2019
View reviewed changes
src/jetstream/default.config.properties
INVITE_USER_CLIENT_SECRET=
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file should be excluded from merge to disable this functionality until front-end changes are complete.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you want to comment out the values before we merge?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After other changes have been implemented and gates passed, will remove default config file from this PR entirely as this feature currently has no corresponding front end changes. Will update default config in the pending frontend change - feature will then be complete and config options fully usable.

@kreinecke kreinecke requested review from nwmac and removed request for nwmac June 7, 2019 13:00
kreinecke added 20 commits June 10, 2019 11:52
@kreinecke
Add initial schema and login method skeletons
a4553fc 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Rename LocalUsers datastore with a unique ID. More code to auth.go
9b9b424 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Add last login field to users table. Add unique version string to Reg…
a304f05 
…isterMigration call.

Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Added skeleton code for local users repo.
9323e4b 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Add function to find password hash, to local users repository
7b190bb 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Add function to add new local user, to local users repository
a70924c 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Add remainder of code for local user login. Fix build.
00cf310 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Code to initialise local users table on startup when a local user is …
8b54416 
…set in the config file

Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Fix incorrect field ordering on new user insert
8596a52 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Initial auth test function added to test local login
3f934c4 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Fix convey function ordering for several tests
b3c5582 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
More tests for local login error cases
e35345c 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Add unit tests for local user auth and creation. Start work on implem…
d71dd69 
…enting a new auth endpoint type env var to select local or remote auth type. Modify local users table schema to make GUI and username unique,

Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Finish tests for adding local user. Finish config of remote/local use…
ab982d8 
…r. Add code to update last login time on login. Test for last login time update in progress.

Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Finish auth login code and associated unit tests. Fix backend tests, …
7b83ce9 
…remove info comments

Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Tidy up and fix lint errors
caee9df 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Change name of env var for local user scope. Modify console output on…
9e385f5 
… jetstream startup appropriately depending on whether local or remote auth is configured.

Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Refactor portalProxy.AddLocalUser and portalProxy.doLocalLogin for Co…
73e28fa 
…de Climate gate.

Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Fix code climate issues
c695fd3 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Add LocalUser struct to encapsulate attributes of a local user
f07878a 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
kreinecke added 3 commits June 10, 2019 11:52
@kreinecke
Fix ungraceful jetstream crash during config setup if AUTH_ENDPOINT_T…
1870939 
…YPE not defined. Add auth_endpoint_type to console config DB table

Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Set auth endpoint to local for Travis build/review verification.
607221a
@kreinecke
Fix skipping local user creation bug
a2d1606 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke kreinecke force-pushed the local-admin-option branch from 84fd2bc to a2d1606 Compare June 10, 2019 10:53
kreinecke added 3 commits June 10, 2019 12:27
@kreinecke
Codeclimate fix
829294c 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
backend test fix
d558478 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
push default config for e2e tests
4b2d786 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke kreinecke force-pushed the local-admin-option branch from 54a7c7d to 7c0fda1 Compare June 10, 2019 17:19
@kreinecke
Codeclimate fix
892fb95 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke kreinecke force-pushed the local-admin-option branch from 7c0fda1 to 892fb95 Compare June 10, 2019 17:24
@kreinecke kreinecke requested a review from nwmac June 11, 2019 07:13
@nwmac nwmac added ready for review conflicts Merge conflicts on PR labels Jun 12, 2019
@kreinecke
Resolve conflicts
3fb9d71 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@nwmac nwmac removed the conflicts Merge conflicts on PR label Jun 17, 2019
nwmac
nwmac suggested changes Jun 17, 2019
View reviewed changes
Copy link
Contributor

@nwmac nwmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few comments.

src/jetstream/datastore/20190522121200_LocalUsers.go Outdated
createLocalUsers += "user_scope VARCHAR(36), "
createLocalUsers += "last_login TIMESTAMP, "
createLocalUsers += "last_updated TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP);"
createLocalUsers += "CREATE TRIGGER update_last_updated AFTER UPDATE ON local_users BEGIN UPDATE local_users SET last_updated = DATETIME('now') WHERE _rowid_ = new._rowid_; END;"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a primary key to the table.

Also, does this CREATE TRIGGER syntax work with Postgres? Seems okay on SQLite and MySQL from what I can tell.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks - it is indeed not valid for postgres - I will add alternative trigger definition for that case.

src/jetstream/default.config.properties
INVITE_USER_CLIENT_SECRET=
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you want to comment out the values before we merge?

src/jetstream/main.go
@@ -773,6 +784,10 @@ func (p *portalProxy) registerRoutes(e *echo.Echo, addSetupMiddleware *setupMidd
pp.GET("/v1/auth/sso_login", p.initSSOlogin)
pp.GET("/v1/auth/sso_logout", p.ssoLogoutOfUAA)

// Local User login/logout
pp.POST("/v1/auth/local_login", p.localLogin)
pp.POST("/v1/auth/local_logout", p.logout)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think the local routes and remote routes should check if the corresponding auth type matches and response with 404 ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Will add.

nwmac
nwmac reviewed Jun 19, 2019
View reviewed changes
src/jetstream/datastore/20170818162837_SetupSchema.go Outdated
@@ -10,6 +10,7 @@ import (
func init() {
RegisterMigration(20170818162837, "SetupSchema", func(txn *sql.Tx, conf *goose.DBConf) error {
consoleConfigTable := "CREATE TABLE IF NOT EXISTS console_config ("
consoleConfigTable += " auth_endpoint_type VARCHAR(255) NOT NULL, "
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't change a migration that has already been published - you'll need to move this to an ALTER statement in your new migration file.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Done. Will push with remaining changes.

kreinecke added 2 commits June 20, 2019 18:22
@kreinecke
Complete PR changes. Revert all PR changes to default.config.properties
92a4bfa 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke
Codeclimate fix to DB migration
5f0709d 
Signed-off-by: Kate E. Reinecke <50168367+kreinecke@users.noreply.github.com>
@kreinecke kreinecke requested a review from nwmac June 21, 2019 08:55
nwmac
nwmac reviewed Jun 21, 2019
View reviewed changes
Copy link
Contributor

@nwmac nwmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM - will try it out

@kreinecke
Copy link
Contributor Author

I will make a start on documenting the feature and config on a separate branch. That can be merged when the front end PR is complete. In the meantime if it's not clear when you try it out, let me know.

nwmac
nwmac approved these changes Jul 5, 2019
View reviewed changes
Copy link
Contributor

@nwmac nwmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nwmac nwmac merged commit 26c3b78 into v2-master Jul 6, 2019
@nwmac nwmac deleted the local-admin-option branch July 6, 2019 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nwmac nwmac nwmac approved these changes

Assignees

@kreinecke kreinecke

Labels
ready for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kreinecke @cfdreddbot @nwmac