Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(authz): pass entire request and authentication to IsAllowed #3126

Merged
merged 1 commit into from
May 27, 2024

Conversation

GeorgeMac
Copy link
Member

Updates the call to IsAllowed to take a map containing both the entire request structure and the entire authentication instance.

@GeorgeMac GeorgeMac requested a review from a team as a code owner May 27, 2024 17:46
@GeorgeMac GeorgeMac force-pushed the gm/authz-update-engine-input branch from d6bf948 to 772c1a5 Compare May 27, 2024 17:52
@GeorgeMac GeorgeMac force-pushed the gm/authz-update-engine-input branch from 772c1a5 to ca3f693 Compare May 27, 2024 17:53
@markphelps markphelps merged commit fbd21f2 into authz May 27, 2024
28 of 29 checks passed
@markphelps markphelps deleted the gm/authz-update-engine-input branch May 27, 2024 19:03
kodiakhq bot added a commit that referenced this pull request May 30, 2024
* feat(wip): authz/rbac

feat: impl authz middleware

feat: impl authz middleware

chore: fix panic and bad redux selector

chore: fmt ui

chore: refactor

chore: fix build, change to single role, default role

chore: fix build, change to single role, default role

chore: rm unneeded files

feat: configurable roles/policies

chore: config schema and tests

chore: mv back events to audit package

chore: reset ui folder

chore: revert ui back to main

chore: policy schema, visibility of errors

chore: add policy schema test

chore: rebase on main

Signed-off-by: Mark Phelps <[email protected]>

* chore: start adding role attribute path/jmes

* chore: mod tidy

* Authz OIDC tests (#3098)

* chore: fix tests, add role attribute path / role mapping to oidc server tests

Signed-off-by: Mark Phelps <[email protected]>

* chore: authz middleware tests

Signed-off-by: Mark Phelps <[email protected]>

* chore: fix audit tests

Signed-off-by: Mark Phelps <[email protected]>

* chore: proto regen

Signed-off-by: Mark Phelps <[email protected]>

* chore: try to fix marshal audit events behaviour

Signed-off-by: Mark Phelps <[email protected]>

* chore: fix failing test

Signed-off-by: Mark Phelps <[email protected]>

---------

Signed-off-by: Mark Phelps <[email protected]>

* chore: refactor request models to include scope

Signed-off-by: Mark Phelps <[email protected]>

* chore: fix engine_test

* chore: make scope optional and use subject if not provided

* chore: fix executor_test

Signed-off-by: Mark Phelps <[email protected]>

* chore: fix log sink test

Signed-off-by: Mark Phelps <[email protected]>

* chore: consolidate some auth metadata to make creating policies simpler (#3106)

* refactor(server/authz): make policy and data external dependencies (#3108)

* refactor(server/authz): rename scope to resource

Signed-off-by: George MacRorie <[email protected]>

* feat(config/authz): add policy and data source configuration

Signed-off-by: George MacRorie <[email protected]>

* refactor(server/authz): make policy and data external dependencies

Signed-off-by: George MacRorie <[email protected]>

* refactor(cmd/grpc): integrate new authz Engine changes

Signed-off-by: George MacRorie <[email protected]>

* fix(server/authz): ensure error is captured in return

Signed-off-by: George MacRorie <[email protected]>

* fix(config): allow policy and data sources to be empty

Signed-off-by: George MacRorie <[email protected]>

* refactor(server/authz): support separate poll durations for policy and data

Signed-off-by: George MacRorie <[email protected]>

* fix(config): validate non zero poll duration for authz sources

Signed-off-by: George MacRorie <[email protected]>

* fix(cmd/grpc): calls to authz engine with changes to polling

Signed-off-by: George MacRorie <[email protected]>

---------

Signed-off-by: George MacRorie <[email protected]>

* refactor(authz): pass entire request and authentication to IsAllowed (#3126)

Signed-off-by: George MacRorie <[email protected]>

* chore: set raw claims if they exist in authz metadata (#3125)

* chore: go mod tidy

Signed-off-by: Mark Phelps <[email protected]>

* chore: set raw claims if they exist in authz metadata

Signed-off-by: Mark Phelps <[email protected]>

* chore: fix authn oidc server test

Signed-off-by: Mark Phelps <[email protected]>

* chore: skip authz on auth public server

Signed-off-by: Mark Phelps <[email protected]>

* chore: log for debugging

Signed-off-by: Mark Phelps <[email protected]>

---------

Signed-off-by: Mark Phelps <[email protected]>

* fix: Authz fixes (#3132)

* chore: go mod tidy

Signed-off-by: Mark Phelps <[email protected]>

* fix: authz endpoint skip for getauthself/deleteauthself

Signed-off-by: Mark Phelps <[email protected]>

* chore: rm claims unmarshal for now

* chore: make authorization experimental

Signed-off-by: Mark Phelps <[email protected]>

* chore: add request methods to auth requests

Signed-off-by: Mark Phelps <[email protected]>

* chore: add schema

* chore: set package name to flipt.authz.v1

* chore: fix telemetry test

Signed-off-by: Mark Phelps <[email protected]>

---------

Signed-off-by: Mark Phelps <[email protected]>

* chore: rename poll duration to poll interval

Signed-off-by: Mark Phelps <[email protected]>

* chore: mod/work sync

Signed-off-by: Mark Phelps <[email protected]>

* chore: fix config test

Signed-off-by: Mark Phelps <[email protected]>

* chore: rm unused supports authz config; fmt cache config

---------

Signed-off-by: Mark Phelps <[email protected]>
Signed-off-by: George MacRorie <[email protected]>
Co-authored-by: George <[email protected]>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants