Closed viktorkrivak closed 4 years ago
Hey @viktorkrivak and thanks for the issue. Your assessment of the problem and the patch makes sense at first glance.
If you'd like to submit the patch, there are unfortunately a few hoops to jump through for your first patch (see docs) but your contribution would be appreciated and I would be more than happy to help you get started on Slack or IRC.
Back to the issue, how are you using EXTERNAL_AUTH
right now ? I'd like to be able to reproduce the issue and test the patch.
Somewhat related: I've noticed just now that it's missing from the docs and so I created an issue so we don't forget about it: https://github.com/ansible-community/ara/issues/124
Hi sorry, I didn't notice that part of documentation about gerrit. I'll send patch the correct way. Also I'll write some notes about EXTERNAL_AUTH to #124 . But it'll take some time because I use apache connected to LDAP so it is unnecessary complex setup for documentation, so I need to simplify it.
Hi sorry, I didn't notice that part of documentation about gerrit. I'll send patch the correct way.
:tada:
Also I'll write some notes about EXTERNAL_AUTH to #124 . But it'll take some time because I use apache connected to LDAP so it is unnecessary complex setup for documentation, so I need to simplify it.
That's great! Let me know if I can help!
Hi, I'm debian maintainer for ara packages. Would you please let me know when this will be merged ? I would like to upload new version and want to be sure that this will go to upstream.
Hey @viktorkrivak, were you still interested in sending the patch ?
Thanks !
Hey @viktorkrivak, were you still interested in sending the patch ?
Thanks !
Well, Viktor is my colleguage :) , I think he already sent a patch above ... But you probably meant Viktor should send pull request , right ?
@keuko OH! Yes, it would be great if he could send it through gerrit. We aren't set up for pull requests yet :( I mentioned the docs in a comment above.
@dmsimard , ok I'm going to process it...
Much appreciated ! Thank you and let me know if you need a hand.
Much appreciated ! Thank you and let me know if you need a hand.
Here it is :) ! https://review.opendev.org/746140 , let me know if I need to change something.
Much appreciated ! Thank you and let me know if you need a hand.
Here it is :) ! https://review.opendev.org/746140 , let me know if I need to change something.
Looks good! I had to rebase your patch for an unrelated failure and left a comment -- should be good to merge afterwards. Thanks.
@keuko there you go :tada:
1.4.3 was released earlier this week and the next release is likely going to be 1.5 with the new CLI work so this is where it would land.
From a packaging standpoint, there is a minor change in yaml library (see https://src.fedoraproject.org/rpms/ara/c/2527ca0fbd214dc6269ef8c15e4e97eb20636b8f?branch=master) and the addition of cliff (same framework as openstackclient) for 1.5 which should already be in debian.
I'll close this issue since the change has landed but note that I'd also like to land the documentation from https://github.com/ansible-community/ara/issues/124 for EXTERNAL_AUTH in time for 1.5.
Let me know if you have any questions !
Hi David,
I've already uploaded new debian package do debian/SID ( with patch also ). I can do the work from #124 https://github.com/ansible-community/ara/issues/124 , but I hate docs :D , so please, could you give me a direction how to deal with it ? I mean, what should be included and where ? Do I need also write playbook for it ?
Thank you for your quick responses :)
Cheers, Michal Arbet ( kevko )
št 13. 8. 2020 o 21:21 David Moreau Simard notifications@github.com napísal(a):
@keuko https://github.com/keuko there you go 🎉
1.4.3 was released earlier this week and the next release is likely going to be 1.5 with the new CLI https://ara.readthedocs.io/en/latest/cli.html work so this is where it would land.
From a packaging standpoint, there is a minor change in yaml library (see https://src.fedoraproject.org/rpms/ara/c/2527ca0fbd214dc6269ef8c15e4e97eb20636b8f?branch=master) and the addition of cliff (same framework as openstackclient) for 1.5 which should already be in debian.
I'll close this issue since the change has landed but note that I'd also like to land the documentation from #124 https://github.com/ansible-community/ara/issues/124 for EXTERNAL_AUTH in time for 1.5.
Let me know if you have any questions !
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ansible-community/ara/issues/123#issuecomment-673664641, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF4UEEIHDAXO5V3NUJP3D63SAQ4NLANCNFSM4MNN47UQ .
Hey @keuko,
Do you have a link for the debian packaging files ? It would be nice to write it down somewhere along with the packaging files for Fedora and SUSE.
I empathize with your feelings for docs, I think we need to do a good docs refresh in general but I won't bother you with that :)
For now if you'd like to add the external auth docs, the best fit would be in the "ARA API Server authentication and security" section (or here in the git repo). Don't be scared to take a first stab at it and we can iterate together during code review if need be.
The support for it in the Ansible roles aren't required. They're nice to have, though, because we use the roles during integration tests so we not only test the roles themselves but also the different ways to deploy and configure ara. I can take care of this eventually.
Note that the roles haven't been removed from this repository just yet but we're in the process of moving those to a collection: https://github.com/ansible-community/ara-collection
Ah, I found the debian packaging work through https://tracker.debian.org/pkg/python-ara. Thank you very much for your work on that !
Hi david,
I've added a review for docs ( usage of external_auth ) here -> https://review.opendev.org/746516 . Could you check and leave some comments ?
Thank you !
Cheers, Michal Arbet ( kevko )
pi 14. 8. 2020 o 16:26 David Moreau Simard notifications@github.com napísal(a):
Ah, I found the debian packaging work through https://tracker.debian.org/pkg/python-ara. Thank you very much for your work on that !
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ansible-community/ara/issues/123#issuecomment-674100713, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF4UEEK2RYN2D5H72XB4Y3LSAVCP7ANCNFSM4MNN47UQ .
Hey @keuko and @viktorkrivak, I just wanted to let you know that external auth was released in 1.5 today. You can see the full release notes here and the highlights on the blog: https://ara.recordsansible.org/blog/2020/09/23/announcing-the-release-of-ara-1.5.0/
Thanks for your patience and your help !
What component is this about ?
ara-server, mainly rest-api
What is your ARA installation like ?
Found in version 1.3.2 (from debian package) but same code is in master
What is happening ?
When EXTERNAL_AUTH is enabled, only admin and healthcheck working properly. /api and index return 401
What should be happening ?
Everything should be working same as it internal auth is used.
Main problem is in server.settings because rest_framework use BasicAuth even if EXTERNAL_AUTH is set. This patch should fix issue
NOTE: sorry If this is not a proper way to post patch. There are no pull request so I have no idea where to put this.