sso-proxy: adding an optional PROXY_PROVIDER_URL for split dns deployments

[danbf]

sso-proxy: adding an optional PROXY_PROVIDER_URL for split dns deployments

addressing: #26

[danbf]

working on this error maybe on the sso_auth side:

sso-proxy_1    | 2018/10/08 21:52:16 hardcode.RedeemURL! http://host.docker.internal/redeem
sso-proxy_1    | 2018/10/08 21:52:16 p.RedeemURL! http://sso-auth.localtest.me/redeem
sso-auth_1     | {"action":"redeem","http_status":404,"level":"info","msg":"","proxy_host":"httpbin.sso.localtest.me","remote_address":"172.22.0.1","request_duration":0.078322,"request_method":"POST","request_uri":"/redeem","service":"sso-authenticator","time":"2018-10-08 21:52:16.1089","user":"","user_agent":"sso_proxy/HEAD"}
nginx-proxy_1  | nginx.1    | host.docker.internal 172.22.0.1 - - [08/Oct/2018:21:52:16 +0000] "POST /redeem HTTP/1.1" 404 19 "-" "sso_proxy/HEAD"
sso-proxy_1    | {"error":"got 404 from \"http://sso-auth.localtest.me/redeem\" 404 page not found\n","level":"error","msg":"error redeeming authorization code","remote_address":"172.22.0.1","service":"sso-proxy","time":"2018-10-08 21:52:16.1089"}
sso-proxy_1    | {"http_status":500,"level":"info","msg":"error page","page_message":"Internal Error","page_title":"Internal Error","remote_address":"172.22.0.1","service":"sso-proxy","time":"2018-10-08 21:52:16.1089"}

[danbf]

ok, so this is working now. now need to actually pass the values from the config to the function.

[danbf]

ok, got values making their way into the functions, just got to fixup tests.

[shrayolacrayon]

might need to defer this server being closed as well

[shrayolacrayon]

I think what you'd want to do to test this behavior is create a ProxyProviderResponse similar to the Redeem Response and Profile Response, as well as a ProxyRedeemResponse, and assign the server urls to those provider fields. Then you can test that the endpoints are being hit based on the response.

[benjsto]

similar to @shrayolacrayon 's comment above, why do we need to create the test server twice here?

[shrayolacrayon]

is this field being used anywhere?

[danbf]

@shrayolacrayon it's the string that we use to generate the proxyProviderURL url

sso/internal/proxy/options.go

Lines 223 to 226 in dec5586

	proxyProviderURL, err := url.Parse(o.ProxyProviderURLString)
	if err != nil {
	return err
	}

which is used to generate the redeem url:

sso/internal/proxy/providers/sso.go

Line 63 in dec5586

p.ProxyRedeemURL = p.ProxyProviderURL.ResolveReference(&url.URL{Path: "/redeem"})

[shrayolacrayon]

you don't need to set this to be empty, it'll default to an empty string

[danbf]

removed

[benjsto]

If this field is truly intended as an internal URL, would it be clearer if the name reflected that? I struggle a little bit with the names ProviderURLString and ProxyProviderURLString being not meaningfully different as far as I can tell.

[danbf]

thought here is that the sso_proxy service is using this one, the other is for the client. but then naming is not my strong suit

[shrayolacrayon]

why aren't we marshaling the redeem response if RedeemResponseInternal is nil?

[danbf]

this is copied from the existing tests so i had not put much thought into it:

sso/internal/proxy/providers/sso_test.go

Lines 260 to 266 in 7898834

	if tc.RedeemResponse != nil {
	testutil.Equal(t, nil, err)
	testutil.NotEqual(t, session, nil)
	testutil.Equal(t, tc.RedeemResponse.Email, session.Email)
	testutil.Equal(t, tc.RedeemResponse.AccessToken, session.AccessToken)
	testutil.Equal(t, tc.RedeemResponse.RefreshToken, session.RefreshToken)
	}

from what i can see it looks like the test cases are divided into two classes, those that don't produce a redeem response, and ones that should produce a valid redeem response which then gets checked for validity. for this particular test, i'm testing to see that the code is handling the case where both the RedeemURL and ProxyRedeemURL both exist. in that case the internal ProxyRedeemURL should be used for the redeem.

[shrayolacrayon]

Oh got it, I didn't see that we're still testing RedeemResponse above.

[shrayolacrayon]

added one more error nit, but other than that this lgtm!