Conversation
camscale
force-pushed
the
camh/remove-saml
branch
from
7347563 to
64c009d
Compare
camscale
force-pushed
the
camh/sso-to-e
branch
from
9f6129e to
3fce221
Compare
camscale
force-pushed
the
camh/remove-saml
branch
2 times, most recently
from
b52d83f to
7e9fb1f
Compare
camscale
force-pushed
the
camh/sso-to-e
branch
from
3fce221 to
663901b
Compare
camscale
force-pushed
the
camh/remove-saml
branch
from
7e9fb1f to
0a4058b
Compare
camscale
force-pushed
the
camh/sso-to-e
branch
2 times, most recently
from
22d628c to
e6a0d70
Compare
camscale
force-pushed
the
camh/remove-saml
branch
2 times, most recently
from
2cc2f7e to
468004b
Compare
| "github.com/stretchr/testify/require" | ||
| ) | ||
|
|
||
| func FuzzParseSAMLInResponseTo(f *testing.F) { |
There was a problem hiding this comment.
I'm not familiar with this part of the codebase, but are we okay with removing this fuzz test completely? From what I see, it wasn't moved to teleport.e.
There was a problem hiding this comment.
The reference to this test can be also found in
teleport/fuzz/oss-fuzz-build.sh
Line 30 in fd4097b
So probably we need to remove it from there.
There was a problem hiding this comment.
Ah yes. I over-zealously removed this (the always-failing CIFuzz annoys me no end), and forgot to see what I needed to do to move it to the new repo. I'll get onto that.
There was a problem hiding this comment.
I've added the fuzz test to the enterprise PR. As yet there is nothing to run it as there is no CI job there to do fuzz testing. I can't figure out how the fuzz/oss-fuzz-build.sh script is meant to work - I think I'm missing the context in which it runs - there look to be undefined functions and variables, so I suspect OSSFuzz provides this context and corpora. A similar setup will need to be done on the enterprise repo.
@reedloden Is there any feedback you can add?
There was a problem hiding this comment.
OSS-Fuzz runs fuzz/oss-fuzz-build.sh from the config in https://github.com/google/oss-fuzz/tree/master/projects/teleport.
OSS-Fuzz only works on open source projects. We can use https://fuzzbuzz.io/ for teleport.e, but it's not configured yet. As long as you ensure Go-native fuzzing is set up (by way of the fuzz test existing), when we do get Fuzzbuzz working, it will Just Work(TM).
| "github.com/stretchr/testify/require" | ||
| ) | ||
|
|
||
| func FuzzParseSAMLInResponseTo(f *testing.F) { |
There was a problem hiding this comment.
The reference to this test can be also found in
teleport/fuzz/oss-fuzz-build.sh
Line 30 in fd4097b
So probably we need to remove it from there.
| if err := a.authConnectorAction(apidefaults.Namespace, types.KindSAML, types.VerbUpdate); err != nil { | ||
| return trace.Wrap(err) | ||
| } | ||
| if !modules.GetModules().Features().SAML { |
There was a problem hiding this comment.
Wonder if there is a case when a client can have a Enterprise product without SAML feature ?
There was a problem hiding this comment.
Not currently as far as I'm aware. This check is still performed but in a different way. If the enterprise startup does not register the SAML connector, you'll still get this error message from the code in lib/auth/saml.go in the OSS repo. If we do get a scenario where we can have an enterprise product without SAML, we can revise the error message then since I don't know how to word it otherwise right now.
|
@ravicious @smallinsky This PR has a failing test for the operator that I did not notice before as it is not run from |
camscale
force-pushed
the
camh/remove-saml
branch
2 times, most recently
from
b4173ea to
e0051ff
Compare
camscale
force-pushed
the
camh/narrow-saml-interface
branch
from
0ea5f94 to
550a864
Compare
Remove the SAML connector code as it now lives in the enterprise repository. All that is left behind is a small forwarding stub that returns a NotImplemented error if a SAMLService is not plugged into the auth.Server.
Remove the SAML tests that were not in `saml_test.go`. These tests have already been moved to the enterprise repository along with the SAML connector.
This fuzz test has moved to the enterprise repository, so remove the run from here.
Add `TestSAMLValidation` back to `grpcserver_test.go` as it does not do actual SAML auth, just creating a connector. That is fully supported in OSS - only the auth path required enterprise.
camscale
force-pushed
the
camh/remove-saml
branch
from
e0051ff to
e1efb93
Compare
Add a "fmt" import that got lost in a rebase.
camscale
force-pushed
the
camh/remove-saml
branch
from
92dc420 to
8a38cb5
Compare
camscale
force-pushed
the
camh/remove-saml
branch
from
8a38cb5 to
5cea218
Compare
4 participants
Remove the SAML connector from the OSS repository. It has been migrated
to the enterprise repository.
Issue: https://github.com/gravitational/teleport.e/issues/525
NOTE: This PR should be reviewed in conjunction with https://github.com/gravitational/teleport.e/pull/597
which adds the SAML connector to the enterprise repo.