Auth cookie domain

[pmahindrakar-oss]

TL;DR

Allow user of flyteadmin to specify the cookie settings of there flyteadmin user auth cookies
Allowing subdomain access by setting the domain field in the cookie
and allowing to set SameSite preference to allow firstparty or thirdparty cookies to be sent from the browser.

Mode changes are applicable for only the following cookies

• flyte_at
• flyte_idt
• flyte_user_info

One thing i noticed is that dot prefix gets subsituted by the browser seems like .

A cover domain should not contain a leading dot, like in .cats.com; if it does, the client should remove the leading dot.

source : http://bayou.io/draft/cookie.domain.html

So i didn't find any behavior change with domain setting policy for localhost or hosted.cloud-staging.union.ai

Testing done :

With LAX mode for auth cookies

With Strict mode for auth cookies

Type

• Bug Fix
• Feature
• Plugin

Are all requirements met?

• Code completed
• Smoke tested
• Unit tests added
• Code documentation added
• Any pending items have an associated Issue

Complete description

How did you fix the bug, make the feature etc. Link to any design docs etc

Tracking Issue

Remove the 'fixes' keyword if there will be multiple PRs to fix the linked issue

fixes flyteorg/flyte#2596

Follow-up issue

NA

[EngHabu]

Looks great! thank you for doing that! a couple of nits

[EngHabu]

nice! I guess this works because this is an HTTP request not a GRPC request...

Have you tried it behind an ingress? mind doing that?

[pmahindrakar-oss]

Tested this both with grpc endpoints through flytectl and through flyteconsole and no issues were discovered

[EngHabu]

Does this parse well from a yaml config?

[pmahindrakar-oss]

It does if we pass int values. But added an enum wrapper for good UX.

[codecov]

Codecov Report

Merging #440 (bd08dcd) into master (6e03bd4) will increase coverage by 0.04%.
The diff coverage is 67.77%.

@@            Coverage Diff             @@
##           master     #440      +/-   ##
==========================================
+ Coverage   61.35%   61.39%   +0.04%     
==========================================
  Files         156      158       +2     
  Lines       11111    11181      +70     
==========================================
+ Hits         6817     6865      +48     
- Misses       3589     3607      +18     
- Partials      705      709       +4     

Flag	Coverage Δ
unittests	60.33% <69.56%> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
auth/auth_context.go	0.00% <0.00%> (ø)
auth/config/config.go	71.42% <ø> (ø)
auth/handlers.go	31.14% <50.00%> (ø)
auth/config/domainmatch_enumer.go	54.16% <54.16%> (ø)
auth/config/samesite_enumer.go	54.16% <54.16%> (ø)
auth/cookie_manager.go	58.26% <86.20%> (+7.74%)	⬆️
auth/authzserver/authorize.go	20.63% <100.00%> (ø)
auth/config/config_flags.go	61.22% <100.00%> (+1.65%)	⬆️
auth/cookie.go	74.71% <100.00%> (+0.59%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6e03bd4...bd08dcd. Read the comment docs.