-
Notifications
You must be signed in to change notification settings - Fork 670
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Modify the callback URL string in auth flow, to support custom base URLs in deployments #5192
Conversation
@@ -29,7 +29,7 @@ const ( | |||
) | |||
|
|||
var ( | |||
callbackRelativeURL = config.MustParseURL("/callback") | |||
callbackRelativeURL = config.MustParseURL("callback") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this is necessary, because when Flyteadmin generates the callback URL, the logic looks like URL("foo.tech").ResolveReference(URL("/callback")) -> "foo.tech/callback"
In fact, the base URL can have any path after it, but the result is the same. URL("foo.tech/any/path").ResolveReference(URL("/callback")) -> "foo.tech/callback"
This causes issues when flyte is configured on a custom subpath. To fix this...
By adding foo.tech/custom-subpath/login
as an AuthorizedURI, and changing the reference to "callback", the logic becomes URL("foo.tech/custom-subpath/login").ResolveReference(URL("callback")) -> "foo.tech/custom-subpath/callback"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should any tests be updated in
flyte/flyteadmin/auth/handlers_test.go
Line 117 in 2528de7
func TestGetCallbackHandler(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the test here https://github.com/flyteorg/flyte/pull/5192/files#diff-aa5ac252b2ec45c95649a3a874e727e436be5c932e3d93b5b2aadcfcc83d57feR12
Although I could also merge this into handlers_test.go, no strong preference.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think what you did is better / clearer - thanks!
e9a568c
to
3975fa2
Compare
30016de
to
bb76066
Compare
Signed-off-by: ddl-rliu <[email protected]> x Signed-off-by: ddl-rliu <[email protected]> x Signed-off-by: ddl-rliu <[email protected]>
Signed-off-by: ddl-rliu <[email protected]>
1425610
to
a068bab
Compare
Just FYI - we are successfully running this in our environment with flyte hosted under |
Signed-off-by: Eduardo Apolinario <[email protected]>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #5192 +/- ##
==========================================
+ Coverage 60.97% 60.98% +0.01%
==========================================
Files 793 793
Lines 51331 51331
==========================================
+ Hits 31299 31306 +7
+ Misses 17147 17139 -8
- Partials 2885 2886 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
…ase URLs in deployments (flyteorg#5192) * x Signed-off-by: ddl-rliu <[email protected]> x Signed-off-by: ddl-rliu <[email protected]> x Signed-off-by: ddl-rliu <[email protected]> * x Signed-off-by: ddl-rliu <[email protected]> --------- Signed-off-by: ddl-rliu <[email protected]> Signed-off-by: Eduardo Apolinario <[email protected]> Co-authored-by: Eduardo Apolinario <[email protected]>
Why are the changes needed?
In the auth flow, it seems that Flyteadmin always generates a callback URL, that looks like
foo.tech/callback
However, when Flyte is configured on a custom subpath, this causes an issue, and we actually want the callback to look like
foo.tech/custom-subpath/callback
What changes were proposed in this pull request?
By changing the
callbackURL
variable to "callback", the logic is fixed. Note that this also may require a change to the flyte config, since e.g.foo.tech/custom-subpath/login
should be set as an AuthorizedURI in theconfig.yaml
How was this patch tested?
Setup process
Screenshots
Check all the applicable boxes
Related PRs
Docs link