If you have auth (Oauth, Saml, OIDC) setup on a route and try to change to a different one in 1 apply, you get stuck in an error case. The ngrok api won't let you have more than 1 auth type on a route. You can transition from Oauth to OIDC because of the order the controller code handles the modules, but you can't go the other way.
This change allows you to make a manifest change to move from 1 auth type to another without the risk of leaving it open in a failed state.
How
Before working on a single route, we first check if we are in a state where we are moving between 2 auth types. If so, we disable the routes backend, remove the existing configs, and then add the other configs as normal after.
Before this change, moving from a OIDC module to an OAuth one gave this error
2023-06-27T05:09:08Z DEBUG events HTTP 400: The edge specifies conflicting authentication modules. Only one of SAML, OIDC, or OAuth may be enabled. [ERR_NGROK_7079]
Operation ID: op_2Rm5jDE7DflBSviAhTxtJP1ZA0T {"type": "Warning", "object": {"kind":"HTTPSEdge","namespace":"ngrok-ingress-controller","name":"bezek-local-oauth-fix-ngrok-app","uid":"d5501be3-34c7-4ede-937f-c3dbc2752143","apiVersion":"ingress.k8s.ngrok.com/v1alpha1","resourceVersion":"22689"}, "reason": "RouteModuleUpdateFailed"}
After this update, you can migrate freely between the two types of Auth configs.
Breaking Changes
This does create downtime during the update as it removes the backend during the process.
…ng state transition
What
If you have auth (Oauth, Saml, OIDC) setup on a route and try to change to a different one in 1 apply, you get stuck in an error case. The ngrok api won't let you have more than 1 auth type on a route. You can transition from Oauth to OIDC because of the order the controller code handles the modules, but you can't go the other way.
This change allows you to make a manifest change to move from 1 auth type to another without the risk of leaving it open in a failed state.
How
Before working on a single route, we first check if we are in a state where we are moving between 2 auth types. If so, we disable the routes backend, remove the existing configs, and then add the other configs as normal after.
Before this change, moving from a OIDC module to an OAuth one gave this error
After this update, you can migrate freely between the two types of Auth configs.
Breaking Changes
This does create downtime during the update as it removes the backend during the process.