spinnaker
feat(gate-web): Add delete session tokens from redis endpoint
When Spring Boot is upgraded and old tokens no longer work, users get 500's until they delete the cookies from their browser, which causes bad user experience.
A way around this is to delete the spring:session* keys from Redis, as explained here:
https://spinnaker.io/changelogs/1.34.0-changelog/#spring-boot-2615
$ redis-cli keys "spring:session*" | xargs redis-cli del
In our case, we don't have CLI access to our Redis instance in Production. Because of this, we wrote a Gate endpoint that deletes the keys from Redis, so it can be triggered in Production with a curl call:
curl -H "Cookie: SESSION=...." -i -X POST https://spinnaker-host/api/v1/auth/deleteSessionCache
I'm sure many other users of Spinnaker have the same issue and could benefit from this.
We prefer that non-test backend code be written in Java or Kotlin, rather than Groovy. The following files have been added and written in Groovy:
- gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/SessionService.groovy
See our server-side conventions here.
The following commits need their title changed:
- 639c99de3814df134322ac0e84396142dc8ad515: Add delete session tokens from redis endpoint
Please format your commit title into the form:
<type>(<scope>): <subject>, e.g. fix(kubernetes): address NPE in status check
This allows us to easily generate changelogs & determine semantic version numbers when cutting releases. You can read more about commit conventions here.
