Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth): server side changes for new worker auth flow #790

Merged
merged 25 commits into from
Mar 23, 2023
Merged

feat(auth): server side changes for new worker auth flow #790

merged 25 commits into from
Mar 23, 2023

Conversation

ecrupper
Copy link
Contributor

@ecrupper ecrupper self-assigned this Mar 15, 2023
github-actions[bot]
github-actions bot reviewed Mar 15, 2023
View reviewed changes
api/admin/worker.go Show resolved Hide resolved
internal/token/mint.go Show resolved Hide resolved
internal/token/mint.go Show resolved Hide resolved
api/admin/worker.go Show resolved Hide resolved
internal/token/mint.go Show resolved Hide resolved
internal/token/mint.go Show resolved Hide resolved
router/middleware/claims/claims_test.go Show resolved Hide resolved
router/middleware/claims/claims_test.go Show resolved Hide resolved
router/middleware/claims/claims_test.go Show resolved Hide resolved
router/middleware/executors/executors.go Show resolved Hide resolved
This was referenced Mar 17, 2023
Merged
Merged
@ecrupper ecrupper marked this pull request as ready for review March 21, 2023 01:58
@ecrupper ecrupper requested a review from a team as a code owner March 21, 2023 01:58
@codecov
Copy link

codecov bot commented Mar 21, 2023
edited
Loading

Codecov Report

Merging #790 (05b7cd2) into main (b37567d) will increase coverage by 56.48%.
The diff coverage is 18.75%.

Impacted file tree graph

@@            Coverage Diff            @@
##           main     #790       +/-   ##
=========================================
+ Coverage      0   56.48%   +56.48%     
=========================================
  Files         0      243      +243     
  Lines         0    16164    +16164     
=========================================
+ Hits          0     9131     +9131     
- Misses        0     6628     +6628     
- Partials      0      405      +405
Impacted Files Coverage Δ
api/build.go 1.48% <0.00%> (ø)
api/token.go 0.00% <0.00%> (ø)
api/worker.go 0.00% <0.00%> (ø)
internal/token/mint.go 51.11% <0.00%> (ø)
router/middleware/executors/executors.go 2.81% <0.00%> (ø)
router/middleware/perm/perm.go 59.48% <67.56%> (ø)
router/middleware/claims/claims.go 100.00% <100.00%> (ø)

... and 236 files with indirect coverage changes

plyr4
plyr4 previously requested changes Mar 21, 2023
View reviewed changes
Copy link
Contributor

@plyr4 plyr4 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs server mocks for admin/register-token (probably not validate though)
correction: validate needs a mocked endpoint but probably not a mock response json

github-actions[bot]
github-actions bot reviewed Mar 21, 2023
View reviewed changes
mock/server/worker.go Show resolved Hide resolved
api/worker.go Show resolved Hide resolved
@plyr4 plyr4 dismissed their stale review March 21, 2023 16:01

mocks added

cognifloyd
cognifloyd reviewed Mar 22, 2023
View reviewed changes
api/worker.go Outdated Show resolved Hide resolved
api/worker.go Show resolved Hide resolved
cognifloyd
cognifloyd reviewed Mar 22, 2023
View reviewed changes
Copy link
Member

@cognifloyd cognifloyd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's closer. I see one more issue with UpdateWorker, and then I can approve.

api/worker.go Outdated
if secret, ok := c.Value("secret").(string); ok {
tkn := new(library.Token)
tkn.SetToken(secret)
c.JSON(http.StatusOK, WorkerCheckIn{Worker: w, Token: tkn})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the swagger doc comment's 200 response needs to be updated to show the two different response types: Worker, and WorkerCheckIn.

Copy link
Member

@cognifloyd cognifloyd Mar 23, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, sdk-go is going to need to know about both types that can be returned. Or, maybe the worker needs a different server end point it can use to check in and get the new token.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The more I think about this, the more I think it should just be a separate endpoint altogether

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The latest commit decoupled UpdateWorker and RefreshWorkerAuth, which I think is much cleaner. Plus we don't have to create a temporary struct as a return type. I also took this change to its natural conclusion and eliminated platform admin access to refresh auth, as that can only cause problems in practice.

Thank you for the feedback!

cognifloyd
cognifloyd previously approved these changes Mar 23, 2023
View reviewed changes
cognifloyd
cognifloyd reviewed Mar 23, 2023
View reviewed changes
api/worker.go Show resolved Hide resolved
api/worker.go Outdated Show resolved Hide resolved
plyr4
plyr4 requested changes Mar 23, 2023
View reviewed changes
mock/server/server.go Outdated Show resolved Hide resolved
plyr4
plyr4 requested changes Mar 23, 2023
View reviewed changes
mock/server/server.go Outdated Show resolved Hide resolved
wass3rw3rk
wass3rw3rk reviewed Mar 23, 2023
View reviewed changes
api/admin/worker.go Outdated Show resolved Hide resolved
api/token.go Show resolved Hide resolved
router/middleware/executors/executors.go Show resolved Hide resolved
plyr4
plyr4 requested changes Mar 23, 2023
View reviewed changes
mock/server/worker.go Outdated Show resolved Hide resolved
wass3rw3rk
wass3rw3rk previously approved these changes Mar 23, 2023
View reviewed changes
@ecrupper ecrupper merged commit 5ffbe81 into main Mar 23, 2023
@ecrupper ecrupper deleted the worker-auth/complete branch March 23, 2023 21:37
@ecrupper ecrupper mentioned this pull request Mar 29, 2023
Merged
@ecrupper ecrupper mentioned this pull request Apr 7, 2023
Merged
@colindean colindean mentioned this pull request Aug 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cognifloyd cognifloyd cognifloyd left review comments

@github-actions github-actions[bot] github-actions[bot] left review comments

@plyr4 plyr4 plyr4 approved these changes

@wass3rw3rk wass3rw3rk wass3rw3rk approved these changes

Assignees

@ecrupper ecrupper

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ecrupper @cognifloyd @plyr4 @wass3rw3rk