Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: when using a credential script, re-auth on 401s #2203

Merged
merged 4 commits into from
Jul 14, 2023
Merged

feat: when using a credential script, re-auth on 401s #2203

merged 4 commits into from
Jul 14, 2023

Conversation

cgrinds
Copy link
Collaborator

@cgrinds cgrinds commented Jul 11, 2023

Fixes: #2168

@cla-bot cla-bot bot added the cla-signed label Jul 11, 2023
rahulguptajss
rahulguptajss reviewed Jul 12, 2023
View reviewed changes
pkg/auth/auth.go
@@ -179,14 +188,9 @@ func (c *Credentials) GetPollerAuth() (PollerAuth, error) {
defaultAuth.Username = auth.Username
}
c.poller.Username = defaultAuth.Username
c.poller.Password = defaultAuth.Password
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this line removed?

pkg/auth/auth.go
@@ -154,7 +164,6 @@ func (c *Credentials) GetPollerAuth() (PollerAuth, error) {
}
if auth.Password != "" {
c.poller.Username = auth.Username
c.poller.Password = auth.Password
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this line removed?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It the value is written back to a poller's password, it's indistinguishable from the harvest.yml containing a poller with that password, which will break the precedent rules

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code flow appears to be confusing because the method in question returns a value called defaultAuth, which includes the username. However, within the same method, the username is also being set in the poller. Therefore, it seems that the username is being consumed in two different ways.

@cgrinds cgrinds merged commit 80ecee4 into main Jul 14, 2023
@cgrinds cgrinds deleted the cbg-reauth branch July 14, 2023 11:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hardikl Hardikl Hardikl approved these changes

@rahulguptajss rahulguptajss rahulguptajss approved these changes

Assignees
No one assigned
Labels
cla-signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Credential Script - detect unauthorized logins
3 participants
@cgrinds @rahulguptajss @Hardikl