Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement admin logic #308

Closed
hug-dev opened this issue Jan 8, 2021 · 0 comments · Fixed by #316
Closed

Implement admin logic #308

hug-dev opened this issue Jan 8, 2021 · 0 comments · Fixed by #316
Labels
multitenancy Getting Parsec to provide isolated key stores for multiple clients based on an identity mechanism security Issues related to the security and privacy of the service

Comments

@hug-dev
Copy link
Member

hug-dev commented Jan 8, 2021
edited
Loading

In the config file

We add under the [authenticator] section the admins field:

admins = [ { name = "admin_1" }, { name = "admin_2" } ]

The type of name is authenticator-dependant but would map to application names that are considered as admin for that authenticator: a SPIFFE ID, a UID, a string (for direct auth).

In the service builder

When building the authenticator structure (implementing Authenticate), we store the information of the admins application name in the authenticator structure.

In the front-end handler

The front-end handler calls the authenticate method on the authenticator to then dispatch the request with the good application name (or none). Things here stay the same but the ApplicationName structure would be enhanced with a boolean field indicating if it is an admin application name or not (is_admin). It's the authenticator during the authenticate call that would set that boolean or not if the application name is in the list of the admin ones.

In the back-end handler

Before calling the appropriate Provide method, for those that require admin privilege, is_admin is called to check if the application has privilege or not. If not a AdminOperation error should be returned (see parallaxsecond/parsec-interface-rs#93).

Testing

Will be done in another issue, in #309
@hug-dev hug-dev added security Issues related to the security and privacy of the service multitenancy Getting Parsec to provide isolated key stores for multiple clients based on an identity mechanism labels Jan 8, 2021
This was referenced Jan 8, 2021
Closed
Closed
Closed
@ionut-arm ionut-arm mentioned this issue Jan 12, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
multitenancy Getting Parsec to provide isolated key stores for multiple clients based on an identity mechanism security Issues related to the security and privacy of the service
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add admin configuration ionut-arm/parsec
1 participant
@hug-dev