Refactor login endpoints, instrument console endpoints #7374
Conversation
| Ok(_) => Ok(true), | ||
| } | ||
|
|
||
| Ok(true) |
There was a problem hiding this comment.
I still don't like this method, but at least it's a few lines shorter now
| _path_params: Path<params::LoginToProviderPathParam>, | ||
| _query_params: Query<params::LoginUrlQuery>, | ||
| ) -> Result<Response<Body>, HttpError> { | ||
| console_api::login_saml_begin(rqctx, path_params, query_params).await |
There was a problem hiding this comment.
All this function did was call service_console_index. That's the kind of thing we're fixing here.
| path_params: Path<params::LoginToProviderPathParam>, | ||
| query_params: Query<params::LoginUrlQuery>, | ||
| ) -> Result<HttpResponseFound, HttpError> { | ||
| console_api::login_saml_redirect(rqctx, path_params, query_params).await |
There was a problem hiding this comment.
Some of these are slightly more interesting than inlining a function call. This helper function did all the stuff you normally see here at top level in the endpoint handlers (instrumentation call, pulling stuff out of path and query params, etc), and the nitty gritty datastore logic that normally goes inside nexus/src/app. So I pulled the former out to here and the latter into nexus/src/app/login.rs.
The idea was to make these look more like the other handlers.
| console_page!(console_silo_images); | ||
| console_page!(console_silo_utilization); | ||
| console_page!(console_silo_access); | ||
|
|
There was a problem hiding this comment.
I created these to reduce boilerplate back when the actual endpoint handlers were defined here (rather that silly little helper functions called by the endpoint handlers, which is what they are now). Because of the change to Dropshot API, we kinda have to have the boilerplate over in http_entrypoints.rs anyway, so these are pointless. Deleting this section is why we now inline console_index_or_login_redirect(rqctx).await calls in a ton of handlers.
david-crespo
changed the title
david-crespo
force-pushed
the
refactor-login-endpoints
branch
from
e578e4e to
8d193d5
Compare
The method was copied more or less without modification, but I added a `dbg!` on this line and forgot to remove it. https://github.com/oxidecomputer/omicron/pull/7374/files#diff-20ba9694e6963beb9b707281dc9837c9c41386316c82441ca72a6c0801dd9b8fR63
There should be no functional changes here, though the internal error messages are now slightly different between saml login and local login, where before they were the same. Ran into this while working #7339. This logic (which I wrote originally and shuffled around in #7374) never really made sense, and I figured it's good prep for #7818 and friends to clean it up. The core of the change here is updating two existing functions that returned `Result<Option<User>, Error>` to just return `Result<User, Error>` and move the logic about what we do when the user was `None` inside each function. In both cases, when the user was `None` we ended up with an `Error::Unauthenticated` anyway, so we can just do that a moment earlier and eliminate a lot of misdirection.
Pulling these refactors out of #7339 because they're mechanical and just add noise. The point is to make it a cleaner diff when we add the function calls or wrapper code that creates audit log entries, as well as to clean up the
device_auth(eliminated) andconsole_api(shrunken substantially) files, which have always been a little out of place.Refactors
With the change to a trait-based Dropshot API, the already weird
console_apianddevice_authmodules became even weirder, because the actual endpoint definitions were moved out of those files and intohttp_entrypoints.rs, but they still called functions that lived in the other files. These functions were redundant and had signatures more or less identical to the endpoint handlers. That's the main reason we lose 90 lines here.Before we had
Now we (mostly) cut out the middleman:
Some of what was in the middle moved up into the endpoint handlers, some moved "down" into the nexus "service layer" functions.
One (1) functional change
The one functional change is that the console endpoints are all instrumented now.