Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TT-11426/TT-13322] Add deprecation notice for external OAuth middleware #6657

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[TT-11426/TT-13322] Add deprecation notice for external OAuth middleware #6657

wants to merge 2 commits into from
+11 −0

Conversation

jeffy-mathew
Copy link
Contributor

@jeffy-mathew jeffy-mathew commented Oct 22, 2024
edited by github-actions bot
Loading

User description

Description

Related Issue

Parent: https://tyktech.atlassian.net/browse/TT-11426
Subtask: https://tyktech.atlassian.net/browse/TT-13322

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

  • I ensured that the documentation is up to date
  • I explained why this PR updates go.mod in detail with reasoning why it's required
  • I would like a code coverage CI quality gate exception and have explained why

PR Type

enhancement, documentation

Description

  • Added a deprecation notice for the external OAuth middleware in the EnabledForSpec function.
  • Warned users that support for this middleware will be deprecated starting from version 5.7.0.
  • Recommended using JSON Web Token (JWT) instead and provided a link to the documentation for guidance.

Changes walkthrough 📝

Relevant files
Enhancement
mw_external_oauth.go
Add deprecation warning for external OAuth middleware       

gateway/mw_external_oauth.go

  • Added a deprecation warning for the external OAuth middleware.
  • Suggested using JSON Web Token (JWT) as an alternative.
  • Provided a link to the relevant documentation for more information.
    		•  +4/-0     

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    @buger
    Copy link
    Member

    buger commented Oct 22, 2024

    💔 The detected issue is not in one of the allowed statuses 💔

    Detected Status Open
    Allowed Statuses In Dev,In Code Review,Ready for Testing,In Test,In Progress,In Review ✔️

    Please ensure your jira story is in one of the allowed statuses

    @github-actions GitHub Actions
    Copy link
    Contributor

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
    🧪 No relevant tests
    🔒 No security concerns identified
    ⚡ Recommended focus areas for review

    Logging Efficiency
    The warning log inside the EnabledForSpec method could potentially be logged multiple times during the application's runtime, which might not be efficient. Consider implementing a mechanism to ensure that the deprecation warning is logged only once or under specific conditions to avoid log flooding.

    @github-actions GitHub Actions
    Copy link
    Contributor

    github-actions bot commented Oct 22, 2024
    edited
    Loading

    API Changes

    --- prev.txt	2024-10-22 10:45:11.183495601 +0000
+++ current.txt	2024-10-22 10:45:04.967480956 +0000
@@ -1299,6 +1299,10 @@
 	Enabled   bool       `bson:"enabled" json:"enabled"`
 	Providers []Provider `bson:"providers" json:"providers"`
 }
+    ExternalOAuth support will be deprecated starting from
+    5.7.0. To avoid any disruptions, we recommend that
+    you use JSON Web Token (JWT) instead, as explained in
+    https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/ext-oauth-middleware/
 
 type GWStats struct {
 	APIsCount     int `json:"apis_count"`
@@ -3352,7 +3356,11 @@
 	// Providers is used to configure OAuth providers.
 	Providers []OAuthProvider `bson:"providers" json:"providers"` // required
 }
-    ExternalOAuth holds configuration for an external OAuth provider.
+    ExternalOAuth holds configuration for an external OAuth
+    provider. ExternalOAuth support will be deprecated starting
+    from 5.7.0. To avoid any disruptions, we recommend that
+    you use JSON Web Token (JWT) instead, as explained in
+    https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/ext-oauth-middleware/
 
 type ExtractCredentialsFromBody struct {
 	// Enabled activates extracting credentials from body.

    @github-actions GitHub Actions
    Copy link
    Contributor

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Score
    Enhancement
    Control the frequency of deprecation warning logs to avoid excessive logging

    Ensure that the deprecation warning log is only triggered once or controlled by a
    flag to avoid repetitive logs in systems where the middleware is checked frequently.

    gateway/mw_external_oauth.go [41-43]

    -if k.Spec.ExternalOAuth.Enabled {
+if k.Spec.ExternalOAuth.Enabled && !k.deprecationLogged {
     log.Warn("Support for external OAuth Middleware will be deprecated starting from 5.7.0. To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead, as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/ext-oauth-middleware/")
+    k.deprecationLogged = true
 }
    Suggestion importance[1-10]: 7

    Why: The suggestion to control the frequency of deprecation warning logs is relevant as it prevents excessive logging, which can clutter logs and impact performance. The proposed change introduces a flag to ensure the warning is logged only once, improving the middleware's efficiency and usability.

    		7

    @sonarcloud SonarCloud
    Copy link

    sonarcloud bot commented Oct 22, 2024

    Quality Gate Failed Quality Gate failed

    Failed conditions
    0.0% Coverage on New Code (required ≥ 80%)

    See analysis details on SonarCloud

    titpetric
    titpetric reviewed Oct 22, 2024
    View reviewed changes
    apidef/api_definitions.go
    @@ -1523,6 +1523,9 @@ var Template = template.New("").Funcs(map[string]interface{}{
    },
    })

    // ExternalOAuth support will be deprecated starting from 5.7.0.
    // To avoid any disruptions, we recommend that you use JSON Web Token (JWT) instead,
    // as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/ext-oauth-middleware/
    Copy link
    Contributor

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    Suggested change
    // as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/ext-oauth-middleware/
    // as explained in https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/ext-oauth-middleware/.

    godoc trailing doc

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @titpetric titpetric titpetric left review comments

    @lghiur lghiur lghiur approved these changes

    Assignees
    No one assigned
    Labels
    Review effort [1-5]: 2 Sub-task Tyk Product Development
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    4 participants
    @jeffy-mathew @buger @titpetric @lghiur