Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login endpoint at /api/traces/v1/{tenent}/login #274

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions authentication/authentication.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ type Provider interface {
Middleware() Middleware
GRPCMiddleware() grpc.StreamServerInterceptor
Handler() (string, http.Handler)
LoginPath(tenant string) string
}

type tenantHandlers map[string]http.Handler
Expand All @@ -52,6 +53,7 @@ type ProviderManager struct {
patternHandlers map[string]tenantHandlers
middlewares map[string]Middleware
gRPCInterceptors map[string]grpc.StreamServerInterceptor
authenticator map[string]Provider
logger log.Logger
registrationRetryCount *prometheus.CounterVec
}
Expand All @@ -63,6 +65,7 @@ func NewProviderManager(l log.Logger, registrationRetryCount *prometheus.Counter
patternHandlers: make(map[string]tenantHandlers),
middlewares: make(map[string]Middleware),
gRPCInterceptors: make(map[string]grpc.StreamServerInterceptor),
authenticator: make(map[string]Provider),
logger: l,
}
}
Expand Down Expand Up @@ -91,6 +94,7 @@ func (ah *ProviderManager) InitializeProvider(config map[string]interface{},
ah.mtx.Lock()
ah.middlewares[tenant] = authenticator.Middleware()
ah.gRPCInterceptors[tenant] = authenticator.GRPCMiddleware()
ah.authenticator[tenant] = authenticator
pattern, handler := authenticator.Handler()
if pattern != "" && handler != nil {
if ah.patternHandlers[pattern] == nil {
Expand Down Expand Up @@ -148,6 +152,18 @@ func (ah *ProviderManager) PatternHandler(pattern string) http.HandlerFunc {
})
}

func (ah *ProviderManager) GetLoginPath(tenant string) (string, bool) {
ah.mtx.RLock()
provider, ok := ah.authenticator[tenant]
ah.mtx.RUnlock()

if !ok {
return "", false
}

return provider.LoginPath(tenant), true
}

func getProviderFactory(authType string) (ProviderFactory, error) {
providersMtx.RLock()
defer providersMtx.RUnlock()
Expand Down
4 changes: 4 additions & 0 deletions authentication/authentication_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ func (a dummyAuthenticator) Handler() (string, http.Handler) {
return "", nil
}

func (a dummyAuthenticator) LoginPath(tenant string) string {
return ""
}

func newdummyAuthenticator(c map[string]interface{}, tenant string, registrationRetryCount *prometheus.CounterVec, logger log.Logger) (Provider, error) {
var config dummyAuthenticatorConfig

Expand Down
4 changes: 4 additions & 0 deletions authentication/mtls.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,3 +156,7 @@ func (a MTLSAuthenticator) GRPCMiddleware() grpc.StreamServerInterceptor {
func (a MTLSAuthenticator) Handler() (string, http.Handler) {
return "", nil
}

func (a MTLSAuthenticator) LoginPath(tenant string) string {
return ""
}
4 changes: 4 additions & 0 deletions authentication/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -434,3 +434,7 @@ func (a oidcAuthenticator) checkAuth(ctx context.Context, token string) (context

return ctx, "", http.StatusOK, codes.OK
}

func (a oidcAuthenticator) LoginPath(tenant string) string {
return strings.ReplaceAll("/oidc/{tenant}/login", "{tenant}", tenant)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe path.Join("/oidc", tenant, "login") would be better here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am happy to make this change.

We currently have handlerPrefix = "/oidc/{tenant}" and return "/oidc/{tenant}", a.handler. My thought was that it was nice to keep a similar appearance in related code. Eventually those two fragments and my new piece should be merged.

Similar code exists in authentication/openshift.go. Let me know what you think and I will make it happen.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd still say path.Join is more common in our code base as well as easier on the eyes, it's a minor point though.

}
4 changes: 4 additions & 0 deletions authentication/openshift.go
Original file line number Diff line number Diff line change
Expand Up @@ -507,3 +507,7 @@ func (a OpenShiftAuthenticator) GRPCMiddleware() grpc.StreamServerInterceptor {
func (a OpenShiftAuthenticator) Handler() (string, http.Handler) {
return "/openshift/{tenant}", a.handler
}

func (a OpenShiftAuthenticator) LoginPath(tenant string) string {
return strings.ReplaceAll("/openshift/{tenant}/login", "{tenant}", tenant)
}
18 changes: 18 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -625,6 +625,24 @@ func main() {
})
}

// Redirect "/api/traces/v1/{tenant}/login" to e.g. "/oidc/{tenant}/login".
r.Get("/api/traces/v1/{tenant}/login", func(w http.ResponseWriter, r *http.Request) {
tenant, ok := authentication.GetTenant(r.Context())
if !ok {
w.WriteHeader(http.StatusNotFound)
return
}

// Skip providers without login URLs.
loginPath, ok := pm.GetLoginPath(tenant)
if !ok || loginPath == "" {
w.WriteHeader(http.StatusNotFound)
return
}

http.Redirect(w, r, loginPath, http.StatusMovedPermanently)
})

r.Mount("/api/traces/v1/{tenant}",
stripTenantPrefix("/api/traces/v1",
tracesv1.NewV2Handler(
Expand Down