control-service: add kerberos auth provider #755
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: mrMoZ1 <[email protected]>
mrMoZ1
commented
Mar 7, 2022
...control-service/projects/pipelines_control_service/src/main/resources/application.properties
Outdated
Show resolved
Hide resolved
mrMoZ1
commented
Mar 7, 2022
...service/src/main/java/com/vmware/taurus/authorization/config/KerberosAuthProviderConfig.java
Outdated
Show resolved
Hide resolved
antoniivanov
requested changes
Mar 7, 2022
...service/src/main/java/com/vmware/taurus/authorization/config/KerberosAuthProviderConfig.java
Outdated
Show resolved
Hide resolved
...service/src/main/java/com/vmware/taurus/authorization/config/KerberosAuthProviderConfig.java
Outdated
Show resolved
Hide resolved
...service/src/main/java/com/vmware/taurus/authorization/config/KerberosAuthProviderConfig.java
Outdated
Show resolved
Hide resolved
...nes_control_service/src/main/java/com/vmware/taurus/authorization/config/KerberosConfig.java
Outdated
Show resolved
Hide resolved
...control-service/projects/pipelines_control_service/src/main/resources/application.properties
Outdated
Show resolved
Hide resolved
...control-service/projects/pipelines_control_service/src/main/resources/application.properties
Outdated
Show resolved
Hide resolved
...service/src/main/java/com/vmware/taurus/authorization/config/KerberosAuthProviderConfig.java
Outdated
Show resolved
Hide resolved
Signed-off-by: mrMoZ1 <[email protected]>
|
Can you provide a bit more details around testing done How did you verify the authentication passes successfully ? |
added 2 commits
March 9, 2022 17:49
Signed-off-by: mrMoZ1 <[email protected]>
Signed-off-by: mrMoZ1 <[email protected]>
mrMoZ1
changed the title
...ol-service/projects/base/src/main/java/com/vmware/taurus/security/SecurityConfiguration.java
Outdated
Show resolved
Hide resolved
...ol-service/projects/base/src/main/java/com/vmware/taurus/security/SecurityConfiguration.java
Outdated
Show resolved
Hide resolved
Signed-off-by: mrMoZ1 <[email protected]>
Signed-off-by: mrMoZ1 <[email protected]>
antoniivanov
requested changes
Mar 11, 2022
projects/control-service/projects/base/src/main/java/com/vmware/taurus/base/FeatureFlags.java
Outdated
Show resolved
Hide resolved
...ol-service/projects/base/src/main/java/com/vmware/taurus/security/SecurityConfiguration.java
Outdated
Show resolved
Hide resolved
antoniivanov
approved these changes
Mar 11, 2022
Signed-off-by: mrMoZ1 <[email protected]>
ivakoleva
added a commit
that referenced
this pull request
Mar 21, 2022
* [helm-chart]: add kerberos auth properties to helm chart what: Added new properties to the helm chart as requested here: #755 (comment) The new properties expose kerberos authentication configuration properties in the helm chart which are propagated to control-service. why: We are introducing a new KerberosAuthProvider in control-service and we need to expose configuration properties through the helm chart. testing: Deployed on local minikube cluster. Made sure secret is created and populated with correct files. Inspected control-service pods, made sure the new env variables are present and that secrets exist. Signed-off-by: Momchil Zhivkov [email protected] Co-authored-by: ivakoleva <[email protected]>
ivakoleva
pushed a commit
that referenced
this pull request
Mar 22, 2022
control-service: add OAuth2 enable/disable flag why: As a part of #755 we introduced a new authentication method. This change adds another flag which disables/enables OAuth2 authentication as requested here: #755 (comment) This pull request should be reviewed after #755 is. what: Added a new property and logic that adds OAuth2 to the control-service security filters if enabled. OAuth2 is enabled by default - this setting shouldn't introduce any regressions to other existing code. Security is disabled by default still. testing: On a locally running control-service made sure that endpoints are secure and proper filters where invoked when calling with and without an authenticated OAuth2 client through vdkcli: vdk execute --list -t supercollider -n job -u http://localhost:8092 Signed-off-by: mrMoZ1 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
what: Added a new AuthProviderConfig which should work with kerberos.
why: users requested Kerberos authentication in parallel with OAuth2
todo: Expose configuration properties against env variables/helm charts
we need to decide which ones to expose and on default values.
testing: Locally ran control service, made sure enable/disable flag works.
Ran requests on a locally running instance. Verified that: both OAuth2 and
SPNEGO filters are used when making requests and that users can authenticate
with either OAuth2 or Kerberos credentials. Requests were made with an
authenticated vdkcli:
vdk execute --list -t supercollider -n job -u http://localhost:8092and with a curl command for the kerberos authentication:
curl -vvv --negotiate -u : "http://localhost:8092/data-jobs/for-team/supercollider/jobs/smoke-test/executions"Signed-off-by: Momchil Zhivkov [email protected]