Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow disabling Reaper auth #1163

Merged
merged 8 commits into from
Jan 15, 2024
Merged

Allow disabling Reaper auth #1163

merged 8 commits into from
Jan 15, 2024

Conversation

Miles-Garnsey
Copy link
Member

@Miles-Garnsey Miles-Garnsey commented Jan 10, 2024
edited by adejanovski
Loading

Allow a user to disable Reaper auth by specifically setting the UiUserSecretRef.Name to "".

Fixes #1160

@Miles-Garnsey Miles-Garnsey requested a review from a team as a code owner January 10, 2024 06:38
@Miles-Garnsey Miles-Garnsey force-pushed the feature/reaper-disable-auth branch 2 times, most recently from 8e6a8d0 to deec5ae Compare January 10, 2024 06:44
@Miles-Garnsey Miles-Garnsey force-pushed the feature/reaper-disable-auth branch from deec5ae to c33ee08 Compare January 10, 2024 07:52
@codecov Codecov
Copy link

codecov bot commented Jan 10, 2024
edited
Loading

Codecov Report

Attention: 17 lines in your changes are missing coverage. Please review.

Comparison is base (b02da26) 56.98% compared to head (7fed28d) 57.06%.
Report is 2 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1163      +/-   ##
==========================================
+ Coverage   56.98%   57.06%   +0.08%     
==========================================
  Files         101      101              
  Lines       10419    10428       +9     
==========================================
+ Hits         5937     5951      +14     
+ Misses       3960     3958       -2     
+ Partials      522      519       -3
Files Coverage Δ
controllers/k8ssandra/reaper.go 60.94% <100.00%> (+2.01%) ⬆️
controllers/reaper/reaper_controller.go 52.68% <100.00%> (+0.15%) ⬆️
controllers/k8ssandra/secrets.go 63.63% <22.22%> (-3.04%) ⬇️
pkg/reaper/resource.go 7.81% <0.00%> (-0.67%) ⬇️

... and 3 files with indirect coverage changes

@adejanovski adejanovski marked this pull request as draft January 10, 2024 10:11
@adejanovski
Copy link
Contributor

@Miles-Garnsey, FYI I moved this PR to draft since CI is failing and there seems to be a little more work before it can be reviewed.

@Miles-Garnsey
Copy link
Member Author

Miles-Garnsey commented Jan 11, 2024
edited
Loading

@Miles-Garnsey, FYI I moved this PR to draft since CI is failing and there seems to be a little more work before it can be reviewed.

I'm hoping these are just flakes actually. I've seen flakes on all the failing tests in the last few weeks. (EDIT: nope, there's a problem...)

@Miles-Garnsey
Copy link
Member Author

OK, got tests passing locally, still some manual testing to do if CI goes green for us.

@Miles-Garnsey
Copy link
Member Author

Still testing this, there is some weirdness where the secrets don't appear to be deleted after the cluster is deleted. That's confusing things a little in the case where auth is toggled off and on (the only test still failing is around this case).

@Miles-Garnsey Miles-Garnsey force-pushed the feature/reaper-disable-auth branch from 280595f to 39b041f Compare January 12, 2024 04:28
@Miles-Garnsey Miles-Garnsey force-pushed the feature/reaper-disable-auth branch from 39b041f to f33b8fb Compare January 12, 2024 04:31
@Miles-Garnsey
Copy link
Member Author

Miles-Garnsey commented Jan 12, 2024
edited
Loading

I've manually tested this and it all appears to work now. Ready for review subject to the CI run passing.

What I tested:

  1. When auth is disabled, Reaper UI is available without login.
  2. When auth is re-enabled but the uiUserSecretName field is set "", then Reaper is available without login.
  3. When auth is already enabled and the uiUserSecretName field is removed entirely, Reaper requires a login.

@Miles-Garnsey Miles-Garnsey marked this pull request as ready for review January 12, 2024 05:02
adejanovski
adejanovski approved these changes Jan 12, 2024
View reviewed changes
Copy link
Contributor

@adejanovski adejanovski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Todo: Add a changelog entry.

Just two small things to do and you're good for a merge.

apis/reaper/v1alpha1/reaper_types.go Show resolved Hide resolved
@Miles-Garnsey Miles-Garnsey force-pushed the feature/reaper-disable-auth branch from 97236bd to 7fed28d Compare January 15, 2024 02:59
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions

5.9% Duplication on New Code (required ≤ 3%)

See analysis details on SonarCloud

@Miles-Garnsey Miles-Garnsey merged commit f921858 into k8ssandra:main Jan 15, 2024
59 of 61 checks passed
@c3-clement c3-clement mentioned this pull request Apr 4, 2024
Closed
c3-clement
c3-clement reviewed Apr 4, 2024
View reviewed changes
controllers/k8ssandra/secrets.go
Comment on lines +76 to +88
if kc.Spec.Reaper.UiUserSecretRef == nil {
uiUserSecretRef.Name = reaper.DefaultUiSecretName(kc.SanitizedName())
}
kcKey := utils.GetKey(kc)
if err := secret.ReconcileSecret(ctx, r.Client, cassandraUserSecretRef.Name, kcKey); err != nil {
logger.Error(err, "Failed to reconcile Reaper CQL user secret", "ReaperCassandraUserSecretRef", cassandraUserSecretRef)
return result.Error(err)
}
if err := secret.ReconcileSecret(ctx, r.Client, uiUserSecretRef.Name, kcKey); err != nil {
logger.Error(err, "Failed to reconcile Reaper UI secret", "ReaperUiUserSecretRef", uiUserSecretRef)
return result.Error(err)
if kc.Spec.Reaper.UiUserSecretRef == nil || kc.Spec.Reaper.UiUserSecretRef.Name != "" {
if err := secret.ReconcileSecret(ctx, r.Client, uiUserSecretRef.Name, kcKey); err != nil {
logger.Error(err, "Failed to reconcile Reaper UI secret", "ReaperUiUserSecretRef", uiUserSecretRef)
return result.Error(err)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @Miles-Garnsey @adejanovski ,

Isn't this change backward incompatible?

I just opened a GitHub issue #1269

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c3-clement c3-clement c3-clement left review comments

@adejanovski adejanovski adejanovski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow disabling Reaper UI auth
3 participants
@Miles-Garnsey @adejanovski @c3-clement