Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add couch configs to enable proxy authentication #9668

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions couchdb/10-docker-default.ini
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,15 @@ bind_address = 0.0.0.0
server_options = [{recbuf, 262144}]
socket_options = [{sndbuf, 262144}, {nodelay, true}]
require_valid_user = true
authentication_handlers = {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, default_authentication_handler}

[chttpd_auth]
require_valid_user = true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need to set this here. It is already set on line 20 (and I think it belongs in the chttpd section antyway).

Suggested change
require_valid_user = true

secret = 5ec56423-0856-4b13-8ab7-9b476fea2c39 ; CHANGE ME - proxy secret
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also do not think we need to hard-code the secret here. Unless I am mistaken, the COUCHDB_SECRET envar you can supply to the couch container gets set as the httpd_auth.secret value.

Suggested change
secret = 5ec56423-0856-4b13-8ab7-9b476fea2c39 ; CHANGE ME - proxy secret

x_auth_roles = X-Auth-CouchDB-Roles ; http header name for passing the comma separated couch user roles
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like you just kept the default values for these header names. As far as I know, the default values should work fine for our case, but do we even need to include this config here if we just use the default values?

x_auth_username = X-Auth-CouchDB-UserName ; http header name for passing the couch username
proxy_use_secret = true
x_auth_token = X-Auth-CouchDB-Token ; http header name for passing the proxy token

[httpd]
secure_rewrites = false
Expand Down
Loading