-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: Move authn into cmd/frontend #63648
Merged
eseliger
merged 1 commit into
main
from
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
Jul 31, 2024
Merged
chore: Move authn into cmd/frontend #63648
eseliger
merged 1 commit into
main
from
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
Jul 31, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jul 4, 2024
Merged
This was referenced Jul 4, 2024
github-actions
bot
added
team/product-platform
team/source
Tickets under the purview of Source - the one Source to graph it all
labels
Jul 4, 2024
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore
branch
from
July 4, 2024 20:29
41f90b8
to
b582762
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 4, 2024 20:29
48139d4
to
32505c0
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore
branch
from
July 5, 2024 05:15
b582762
to
3f0f443
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 5, 2024 05:15
32505c0
to
0a62e2a
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore
branch
from
July 5, 2024 07:36
3f0f443
to
c7fe056
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 5, 2024 07:36
0a62e2a
to
8827da3
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore
branch
from
July 5, 2024 11:28
c7fe056
to
3d8e03d
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 5, 2024 11:28
8827da3
to
4563099
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore
branch
from
July 9, 2024 22:37
3d8e03d
to
d01bc3b
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 9, 2024 22:37
4563099
to
96515fd
Compare
Caution License checking failed, please read: how to deal with third parties licensing. |
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore
branch
from
July 9, 2024 23:25
d01bc3b
to
3fb5d88
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 9, 2024 23:26
96515fd
to
49c2385
Compare
Caution License checking failed, please read: how to deal with third parties licensing. |
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore
branch
from
July 9, 2024 23:56
3fb5d88
to
1cc6bcc
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 9, 2024 23:57
49c2385
to
4eafde8
Compare
Caution License checking failed, please read: how to deal with third parties licensing. |
eseliger
force-pushed
the
es/07-23-authzcomputeprovidersonthefly
branch
from
July 28, 2024 14:44
e8fbddf
to
2f13f50
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 28, 2024 14:44
fcb7563
to
fe401db
Compare
eseliger
changed the title
Move authn into cmd/frontend
chore: Move authn into cmd/frontend
Jul 29, 2024
eseliger
force-pushed
the
es/07-23-authzcomputeprovidersonthefly
branch
from
July 30, 2024 00:47
2f13f50
to
bb95aa9
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 30, 2024 00:47
fe401db
to
6b20598
Compare
eseliger
force-pushed
the
es/07-23-authzcomputeprovidersonthefly
branch
from
July 30, 2024 17:21
bb95aa9
to
13b3a9c
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 30, 2024 17:21
6b20598
to
b947d99
Compare
This was referenced Jul 30, 2024
ggilmore
approved these changes
Jul 30, 2024
eseliger
force-pushed
the
es/07-23-authzcomputeprovidersonthefly
branch
from
July 30, 2024 23:23
13b3a9c
to
980aa69
Compare
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 30, 2024 23:24
b947d99
to
ab3a565
Compare
eseliger
force-pushed
the
es/07-23-authzcomputeprovidersonthefly
branch
from
July 31, 2024 00:46
980aa69
to
2e603ee
Compare
eseliger
changed the base branch from
es/07-23-authzcomputeprovidersonthefly
to
graphite-base/63648
July 31, 2024 00:59
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 31, 2024 01:00
ab3a565
to
80b67b9
Compare
They should not be used outside of cmd/frontend, so making it a frontend internal package. Test plan: Compiler doesn't complain, tests still pass
eseliger
force-pushed
the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
from
July 31, 2024 01:15
80b67b9
to
ce3a944
Compare
eseliger
deleted the
es/07-03-unexportsomeexternallyirrelevantsymbolsfromuploadstore_split
branch
July 31, 2024 01:26
This was referenced Aug 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
cla-signed
team/product-platform
team/source
Tickets under the purview of Source - the one Source to graph it all
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
They should not be used outside of cmd/frontend, so making it a frontend internal package.
While doing that, I realized that there is a coupling dependency between authz providers and auth (which is authN) providers: GitLab code host connections can do authz mapping via the usernames of another OIDC or SAML auth provider (https://sourcegraph.com/docs/admin/code_hosts/gitlab#administrator-sudo-level-access-token). It turns out this feature does not work anymore, since at least several releases, because we don't actually instantiate auth providers outside of
cmd/frontend
and thus the mapping will never find anything (auth providers don't explode when queried before init, unlike authz).This only now became clear as I moved this code, and the dependency graph was broken, so that's a nice property of these cleanups I guess 😬
Since it doesn't seem to work for quite some time, I opted for removing it, and added a changelog entry about it. Not sure if that is sufficient, I raised a thread here: https://sourcegraph.slack.com/archives/C03K05FCRFH/p1721848436473209.
This would've prevented this change and needed more refactoring as unfortunately we cannot map an auth provider by the conf type to a record in the
user_external_accounts
table and need to actually instantiate it.Test plan: Compiler doesn't complain, tests still pass.
Changelog
GitLab code host connections were able to sync permissions by mapping Sourcegraph users to GitLab users via the username property of an external OIDC or SAML provider that is shared across Sourcegraph and GitLab. This integration stopped working a long time ago, and it has been removed in this release.