Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add EDI authentication authorization in legionctl #313

Closed
kirillmakhonin opened this issue Aug 8, 2018 · 1 comment · Fixed by #705
Closed

Add EDI authentication authorization in legionctl #313

kirillmakhonin opened this issue Aug 8, 2018 · 1 comment · Fixed by #705
Assignees
@kirillmakhonin
Labels
feature [Added] for new features. security [Security] to invite users to upgrade in case of vulnerabilities.
Milestone
0.10.0

Comments

@kirillmakhonin
Copy link
Member

kirillmakhonin commented Aug 8, 2018
edited by dsuslov
Loading

We need to protect EDI server with dex.
Also we need to add auth functionality to legionctl tool.
Question to discuss: which credentials should be passed to legionctl tool, dex token or plain login and password (legionctl sends it via HTTPS)

Login from local dev should result profile with all required endpoint and credential.
@kirillmakhonin kirillmakhonin added the feature [Added] for new features. label Aug 8, 2018
@kirillmakhonin kirillmakhonin added the security [Security] to invite users to upgrade in case of vulnerabilities. label Aug 14, 2018
kirillmakhonin added a commit that referenced this issue Nov 29, 2018
@kirillmakhonin
[#313] Add legionctl-api DEX config
d36ea27
kirillmakhonin added a commit that referenced this issue Nov 29, 2018
@kirillmakhonin
[#313] OAuth experiments
eaad501
@dsuslov dsuslov added this to the 0.10.0 milestone Dec 11, 2018
@kirillmakhonin
Copy link
Member Author

As a variant, next flow is possible:

  1. New entity named auth tool has to be added.
  2. auth tool has to operate with DEX directly (not in proxy gate mode)
  3. EDI has to be closed by DEX (in proxy gate mode)
  4. On each remote command legionctl tool can get 401/403 HTTP code in response.
  5. In cases of 401/403 code legionctl has to request auth tool with required scope (e.g. enclave and functions). On response auth tool generates web URL (that is handled by auth) closed by dex.
  6. Client receives this URL in console and, if it is possible, browser opens with URL
  7. Client has to be redirected from URL to DEX (standard way), then redirected back with oauth2 token
  8. auth web view has to display token and try to connect to listened by legionctl local port using standard XHR web request to provide token automatically.

kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Add DEX on EDI
6fbb1bc
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Use template for enabling EDI
4fb2601
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Add auth template to core
05f7416
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Remove auth from Nexus
94980af
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Add Jinja
2c9b06f
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Add DEX on EDI
5093f9d
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Use template for enabling EDI
8982d36
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Add auth template to core
fc9037a
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Remove auth from Nexus
42e5381
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Add Jinja
55a00a6
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Web UI
4e4e005
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Typo
7a88d8b
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Update styles
f742de9
kirillmakhonin added a commit that referenced this issue Dec 27, 2018
@kirillmakhonin
[#313] Remove typos
e427858
mcdoker18 added a commit that referenced this issue Dec 27, 2018
@mcdoker18
[#313] add login command to legionctl
2247494
mcdoker18 added a commit that referenced this issue Dec 28, 2018
@mcdoker18
[#313] fix linters
969f864
kirillmakhonin added a commit that referenced this issue Dec 28, 2018
@kirillmakhonin
[#313] Add API root
7b22a9b
mcdoker18 added a commit that referenced this issue Dec 28, 2018
@mcdoker18
[#313] add robot tests
22d782d
mcdoker18 added a commit that referenced this issue Dec 28, 2018
@mcdoker18
[#313] use format instead of f string
239540a
mcdoker18 added a commit that referenced this issue Dec 28, 2018
@mcdoker18
[#313] use format instead of f string
2098980
mcdoker18 added a commit that referenced this issue Dec 28, 2018
@mcdoker18
[#313] add login tests
98464c7
mcdoker18 added a commit that referenced this issue Dec 29, 2018
@mcdoker18
[#313] set token in the test_check_edi_client test
b71d9a3
kirillmakhonin added a commit that referenced this issue Dec 29, 2018
@kirillmakhonin
[#313] Add test variables
b04d8d4
mcdoker18 added a commit that referenced this issue Dec 29, 2018
@mcdoker18
[#313] add docs
8440ff6
@kirillmakhonin kirillmakhonin mentioned this issue Dec 29, 2018
Merged
kirillmakhonin added a commit that referenced this issue Dec 29, 2018
@kirillmakhonin
[#313] Fix nexus url in tests
add4842
mcdoker18 added a commit that referenced this issue Dec 29, 2018
@mcdoker18
[#313] fix test
30c40ff
mcdoker18 added a commit that referenced this issue Dec 29, 2018
@mcdoker18
[#313] fix test
35059de
mcdoker18 added a commit that referenced this issue Dec 29, 2018
@mcdoker18
[#313] fix test
bef0e3f
mcdoker18 added a commit that referenced this issue Dec 29, 2018
@mcdoker18
[#313] fix test
c080b6a
dsuslov pushed a commit that referenced this issue Dec 29, 2018
@kirillmakhonin
[#313] Add auth for EDI (#705)
84e28d6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kirillmakhonin kirillmakhonin

Labels
feature [Added] for new features. security [Security] to invite users to upgrade in case of vulnerabilities.
Projects
None yet
Milestone
0.10.0
Development

Successfully merging a pull request may close this issue.

[#313] Add auth for EDI legion-platform/legion
2 participants
@dsuslov @kirillmakhonin