Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove OIDC from code #5233

Merged
merged 8 commits into from
Feb 20, 2023
Merged

Remove OIDC from code #5233

merged 8 commits into from
Feb 20, 2023

Conversation

arielshaqed
Copy link
Contributor

Was deprecated... and it's gone!

@arielshaqed arielshaqed added area/auth IAM, authorization, authentication, audit, AAA, and integrations with all those include-changelog PR description should be included in next release changelog team/cloud-native Team cloud native refactor Code refactoring that improves the code but does not affect functionality labels Feb 14, 2023
@arielshaqed arielshaqed linked an issue Feb 14, 2023 that may be closed by this pull request
Remove OIDC support #5231
Closed
Isan-Rivkin
Isan-Rivkin reviewed Feb 14, 2023
View reviewed changes
pkg/api/auth_middleware.go Outdated
@@ -2,10 +2,8 @@ package api

import (
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not compiling unused resources

@arielshaqed arielshaqed requested a review from ortz February 14, 2023 12:59
@arielshaqed
Copy link
Contributor Author

Note to releaser:

Breaking change, requires minor version bump!

@arielshaqed arielshaqed added the area/API Improvements or additions to the API label Feb 14, 2023
Isan-Rivkin
Isan-Rivkin requested changes Feb 14, 2023
View reviewed changes
api/swagger.yml
oidc_auth:
type: apiKey
in: cookie
name: oidc_auth_session
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need this, that's the cookie that is verified by lakeFS.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Restored!

pkg/api/auth_middleware.go Outdated
@@ -117,13 +112,7 @@ func checkSecurityRequirements(r *http.Request,
continue
}
user, err = userByToken(ctx, logger, authService, token)
case "oidc_auth":
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need this + userFromOIDC

@ortz
Copy link
Contributor

ortz commented Feb 14, 2023

@arielshaqed I'll go over it later today, we need someone from VE to be on the reviewers list too (we had a decision back then that shared-ownership repositories changes should be reviewed by at least 1 participant from each team)

ortz
ortz reviewed Feb 15, 2023
View reviewed changes
Copy link
Contributor

@ortz ortz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall looks good, I have nothing to add on top of what @Isan-Rivkin commented.
I do think we should test a built image using this feature branch with our common use-cases and cloud operation.

@arielshaqed arielshaqed force-pushed the chore/5231-oidc-thanks-for-all-the-fish branch from a1f4014 to 4c99834 Compare February 15, 2023 15:41
@arielshaqed
Copy link
Contributor Author

Restored the missing code, thanks! A private image works on a manually-hacked cloud dev-env. I tested explicit logout as well as deleted OIDC auth cookie.

PTAL.

arielshaqed
arielshaqed commented Feb 15, 2023
View reviewed changes
Copy link
Contributor Author

@arielshaqed arielshaqed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

PTAL...

api/swagger.yml
oidc_auth:
type: apiKey
in: cookie
name: oidc_auth_session
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Restored!

Isan-Rivkin
Isan-Rivkin approved these changes Feb 15, 2023
View reviewed changes
Copy link
Contributor

@Isan-Rivkin Isan-Rivkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arielshaqed Looking good!
Please don't forget that this release dependent on a new helm/lakefs release so that the configurations will not break :)

@arielshaqed arielshaqed added the team/versioning-engine Team versioning engine label Feb 16, 2023
@arielshaqed arielshaqed requested a review from a team February 16, 2023 08:15
itaiad200
itaiad200 approved these changes Feb 16, 2023
View reviewed changes
Copy link
Contributor

@itaiad200 itaiad200 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nopcoder
nopcoder approved these changes Feb 16, 2023
View reviewed changes
Copy link
Contributor

@nopcoder nopcoder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! don't forgot to run go tidy to remove the oidc depends.

@arielshaqed arielshaqed force-pushed the chore/5231-oidc-thanks-for-all-the-fish branch from 4c99834 to 2a39ca5 Compare February 20, 2023 13:56
@arielshaqed arielshaqed enabled auto-merge (squash) February 20, 2023 13:58
@arielshaqed
Copy link
Contributor Author

Rebased on trunk; will auto-merge once tests pass.

@arielshaqed arielshaqed merged commit 5a3e2db into master Feb 20, 2023
@arielshaqed arielshaqed deleted the chore/5231-oidc-thanks-for-all-the-fish branch February 20, 2023 14:10
arielshaqed added a commit that referenced this pull request Feb 21, 2023
@arielshaqed
go mod tidy
067f493 
Should have done it on #5233, doing it now.  Sorry.  But just as well, some
of these changes are _not_ due to that PR :-/
@arielshaqed arielshaqed mentioned this pull request Feb 21, 2023
Merged
nopcoder pushed a commit that referenced this pull request Feb 21, 2023
@arielshaqed
go mod tidy (#5298)
a940c20 
Should have done it on #5233, doing it now.  Sorry.  But just as well, some
of these changes are _not_ due to that PR :-/
@Isan-Rivkin Isan-Rivkin mentioned this pull request Feb 21, 2023
Merged
This was referenced Feb 22, 2023
Merged
Merged
This was referenced Mar 6, 2023
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ortz ortz ortz left review comments

@nopcoder nopcoder nopcoder approved these changes

@itaiad200 itaiad200 itaiad200 approved these changes

@Isan-Rivkin Isan-Rivkin Isan-Rivkin approved these changes

Assignees
No one assigned
Labels
area/API Improvements or additions to the API area/auth IAM, authorization, authentication, audit, AAA, and integrations with all those include-changelog PR description should be included in next release changelog refactor Code refactoring that improves the code but does not affect functionality team/cloud-native Team cloud native team/versioning-engine Team versioning engine
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove OIDC support
5 participants
@arielshaqed @ortz @nopcoder @itaiad200 @Isan-Rivkin