oidc-proxy new iam 2 #6059

StekPerepolnen · 2024-06-28T08:42:48Z

Changelog entry

issue

Added oidc-proxy configuration parameters. This includes auth-profile, which determines the logic that oidc_proxy will follow. Possible options: y-profile, n-profile. Default is y-profile
For oidc_proxy handlers, added a new version of logic depending on auth-profile. The old handlers were not changed, so some logic is duplicated. I plan to combine some of the logic in a minor refactoring later.
For tokenator (mvp authentithication) added a new version of logic depending on auth-profile also. I plan to new version support for meta later.
Moved new iam spec to github into public api
Changed the endpoint names in tests to more neutral ones.

Changelog category

Improvement
Feature

Additional information

...

github-actions · 2024-06-28T09:01:18Z

⚪ 2024-06-28 09:01:18 UTC Pre-commit check for 6f3d4f5 has started.
⚪ 2024-06-28 09:03:26 UTC Build linux-x86_64-release-clang14 is running...
🟢 2024-06-28 09:04:30 UTC Build successful.

github-actions · 2024-06-28T09:08:22Z

⚪ 2024-06-28 09:08:22 UTC Pre-commit check for 6f3d4f5 has started.
⚪ 2024-06-28 09:10:25 UTC Build linux-x86_64-relwithdebinfo is running...
🟢 2024-06-28 09:11:19 UTC Build successful.
⚪ 2024-06-28 09:11:34 UTC Tests are running...
🟢 2024-06-28 09:11:49 UTC Tests successful.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
16	16	0	0	0	0

github-actions · 2024-06-28T09:16:04Z

⚪ 2024-06-28 09:16:04 UTC Pre-commit check for 6f3d4f5 has started.
⚪ 2024-06-28 09:18:42 UTC Build linux-x86_64-release-asan is running...
🟢 2024-06-28 09:19:28 UTC Build successful.
⚪ 2024-06-28 09:19:38 UTC Tests are running...
🟢 2024-06-28 09:19:52 UTC Tests successful.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
16	16	0	0	0	0

github-actions · 2024-06-28T11:15:09Z

⚪ 2024-06-28 11:15:08 UTC Pre-commit check for 637bd34 has started.
⚪ 2024-06-28 11:17:51 UTC Build linux-x86_64-release-asan is running...
🟢 2024-06-28 11:18:35 UTC Build successful.
⚪ 2024-06-28 11:18:48 UTC Tests are running...
🟢 2024-06-28 11:19:01 UTC Tests successful.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
16	16	0	0	0	0

github-actions · 2024-06-28T11:22:51Z

⚪ 2024-06-28 11:22:51 UTC Pre-commit check for 637bd34 has started.
⚪ 2024-06-28 11:25:31 UTC Build linux-x86_64-release-clang14 is running...
🟢 2024-06-28 11:26:18 UTC Build successful.

github-actions · 2024-06-28T11:23:52Z

⚪ 2024-06-28 11:23:52 UTC Pre-commit check for 637bd34 has started.
⚪ 2024-06-28 11:26:20 UTC Build linux-x86_64-relwithdebinfo is running...
🟢 2024-06-28 11:26:55 UTC Build successful.
⚪ 2024-06-28 11:27:05 UTC Tests are running...
🟢 2024-06-28 11:27:18 UTC Tests successful.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
16	16	0	0	0	0

github-actions · 2024-07-01T20:27:05Z

⚪ 2024-07-01 20:27:05 UTC Pre-commit check for 01350bd has started.
⚪ 2024-07-01 20:29:10 UTC Build linux-x86_64-release-clang14 is running...
🟢 2024-07-01 20:30:01 UTC Build successful.

github-actions · 2024-07-01T20:31:13Z

⚪ 2024-07-01 20:31:13 UTC Pre-commit check for 01350bd has started.
⚪ 2024-07-01 20:33:17 UTC Build linux-x86_64-relwithdebinfo is running...
🟢 2024-07-01 20:34:01 UTC Build successful.
⚪ 2024-07-01 20:34:14 UTC Tests are running...
🟢 2024-07-01 20:34:29 UTC Tests successful.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
16	16	0	0	0	0

github-actions · 2024-07-01T20:35:12Z

⚪ 2024-07-01 20:35:12 UTC Pre-commit check for 01350bd has started.
⚪ 2024-07-01 20:37:48 UTC Build linux-x86_64-release-asan is running...
🟢 2024-07-01 20:38:34 UTC Build successful.
⚪ 2024-07-01 20:38:41 UTC Tests are running...
🟢 2024-07-01 20:38:54 UTC Tests successful.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
16	16	0	0	0	0

github-actions · 2024-07-02T14:37:43Z

⚪ 2024-07-02 14:37:43 UTC Pre-commit check for a728cc6 has started.
⚪ 2024-07-02 14:39:48 UTC Build linux-x86_64-release-asan is running...
🟢 2024-07-02 14:40:28 UTC Build successful.
⚪ 2024-07-02 14:40:35 UTC Tests are running...
🟢 2024-07-02 14:40:48 UTC Tests successful.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
16	16	0	0	0	0

github-actions · 2024-07-02T14:43:06Z

⚪ 2024-07-02 14:43:06 UTC Pre-commit check for a728cc6 has started.
⚪ 2024-07-02 14:45:07 UTC Build linux-x86_64-release-clang14 is running...
🟢 2024-07-02 14:45:47 UTC Build successful.

github-actions · 2024-07-02T14:46:50Z

⚪ 2024-07-02 14:46:50 UTC Pre-commit check for a728cc6 has started.
⚪ 2024-07-02 14:48:51 UTC Build linux-x86_64-relwithdebinfo is running...
🟢 2024-07-02 14:49:29 UTC Build successful.
⚪ 2024-07-02 14:49:39 UTC Tests are running...
🟢 2024-07-02 14:49:53 UTC Tests successful.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
16	16	0	0	0	0

github-actions · 2024-07-04T21:32:34Z

⚪ 2024-07-04 21:32:34 UTC Pre-commit check for cf97be5 has started.
⚪ 2024-07-04 21:34:35 UTC Build linux-x86_64-release-asan is running...
🟢 2024-07-04 21:35:22 UTC Build successful.
⚪ 2024-07-04 21:35:37 UTC Tests are running...
🔴 2024-07-04 21:36:51 UTC Some tests failed, follow the links below.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
17	2	0	4	11	0

github-actions · 2024-07-04T21:32:34Z

⚪ 2024-07-04 21:32:34 UTC Pre-commit check for cf97be5 has started.
⚪ 2024-07-04 21:34:40 UTC Build linux-x86_64-release-clang14 is running...
🟢 2024-07-04 21:35:31 UTC Build successful.

github-actions · 2024-07-04T21:32:35Z

⚪ 2024-07-04 21:32:35 UTC Pre-commit check for cf97be5 has started.
⚪ 2024-07-04 21:34:38 UTC Build linux-x86_64-relwithdebinfo is running...
🟢 2024-07-04 21:35:32 UTC Build successful.
⚪ 2024-07-04 21:35:43 UTC Tests are running...
🔴 2024-07-04 21:36:59 UTC Some tests failed, follow the links below.

Test history | Test log

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
17	2	0	4	11	0

github-actions · 2024-07-04T22:02:03Z

⚪ 2024-07-04 22:02:03 UTC Pre-commit check for 4f43c3a has started.

github-actions · 2024-07-04T22:03:22Z

⚪ 2024-07-04 22:03:22 UTC Pre-commit check for 4f43c3a has started.
⚪ 2024-07-04 22:05:22 UTC Build linux-x86_64-relwithdebinfo is running...
⚫ 2024-07-04 22:06:11 UTC Check cancelled

github-actions · 2024-07-04T22:04:48Z

⚪ 2024-07-04 22:04:48 UTC Pre-commit check for 4f43c3a has started.
⚫ 2024-07-04 22:06:23 UTC Check cancelled

github-actions · 2024-07-04T22:07:48Z

⚪ 2024-07-04 22:07:48 UTC Pre-commit check for ba12333 has started.
⚫ 2024-07-04 22:08:17 UTC Check cancelled

github-actions · 2024-07-04T22:09:45Z

⚪ 2024-07-04 22:09:45 UTC Pre-commit check for 62d801d has started.
⚪ 2024-07-04 22:11:45 UTC Build linux-x86_64-release-clang14 is running...
🟢 2024-07-04 22:12:30 UTC Build successful.

UgnineSirdis · 2024-07-18T13:12:30Z

ydb/mvp/oidc_proxy/oidc_session_create_nebius.h

+
+    void RemoveAppliedCookie(const TString& cookieName) override {
+        ResponseHeaders.Set("Set-Cookie", TStringBuilder() << cookieName << "=; Path=" << GetAuthCallbackUrl() << "; Max-Age=0");
+        ResponseHeaders.Set("Set-Cookie", TStringBuilder() << CreateNameSessionCookie(Settings.ClientId) << "=; Max-Age=0");


Is it valid to set two headers with the same name?
We have TMap for headers here, not multimap((

ydb/mvp/oidc_proxy/oidc_session_create_nebius.h

ydb/mvp/oidc_proxy/openid_connect.h

UgnineSirdis

Review comments

ydb/mvp/core/mvp_tokens.cpp

github-actions · 2024-07-18T13:55:49Z

⚪ 2024-07-18 13:55:49 UTC Pre-commit check for 2a0ad96 has started.
⚫ 2024-07-18 13:56:56 UTC Check cancelled

github-actions · 2024-07-18T13:59:06Z

⚪ 2024-07-18 13:59:06 UTC Pre-commit check for 29d6284 has started.
⚪ 2024-07-18 14:01:15 UTC Build+Tests linux-x86_64-release-clang14 is running...
🟢 2024-07-18 14:02:27 UTC Build successful.

github-actions · 2024-07-18T13:59:42Z

⚪ 2024-07-18 13:59:42 UTC Pre-commit check for 29d6284 has started.
⚪ 2024-07-18 14:01:54 UTC Build+Tests linux-x86_64-release-asan is running...
🟢 2024-07-18 14:03:46 UTC Build successful.
🔴 2024-07-18 14:03:54 UTC Some tests failed, follow the links below.

Test history | Ya make output

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
25	9	0	4	12	0

github-actions · 2024-07-18T14:00:57Z

⚪ 2024-07-18 14:00:57 UTC Pre-commit check for 29d6284 has started.
⚪ 2024-07-18 14:03:18 UTC Build+Tests linux-x86_64-relwithdebinfo is running...
🟢 2024-07-18 14:05:31 UTC Build successful.
🔴 2024-07-18 14:05:47 UTC Some tests failed, follow the links below.

Test history | Ya make output

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
25	4	0	2	19	0

github-actions · 2024-07-18T14:24:13Z

⚪ 2024-07-18 14:24:12 UTC Pre-commit check for 455eefe has started.
⚫ 2024-07-18 14:25:32 UTC Check cancelled

github-actions · 2024-07-18T14:24:47Z

⚪ 2024-07-18 14:24:47 UTC Pre-commit check for 455eefe has started.
⚫ 2024-07-18 14:25:39 UTC Check cancelled

github-actions · 2024-07-18T14:25:13Z

⚪ 2024-07-18 14:25:13 UTC Pre-commit check for 455eefe has started.
⚫ 2024-07-18 14:25:43 UTC Check cancelled

github-actions · 2024-07-18T14:27:42Z

⚪ 2024-07-18 14:27:41 UTC Pre-commit check for ae4d1b8 has started.
⚪ 2024-07-18 14:30:04 UTC Build+Tests linux-x86_64-release-clang14 is running...
🟢 2024-07-18 14:31:10 UTC Build successful.

github-actions · 2024-07-18T14:27:50Z

⚪ 2024-07-18 14:27:50 UTC Pre-commit check for ae4d1b8 has started.
⚪ 2024-07-18 14:30:07 UTC Build+Tests linux-x86_64-release-asan is running...
🟢 2024-07-18 14:31:16 UTC Build successful.
🟢 2024-07-18 14:31:33 UTC Tests successful.

Test history | Ya make output

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
24	24	0	0	0	0

github-actions · 2024-07-18T14:28:10Z

⚪ 2024-07-18 14:28:09 UTC Pre-commit check for ae4d1b8 has started.
⚪ 2024-07-18 14:30:24 UTC Build+Tests linux-x86_64-relwithdebinfo is running...
🟢 2024-07-18 14:31:29 UTC Build successful.
🟢 2024-07-18 14:31:47 UTC Tests successful.

Test history | Ya make output

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED^?
24	24	0	0	0	0

UgnineSirdis

All other comments we decided to fix in background

github-actions bot added new-feature improvement labels Jun 28, 2024

changed handlers

0489405

StekPerepolnen force-pushed the oidc_oauth2 branch from 875c66e to 0489405 Compare June 28, 2024 09:55

added auth-request config property

07adcf7

StekPerepolnen force-pushed the oidc_oauth2 branch from 37a053f to 07adcf7 Compare July 2, 2024 14:14

StekPerepolnen force-pushed the oidc_oauth2 branch from c7dcc62 to 0783510 Compare July 4, 2024 22:00

StekPerepolnen force-pushed the oidc_oauth2 branch from 0783510 to 1f58de6 Compare July 4, 2024 22:05

added v2

949846b

StekPerepolnen force-pushed the oidc_oauth2 branch from 1f58de6 to 949846b Compare July 4, 2024 22:07