Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable OIDC redirect in dashboard #3233

Merged
merged 6 commits into from
Feb 25, 2023
Merged

Enable OIDC redirect in dashboard #3233

merged 6 commits into from
Feb 25, 2023

Conversation

npalaska
Copy link
Member

@npalaska npalaska commented Feb 6, 2023
edited
Loading

This PR enables the redirect to the OIDC server in the dashboard by using the authentication section of the endpoints API.

It makes the following GET request to the OIDC server:

Auth URI: <auth_url>/realms/<oidc_relam>/protocol/openid-connect/auth

URI params:

client_id=<oidc_client_id>
client_secret=<oidc_client_secret>
response_type=code
redirect_uri=http://<pbench-dashboard>
scope=openid
prompt=login

The request will redirect the user to OIDC broker login page and back to the dashboard page upon successful login

PBENCH-1072

@npalaska npalaska self-assigned this Feb 6, 2023
@npalaska npalaska added Dashboard Of and relating to the Dashboard GUI Users Of and relating to working with users. labels Feb 6, 2023
@npalaska npalaska added this to the v0.72 milestone Feb 6, 2023
portante
portante requested changes Feb 7, 2023
View reviewed changes
dashboard/src/actions/authActions.js Outdated Show resolved Hide resolved
dbutenhof
dbutenhof previously approved these changes Feb 7, 2023
View reviewed changes
dashboard/src/actions/authActions.js Outdated Show resolved Hide resolved
dashboard/src/modules/components/AuthComponent/common-components.jsx Outdated
Comment on lines 120 to 127
<Button
variant="primary"
onClick={() => {dispatch(authenticationRequest())}}
>
Red Hat SSO
</Button>
<Button variant="secondary">GitHub</Button>
<Button variant="secondary">Gmail</Button>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wasn't the idea that we'd redirect to the Keycloak broker and let it display the menu of SSO options? Are we really skipping a layer here, or redirecting directly to Red Hat?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I didn't change the button name but I should update it its not a Red Hat SSO button anymore.

portante
portante requested changes Feb 7, 2023
View reviewed changes
Copy link
Member

@portante portante left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even though this is dashboard code, I'd like to see this land after PR #3114.

@npalaska
Copy link
Member Author

npalaska commented Feb 7, 2023

Even though this is dashboard code, I'd like to see this land after PR #3114.

That would make sense because these changes refer to the authentication section of the endpoints API which is going to be renamed as openid-connect, so that would need to be addressed again after #3114 lands.

portante
portante previously requested changes Feb 8, 2023
View reviewed changes
dashboard/src/actions/authActions.js Outdated Show resolved Hide resolved
dbutenhof
dbutenhof previously approved these changes Feb 8, 2023
View reviewed changes
webbnh
webbnh requested changes Feb 8, 2023
View reviewed changes
Copy link
Member

@webbnh webbnh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Part of your change is mutating the Redux state which, as I understand it, we are not supposed to do. Beyond that, I have a few coding suggestions.

dashboard/src/actions/authActions.js Outdated Show resolved Hide resolved
dashboard/src/actions/authActions.js Outdated Show resolved Hide resolved
dashboard/src/actions/authActions.js Outdated Show resolved Hide resolved
dashboard/src/actions/authActions.js Outdated Show resolved Hide resolved
dashboard/src/actions/authActions.js Outdated Show resolved Hide resolved
dashboard/src/actions/authActions.js Outdated Show resolved Hide resolved
@npalaska npalaska mentioned this pull request Feb 9, 2023
Closed
@npalaska npalaska mentioned this pull request Feb 9, 2023
Merged
@npalaska npalaska changed the base branch from main to openid-connect February 9, 2023 18:47
@npalaska npalaska mentioned this pull request Feb 12, 2023
Merged
@npalaska npalaska requested a review from webbnh February 13, 2023 14:18
webbnh
webbnh approved these changes Feb 13, 2023
View reviewed changes
Copy link
Member

@webbnh webbnh left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks better, but the message handling seems like it might want another tweak (and, it would be cool if you fixed the other mutations of the Redux store...).

dashboard/src/actions/authActions.js
: { type: TYPES.OPENID_ERROR }
);
const alert = {
title: error?.response ? error.response.data?.message : error?.message,
Copy link
Member

@webbnh webbnh Feb 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels funny: it says "if there is an error.response then there must be an error.response.data which might contain a message which we can use for the title (but, if it doesn't, then use a title of undefined); otherwise, use a title of error.message (or maybe undefined). That's a lot of undefined's....

In any case, it seems like what we want is something more like this:

          title: error.response?.data?.message
            ? error.response.data.message
            : error?.message ? error.message : "Unexpected error",

That is, if our error.response contains a data which contains a message, then use that message; otherwise, if our error contains a message then use that message; otherwise, fall back to a constant message.

(The current code is assuming that error.response contains a data which may or may not contain a message...are we sure it contains a data?...are we sure that data might not contain a message?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, this is a good suggestion but I will address it in #3250, I need to do some rework there anyway.

dbutenhof
dbutenhof approved these changes Feb 17, 2023
View reviewed changes
Copy link
Member

@dbutenhof dbutenhof left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be good to take Webb's error message suggestion, although perhaps that can be done in the follow-on.

@npalaska
Copy link
Member Author

Hi @portante can you consider removing the objection or reviewing it?

@portante portante dismissed their stale review February 24, 2023 22:31

Not reviewing code on the openid-connect branch.

@npalaska npalaska merged commit e484a38 into distributed-system-analysis:openid-connect Feb 25, 2023
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 9, 2023
@npalaska
Enable OIDC redirect in dashboard (distributed-system-analysis#3233)
f4161fa 
Enable OIDC redirect in the dashboard

PBENCH-1072
npalaska added a commit that referenced this pull request Mar 13, 2023
@npalaska
Enable OIDC redirect in dashboard (#3233)
d3e939c 
Enable OIDC redirect in the dashboard

PBENCH-1072
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 27, 2023
@npalaska
Enable OIDC redirect in dashboard (distributed-system-analysis#3233)
4ad67a1 
Enable OIDC redirect in the dashboard

PBENCH-1072
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 27, 2023
@npalaska
Enable OIDC redirect in dashboard (distributed-system-analysis#3233)
f2aa956 
Enable OIDC redirect in the dashboard

PBENCH-1072
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 28, 2023
@npalaska
Enable OIDC redirect in dashboard (distributed-system-analysis#3233)
723addc 
Enable OIDC redirect in the dashboard

PBENCH-1072
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 30, 2023
@npalaska
Enable OIDC redirect in dashboard (distributed-system-analysis#3233)
00865f0 
Enable OIDC redirect in the dashboard

PBENCH-1072
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 31, 2023
@npalaska
Enable OIDC redirect in dashboard (distributed-system-analysis#3233)
97b92e2 
Enable OIDC redirect in the dashboard

PBENCH-1072
@npalaska npalaska mentioned this pull request Mar 31, 2023
Merged
npalaska added a commit that referenced this pull request Mar 31, 2023
@npalaska
Enable OIDC redirect in dashboard (#3233)
06b0718 
Enable OIDC redirect in the dashboard

PBENCH-1072
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dbutenhof dbutenhof dbutenhof approved these changes

@webbnh webbnh webbnh approved these changes

@MVarshini MVarshini Awaiting requested review from MVarshini

@portante portante Awaiting requested review from portante

Assignees

@npalaska npalaska

Labels
Dashboard Of and relating to the Dashboard GUI Users Of and relating to working with users.
Projects
None yet
Milestone
v0.72
Development

Successfully merging this pull request may close these issues.
4 participants
@npalaska @portante @webbnh @dbutenhof