Closed Tyki closed 6 years ago
Some news on this ticket?
We need to implement the same solution as for the user/role propagation across the cluster. (ie. using Redis to store a shared state)
Any ETA available? I need to communicate to my client the delay it will takes approximately
Hi @Tyki, I'm looking at the issue.
First, a few questions:
context.strategies.remove
before adding the strategy back solve the problem?@Aschen > auth strategies addition/deletion are already propagated across the cluster, at the moment there is nothing to implement
pluginContext.strategies.remove(name')
on one node, the second node still allow to use the strategy I'm sorry, but I'm unable to reproduce the problem. I modified our plugin auth-local locally, adding 2 HTTP routes to add/remove the strategy dynamically, and then used it on 1 cluster node to deactivate/reactive the authentication strategy. Trying to log in on another cluster node behave accordingly, either login me in, or telling me the strategy does not exist, depending on what action I did last on the 1st cluster node.
Can you give us the version of Kuzzle and of the Cluster plugin you're using? And can you provide us with a code example reproducing the problem?
Will be fixed by https://github.com/kuzzleio/kuzzle/pull/1145
@Tyki > my apologies, I forgot to write the follow-up. So... as you know, the problem was a bit hard to track because it occured only on a cluster environment. And unfortunately, its cause is a design flaw with auth. strategies hot reload. Namely, these strategies weren't correctly propagated accross Kuzzle nodes because the Passport constructor was embedded inside the authenticator description. Thus #1145, changing how authentication strategies are to be declared.
@Tyki > Kuzzle 1.4.0 is out and it solves this issue (and you'll also need Kuzzle Cluster v3.2.2) You'll have to declare authenticators during your plugin's initialization, and only the declared authenticators can be used to add new strategies during runtime.
For more information, see https://docs.kuzzle.io/plugins-reference/plugins-features/adding-authentication-strategy/
I want to reload dynamically some authentification strategies, based on a custom endpoint using a customController.
I'm resuming what I'm doing :
Expected Behavior
All nodes from the cluster are aware of this modification
Current Behavior
Only one node is aware of the modification, resulting in instable behavior on this modified strategy
Possible Solution
No idea.
Steps to Reproduce
Context (Environment)
Kuzzle 1.2.10