[pull] main from SigNoz:main#757
Merged
Merged
Conversation
…aces (#11599) * fix(infra-monitoring-jobs): title of the chart misleading Ref: SigNoz/engineering-pod#5211 (comment) * fix(infra-monitoring-namespaces): wrong limit & using wrong filter for statefulsets Ref: SigNoz/engineering-pod#5211 (comment) * feat(infra-monitoring-hosts): add new chart based on operations time Ref: SigNoz/engineering-pod#5211 (comment) * feat(infra-monitoring-hosts): add group by on chart for system disk io Ref: SigNoz/engineering-pod#5211 (comment) * fix(infra-monitoring-hosts): chart for disk operations using the wrong metric Ref: SigNoz/engineering-pod#5211 (comment) * fix(infra-monitoring-deployments): little typo in the chart name * fix(volumes): ensure the name/type are standard based on the metric type
…#11588) * fix(authn): include base path in SSO callback and error-redirect URLs The SAML ACS URL and the OIDC/Google redirect URLs were built from the site URL host plus a hardcoded path (e.g. /api/v1/complete/saml), dropping the base path. When SigNoz is served under a sub-path (global.external_url with a path, e.g. https://example.com/signoz), the API is served at <prefix>/api/v1/complete/<provider>, so the identity provider was told to call back to a path without the prefix and hit a 404. Thread global.Config into the SAML/OIDC/Google callback providers and the session handler, and prepend global.Config.ExternalPath() to the callback paths and the SSO error redirect to /login. Root deployments are unchanged since ExternalPath() returns "" without a configured sub-path. * fix(authn): run callbackauthn suite with base path * refactor(tests): self-contained base-path fixture for callbackauthn Move the base-path setup out of the shared create_signoz factory and into a package-scoped signoz fixture in the callbackauthn suite's own conftest (same pattern as rootuser/conftest.py). When --base-path is set the fixture appends SIGNOZ_GLOBAL_EXTERNAL__URL and the url-config prefix locally; without it it behaves exactly like the global fixture. The shared factory and docker config are left untouched. * test(authn): add base-path SSO integration suite Adds a dedicated `basepath` integration suite that serves SigNoz under a hardcoded /signoz prefix (SIGNOZ_GLOBAL_EXTERNAL__URL) and exercises the SAML and OIDC happy-path logins end-to-end. Every SigNoz API call is issued under the prefix and the IdP callback (ACS / redirect URI) is registered with the prefix, so the flow only passes when the backend builds prefixed callback URLs. The shared TestContainerUrlConfig and create_signoz factory are left untouched. The suite's conftest shadows the same-named auth fixtures (create_user_admin, get_token, get_session_context, apply_license) with base-path-aware variants and reuses the Keycloak/browser fixtures, which are not under the base path. Google SSO is not covered: it requires the real accounts.google.com issuer and a real Google login, so it cannot run against the local Keycloak IdP; it shares the identical path.Join(ExternalPath, redirectPath) callback logic that SAML and OIDC validate. * revert: drop in-place base-path wiring from integration harness Removes the --base-path flag, TestContainerUrlConfig.base_path, the idp.py and 02_saml.py .get() changes, and the callbackauthn base-path conftest fixture. Base-path SSO is now covered by the dedicated `basepath` suite, so the shared harness (TestContainerUrlConfig, create_signoz, callbackauthn) is back to its original root-only form. * refactor(test): remove apply_license fixture * refactor(test): extract base-path-aware auth factories Extract the session-context / token / token-pair / admin-registration logic in fixtures/auth.py into reusable factory functions that take an optional base_path (token_getter, session_context_getter, tokens_getter, register_admin), with the fixtures delegating to them. Default base_path="" is byte-identical for existing callers. The basepath suite's conftest now reuses these factories with the /signoz prefix as thin one-line fixture overrides instead of duplicating the request logic. * refactor(test): give base-path admin registration a distinct cache key register_admin takes an optional cache_key (default "create_user_admin"); the basepath suite passes a distinct key so that under --reuse the admin marker cached against the signoz-base-path container is not restored for (or from) other suites' default signoz instance.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )