Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add enable_password_config #77

Merged
merged 8 commits into from
Oct 25, 2023
Merged

Add enable_password_config #77

merged 8 commits into from
Oct 25, 2023

Conversation

amandahla
Copy link
Collaborator

Overview

Add configuration to change password_config behavior.

Rationale

This way the administrator can disable password login if the user login via SSO, for example.

Juju Events Changes

Module Changes

Library Changes

Checklist

@amandahla amandahla requested a review from a team as a code owner October 18, 2023 14:50
@amandahla
Copy link
Collaborator Author

Fix #62

merkata
merkata reviewed Oct 19, 2023
View reviewed changes
Copy link
Contributor

@merkata merkata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the config documentation, password_config is nested, so I'm suggesting to expose password_config and deal with enabling/disabling in the function. I imagine if we want to deal with password configuration in the future, if we go with the current route we would add additional fields, like minimum_length_policy_password_config (to get to password_config.policy.minimum_length and change the min pass length for instance). Another thing to consider is when we render the current password_config to update what we're interested in and the rest should remain unchanged, so if you toggle password_config on and off and you have made changes to the policy (like the min pass length) it does not get lost. It would be clearer to me also that a disable_password_config that takes a password_config object changes the enabled parameter and not enable_password_config. I'm not sure how the function is called though - shouldn't pebble be made aware of that change via the on.config_changed path?

@amandahla
Copy link
Collaborator Author

Looking at the config documentation, password_config is nested, so I'm suggesting to expose password_config and deal with enabling/disabling in the function. I imagine if we want to deal with password configuration in the future, if we go with the current route we would add additional fields, like minimum_length_policy_password_config (to get to password_config.policy.minimum_length and change the min pass length for instance). Another thing to consider is when we render the current password_config to update what we're interested in and the rest should remain unchanged, so if you toggle password_config on and off and you have made changes to the policy (like the min pass length) it does not get lost. It would be clearer to me also that a disable_password_config that takes a password_config object changes the enabled parameter and not enable_password_config. I'm not sure how the function is called though - shouldn't pebble be made aware of that change via the on.config_changed path?

  • I considered the scope of the issue as something simple like "disable or enable password". So, that's why other options regarding passwords are left as default. This could be improved in follow-up PRs.
  • There is no enable_password_config because the template used by the start.py script already enable password. So the change is just needed in case of disabling it.

@amandahla amandahla mentioned this pull request Oct 19, 2023
Merged
6 tasks
mthaddon
mthaddon reviewed Oct 20, 2023
View reviewed changes
config.yaml Outdated Show resolved Hide resolved
cbartz
cbartz reviewed Oct 24, 2023
View reviewed changes
src-docs/charm_state.py.md Outdated Show resolved Hide resolved
src/synapse/workload.py Show resolved Hide resolved
@gregory-schiano
Copy link
Contributor

Isn't something missing in this PR ?
I see a new config added to the charm_start but it doesn't seem to be used, and there's a method that disable password config but in an "hardcoded" way

@amandahla
Copy link
Collaborator Author

Isn't something missing in this PR ? I see a new config added to the charm_start but it doesn't seem to be used, and there's a method that disable password config but in an "hardcoded" way

I have no idea what happened, maybe it was lost while merging with previous PRs, but now I added to change_config (pebble) the call to this function.

cbartz
cbartz approved these changes Oct 25, 2023
View reviewed changes
Copy link
Contributor

@cbartz cbartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, have one nitpicky comment.

tests/unit/test_synapse_workload.py Show resolved Hide resolved
@github-actions
Copy link
Contributor

Test coverage for 08a39ef

Name                            Stmts   Miss Branch BrPart  Cover   Missing
---------------------------------------------------------------------------
src/actions/__init__.py             3      0      0      0   100%
src/actions/register_user.py       22      0      2      0   100%
src/actions/reset_instance.py      21      0      2      0   100%
src/charm.py                      175      8     32      4    94%   124-125, 177-178, 197-198, 239, 253
src/charm_state.py                 64      1     12      1    97%   141
src/charm_types.py                 11      0      0      0   100%
src/database_client.py             53      1     10      3    94%   35, 47->exit, 69->exit
src/database_observer.py           54      4      6      0    93%   70-72, 88
src/exceptions.py                   4      0      0      0   100%
src/mjolnir.py                     76      8     20      2    88%   60-64, 73, 93-96
src/observability.py                9      0      0      0   100%
src/pebble.py                      77     10      6      3    84%   90-91, 93, 95, 109-114
src/saml_observer.py               45      1      8      0    98%   64
src/synapse/__init__.py             3      0      0      0   100%
src/synapse/api.py                161      2     22      2    98%   207, 376
src/synapse/workload.py           200      6     30      5    95%   361-362, 378, 427->430, 476, 478, 483
src/user.py                        24      0      4      0   100%
---------------------------------------------------------------------------
TOTAL                            1002     41    154     20    95%

Static code analysis report

Run started:2023-10-25 17:26:19.525898

Test results:
  No issues identified.

Code scanned:
  Total lines of code: 5054
  Total lines skipped (#nosec): 4
  Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
  Total issues (by severity):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
  Total issues (by confidence):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
Files skipped (0):

@amandahla amandahla mentioned this pull request Oct 25, 2023
Open
@amandahla amandahla merged commit 3716d4e into main Oct 25, 2023
20 checks passed
@amandahla amandahla deleted the ISD-1169-disable-password-login branch October 25, 2023 21:02
@kewisch kewisch mentioned this pull request May 31, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merkata merkata merkata left review comments

@mthaddon mthaddon mthaddon left review comments

@cbartz cbartz cbartz approved these changes

@nrobinaubertin nrobinaubertin nrobinaubertin approved these changes

Assignees
No one assigned
Labels
Libraries: OK trivial
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@amandahla @gregory-schiano @merkata @mthaddon @cbartz @nrobinaubertin