Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(authn/saml): New optional SAML parameter for signing messages #114

Merged
merged 3 commits into from
Jul 7, 2020
Merged

feat(authn/saml): New optional SAML parameter for signing messages #114

merged 3 commits into from
Jul 7, 2020

Conversation

german-muzquiz
Copy link
Contributor

Related Gate PR: spinnaker/gate#1269
Related Halyard PR: spinnaker/halyard#1741

ezimanyi
ezimanyi reviewed Jul 7, 2020
View reviewed changes
Copy link
Contributor

@ezimanyi ezimanyi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Just one comment about adding an explicit UNSPECIFIED to the enum. Thanks for this!

api/proto/security/authn/authn.proto

// Digest algorithms to sign SAML messages.
enum SignatureDigest {
// Digest algorithm SHA1 (default).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general we're recommending that all enums UNSPECIFIED = 0 as their first (default) entry. There are more details here, but the main reason is that enums set to their default will be omitted from serialization. (So if a user explicitly sets the signature digest to SHA1, it won't be included in the output YAML if that's the default.)

In this case, since Gate uses SHA1 as the default it wouldn't matter, because there would be no difference to gate between signatureDigest: SHA1 and omitting signatureDigest. But then this creates a coupling between kleat and gate where the correctness here depends on the defaulting in gate (and if we ever change the default in gate this will break).

ezimanyi
ezimanyi approved these changes Jul 7, 2020
View reviewed changes
Copy link
Contributor

@ezimanyi ezimanyi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks for this!

@ezimanyi ezimanyi added the ready to merge Reviewed and ready for merge label Jul 7, 2020
@mergify mergify bot merged commit aaeb204 into spinnaker:master Jul 7, 2020
@mergify mergify bot added the auto merged label Jul 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ezimanyi ezimanyi ezimanyi approved these changes

@maggieneterval maggieneterval Awaiting requested review from maggieneterval

Assignees
No one assigned
Labels
auto merged ready to merge Reviewed and ready for merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@german-muzquiz @ezimanyi