Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move API OpenID-Connect support to Apache configuration #828

Merged
merged 2 commits into from
May 8, 2020
Merged

Move API OpenID-Connect support to Apache configuration #828

merged 2 commits into from
May 8, 2020

Conversation

jvlcek
Copy link
Member

@jvlcek jvlcek commented May 6, 2020
edited
Loading

Fixes ManageIQ/manageiq#19866

This PR, combined with others in other github repos, will move the support for the ManageIQ API out of code and into the Apache configuration.

Dependent PRs
ManageIQ/manageiq-appliance#282
ManageIQ/manageiq#20131
ManageIQ/manageiq-appliance_console#117

@jvlcek
Copy link
Member Author

jvlcek commented May 6, 2020

@miq-bot add_label wip
Setting wip label until more testing is done.

@miq-bot miq-bot changed the title Move API OpenID-Connect support to Apache configuration [WIP] Move API OpenID-Connect support to Apache configuration May 6, 2020
@miq-bot miq-bot added the wip label May 6, 2020
This was referenced May 6, 2020
Merged
Merged
@abellotti
Copy link
Member

@jvlcek do you have an example Authentication and Authorization lines from the api.log for a JWT auth ? Thanks.

@miq-bot
Copy link
Member

miq-bot commented May 6, 2020

Checked commits jvlcek/manageiq-api@10f9684~...1f336c9 with ruby 2.5.7, rubocop 0.69.0, haml-lint 0.28.0, and yamllint
1 file checked, 0 offenses detected
Everything looks fine. 🏆

@jvlcek
Copy link
Member Author

jvlcek commented May 6, 2020

@jvlcek do you have an example Authentication and Authorization lines from the api.log for a JWT auth ? Thanks.

[----] I, [2020-05-06T16:09:18.630446 #15779:f03e44]  INFO -- : MIQ(Api::UsersController.log_request_initiated)  
[----] I, [2020-05-06T16:09:18.630644 #15779:f03e44]  INFO -- : MIQ(Api::UsersController.log_request) API Request:    {:requested_at=>"2020-05-06 20:09:18 UTC", :method=>"GET", :url=>"https://joev-oidc.jvlcek.redhat.com/api/users"}
[----] I, [2020-05-06T16:09:18.673310 #15779:f03e44]  INFO -- : MIQ(Api::UsersController.log_request) Authentication: {:type=>"jwt", :token=>nil, :x_miq_group=>nil, :user=>"jvlcek@jvlcek.redhat.com"}
[----] I, [2020-05-06T16:09:18.675832 #15779:f03e44]  INFO -- : MIQ(Api::UsersController.log_request) Authorization:  {:user=>"jvlcek@jvlcek.redhat.com", :group=>"EvmGroup-super_administrator", :role=>"EvmRole-super_administrator", :tenant=>"My Company"}
[----] I, [2020-05-06T16:09:18.676293 #15779:f03e44]  INFO -- : MIQ(Api::UsersController.log_request) Request:        {:method=>:get, :action=>"read", :fullpath=>"/api/users", :url=>"https://joev-oidc.jvlcek.redhat.com/api/users", :base=>"https://joev-oidc.jvlcek.redhat.com", :path=>"/api/users", :prefix=>"/api", :version=>"4.3.0-pre", :api_prefix=>"https://joev-oidc.jvlcek.redhat.com/api", :collection=>"users", :c_suffix=>nil, :collection_id=>nil, :subcollection=>nil, :subcollection_id=>nil}
[----] I, [2020-05-06T16:09:18.676650 #15779:f03e44]  INFO -- : MIQ(Api::UsersController.log_request) Parameters:     {"action"=>"index", "controller"=>"api/users", "format"=>"json", "body"=>{}}
[----] I, [2020-05-06T16:09:18.681873 #15779:f03e44]  INFO -- : MIQ(Api::UsersController.log_request) Response:       {:completed_at=>"2020-05-06 20:09:18 UTC", :size=>"0.939 KBytes", :time_taken=>"0.051 Seconds", :status=>200}

This was referenced May 7, 2020
Closed
Merged
@jvlcek jvlcek changed the title [WIP] Move API OpenID-Connect support to Apache configuration Move API OpenID-Connect support to Apache configuration May 8, 2020
@jvlcek
Copy link
Member Author

jvlcek commented May 8, 2020

@miq-bot remove_label wip

@miq-bot miq-bot removed the wip label May 8, 2020
@Fryguy Fryguy merged commit da56aab into ManageIQ:master May 8, 2020
@Fryguy Fryguy self-assigned this May 8, 2020
simaishi pushed a commit that referenced this pull request May 12, 2020
@Fryguy @simaishi
Merge pull request #828 from jvlcek/oidc_to_httpd_config_issue_19866
ff47697 
Move API OpenID-Connect support to Apache configuration

(cherry picked from commit da56aab)
@simaishi
Copy link
Contributor

Jansa backport details:

$ git log -1
commit ff4769717e48f5113fbd089558ce68f5bf59c81b
Author: Jason Frey <fryguy9@gmail.com>
Date:   Fri May 8 16:34:19 2020 -0400

    Merge pull request #828 from jvlcek/oidc_to_httpd_config_issue_19866

    Move API OpenID-Connect support to Apache configuration

    (cherry picked from commit da56aabc6e7728d341150362085c641adf24ba71)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chessbyte chessbyte chessbyte left review comments

@abellotti abellotti Awaiting requested review from abellotti

@bdunne bdunne Awaiting requested review from bdunne bdunne is a code owner

Assignees

@Fryguy Fryguy

Labels
enhancement jansa/backported
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Research moving API OpenID-Connect/OAuth2 support into Apache configuration
7 participants
@jvlcek @abellotti @miq-bot @simaishi @chessbyte @Fryguy @gtanzillo