codecov[bot]
commented
5 years ago Codecov Report
Merging #236 into master will decrease coverage by
0.13%. The diff coverage is33.33%.
@@ Coverage Diff @@
## master #236 +/- ##
==========================================
- Coverage 62.25% 62.11% -0.14%
==========================================
Files 50 50
Lines 4069 4036 -33
==========================================
- Hits 2533 2507 -26
- Misses 1349 1350 +1
+ Partials 187 179 -8| Impacted Files | Coverage Δ | |
|---|---|---|
| internal/auth/options.go | 77.5% <ø> (-1.08%) |
:arrow_down: |
| internal/auth/authenticator.go | 86.04% <ø> (-0.35%) |
:arrow_down: |
| internal/auth/mux.go | 78% <ø> (+3%) |
:arrow_up: |
| internal/proxy/options.go | 83.33% <ø> (-0.27%) |
:arrow_down: |
| internal/auth/configuration.go | 49.71% <ø> (-0.02%) |
:arrow_down: |
| internal/proxy/proxy.go | 21.95% <0%> (-2.44%) |
:arrow_down: |
| internal/proxy/proxy_config.go | 78.37% <100%> (+0.23%) |
:arrow_up: |
| internal/proxy/oauthproxy.go | 50.73% <0%> (-0.25%) |
:arrow_down: |
Jusshersmith
Problem
We currently mandate the use of a global email domain to authenticate both on the proxy side as well as the authenticator side. This is limiting for organizations and upstreams that have more diverse requirements that require a more flexible authenticator model.
We originally implemented this requirement as a safety precaution when SSO was less mature. It no longer provides the same assurances now that group usage is more robust and SSO itself has matured.
Solution
We propose to move adjust this configuration in two ways:
Notes
The way email domains, addresses, and groups interact with one another is becoming increasing confusing. We should think about ways to help simplify the model and make it more intuitive.