-
Notifications
You must be signed in to change notification settings - Fork 555
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement AnyAuth Proxy Authentication support #3486
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PeterSchafer
force-pushed
the
test/cliv2_proxy_auth
branch
from
August 1, 2022 12:09
af6e613
to
3092abc
Compare
PeterSchafer
changed the title
test: add first tests for ProxyAuthenticator
chore: Implement AnyAuth Proxy Authentication support
Aug 1, 2022
PeterSchafer
force-pushed
the
test/cliv2_proxy_auth
branch
from
August 1, 2022 12:38
3092abc
to
86ac092
Compare
PeterSchafer
requested review from
jonathansantilli,
dagrest and
julianpellasrice-snyk
August 1, 2022 12:39
PeterSchafer
force-pushed
the
test/cliv2_proxy_auth
branch
from
August 1, 2022 14:06
86ac092
to
5cbdb9d
Compare
PeterSchafer
changed the title
chore: Implement AnyAuth Proxy Authentication support
Implement AnyAuth Proxy Authentication support
Aug 2, 2022
* includes refactorings for improved testability Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: add go get to download gomock Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: check in generated mock Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: added additional test cases refactored common test code Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: add simple minimal test for GetToken() Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: added comment Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: improve proxy tests Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: introduce case insensitive mechanisms and … … support for AnyAuth, which selects out of multiple mechanisms proposed by the proxy Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: updating cache file which expired … … will look into a more permanent solution later Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: minor improvements Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: fix and add tests Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: adapt/fix test Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: adapt to handle tcp reconnect on anyauth Any initial connection without authorization values will be closed by the proxy and a new connection has to be established * some minor refactorings and logging improvements Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: improve docker checks in acceptance tests Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: add ntlm and basic fake auth to proxy config Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: simplify proxy test * includes renaming of IsSupportMechanism() Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: move mock server out of specific test … … for better re-use Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: move some things into httpauth to enable … … creating a module from it Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: use docker based proxy if possible … … to avoid expired checked in files Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: fix and improve test Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: increase timeout and add log message Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: attempt to make test run in CI Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: attempt to make test run in CI Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: attempt to make test run in CI Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: attempt to make test run in CI Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: apply prettier Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> test: added unit test for AuthenticationHandler Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: run go mod tidy Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com>
PeterSchafer
force-pushed
the
test/cliv2_proxy_auth
branch
from
August 2, 2022 16:13
5cbdb9d
to
467b621
Compare
Avishagp
approved these changes
Aug 2, 2022
This was referenced Apr 26, 2023
This was referenced Jun 27, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
It introduces the support for AnyAuth Proxy Authentication, which enables to automatically detect if a proxy requires authentication and determine if both sides support the same mechanisms. Currently the client only supports Negotiate and will require the proxy server to also support it. Depending on the platform Kerberos and on Windows additionally NTLM authentication via Negotiate are supported.
--proxy-negotiate
is dropped, instead AnyAuth is enabled by default.--proxy-noauth
, which disables any proxy authentication.Where should the reviewer start?
cliv2/internal/httpauth/proxy_authenticator.go
How to test manually?
Launch a local proxy using docker
PROXY_HOSTNAME=kerberos.snyk.local SCRIPTS_PATH='<PATH_TO_REPO>cliv2/internal/httpauth/test/fixtures/squid_environment/scripts' CONTAINER_NAME=spnego_test HTTP_PROXY_PORT=3128 docker-compose --file <PATH_TO_REPO>cliv2/internal/httpauth/test/fixtures/squid_environment/docker-compose.yml up --build
Launch the cli like this
snyk --proxy=http://localhost:3128 -d woof