-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: add banneduser middleware #455
proposal: add banneduser middleware #455
Conversation
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good overall. I left a few comments though.
Co-authored-by: Alexey Kazakov <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Co-authored-by: Alexey Kazakov <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
Signed-off-by: Francesco Ilario <[email protected]>
@@ -1168,7 +1245,7 @@ func (s *TestProxySuite) token(userID uuid.UUID, extraClaims ...authsupport.Extr | |||
Username: "username-" + userID.String(), | |||
} | |||
|
|||
extra := append(extraClaims, authsupport.WithEmailClaim("[email protected]")) | |||
extra := append([]authsupport.ExtraClaim{authsupport.WithEmailClaim("[email protected]")}, extraClaims...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for context: this change allows us to override the default email set by this auxiliary function. As a result if you don't define an email, you'll have [email protected]
. Otherwise you'll have the one you are explicitly setting
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worth moving this comment to the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done in d81542b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Runtime code looks good! Thank you for addressing my comments. I'm going to review the test code next.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Just one question.
And how are we doing in terms of e2e-tests? We already have some tests which check banned users in proxy, right? Let's make sure that we add some e2e-tests for banned users for the public-viewer proxy PR.
Signed-off-by: Francesco Ilario <[email protected]>
It seems to me the only test we have is https://github.com/codeready-toolchain/toolchain-e2e/blob/1753fd31f70edc8b1645461a70580488157cf45d/test/e2e/parallel/proxy_test.go#L1036 and I don't know why but it fails with BannedUser middleware: https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/codeready-toolchain_registration-service/455/pull-ci-codeready-toolchain-registration-service-master-e2e/1831624866889994240. Do you have any idea? I'm working at some more tests here: codeready-toolchain/toolchain-e2e@master...filariow:toolchain-e2e:banneduser-middleware |
/retest |
I opened a PR for improving banned users test cases: codeready-toolchain/toolchain-e2e#1045 |
/retest |
1 similar comment
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great Job 🚀
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alexeykazakov, filariow, mfrancisc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #455 +/- ##
==========================================
- Coverage 78.75% 78.69% -0.06%
==========================================
Files 42 42
Lines 2739 2774 +35
==========================================
+ Hits 2157 2183 +26
- Misses 489 494 +5
- Partials 93 97 +4
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job 🚀
Just a minor question:
|
||
bb := []toolchainv1alpha1.BannedUser{} | ||
for _, obj := range objs { | ||
unobj := obj.(*unstructured.Unstructured) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we check here the type assertion?
unobj, ok := obj.(*unstructured.Unstructured)
if !ok {
....
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure this can happen. If I'm not mistaken it's stored internally as *unstructured.Unstructured
(cf. https://github.com/kubernetes/client-go/blob/2666bd29867c96168c5e9429fd74fd9bfbedac8b/dynamic/dynamicinformer/informer.go#L138). Also I can not immagine how to write a test for covering this check.
The other functions in this file are using an unchecked casting like this too. I'd say that -if we find out it to be a problem- we can create a PR for fixing this in all the functions. WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Understood! Thank you :)
Quality Gate passedIssues Measures |
proposal for the BannedUser middleware as discussed in #443's review
linked to codeready-toolchain/host-operator#1079 and codeready-toolchain/toolchain-e2e#1045