auth: auth-proxy-http-header command for testing multiple users

[keegancsmith]

For permission testing I wrote this command to very conveniently switch between users. This is kind of like the already existing testproxy, except much more convenient to use as well as being targetted for auth testing rather than http-header testing.

I'm unsure of how to document this further so people are aware of it. Alternatively I think it is also useful to maybe spin up by default in our enterprise env. I'll leave both of those for future PRs. For now I will advertise in #dev-chat and #dev-experience.

Here is the example output to give you a feel for what it does:

$ go run ./internal/cmd/auth-proxy-http-header
https://docs.sourcegraph.com/admin/auth#http-authentication-proxies

  "auth.providers": [
    {
      "type": "http-header",
      "usernameHeader": "X-Forwarded-User",
      "emailHeader": "X-Forwarded-Email"
    }
  ]

Visit http://127.0.0.1:10810 for keegan keegan@sourcegraph.com
Visit http://127.0.0.1:10811 for user1 keegan+user1@sourcegraph.com
Visit http://127.0.0.1:10812 for user2 keegan+user2@sourcegraph.com
Visit http://127.0.0.1:10813 for user3 keegan+user3@sourcegraph.com
Visit http://127.0.0.1:10814 for user4 keegan+user4@sourcegraph.com
Visit http://127.0.0.1:10815 for user5 keegan+user5@sourcegraph.com

Test Plan: Ran locally

[jhchabran]

Damn, this is awesome.

[sourcegraph-bot]

Codenotify: Notifying subscribers in CODENOTIFY files for diff cd1391b...b130b8d.

Notify	File(s)
@unknwon	enterprise/cmd/frontend/internal/auth/httpheader/middleware.go enterprise/cmd/frontend/internal/auth/httpheader/testproxy.go

[jhchabran]

What a great example of stuff we can build with httputil.ReverseProxy 😮🤘

Yes, I think we'll need a follow-up PR to make sure teammates are aware of this, otherwise I'm worried about this jewel would go unnoticed. I'll be happy to do it.

[keegancsmith]

FYI I am adding this command to the allow list of stdlib log. I think the stdlib log is much more readable for humans, and this is intended to only be used internally by devs.

[sourcegraph-bot]

Codenotify: Notifying subscribers in OWNERS files for diff cd1391b...b130b8d.

No notifications.

[bobheadxi]

FYI I am adding this command to the allow list of stdlib log. I think the stdlib log is much more readable for humans, and this is intended to only be used internally by devs.

Should this tool be in dev/internal or similar instead? I think there we don't enforce this restriction by default, and it might make sense for a tool like this

[keegancsmith]

FYI I am adding this command to the allow list of stdlib log. I think the stdlib log is much more readable for humans, and this is intended to only be used internally by devs.

Should this tool be in dev/internal or similar instead? I think there we don't enforce this restriction by default, and it might make sense for a tool like this

That could work, but want something that is discoverable. Right now everything under ./internal/cmd would also make sense to be under dev/internal/cmd. FYI your linter skips over them since most of those commands have there own go.mod.

I won't merge just yet, just want your heads up what you think makes the most sense with that bit of info.

[unknwon]

Nice :)

[jhchabran]

That could work, but want something that is discoverable.

I'm not sure to understand, how moving things into dev/internal from internal/cmd would change how discoverable it is? Isn't discoverability something that we should address within sg itself?

[keegancsmith]

dev/internal/cmd doesn't exist. But yeah good point. I'll rename.