From 36d2f7ee315b2035e333f3a52cae359b052d6071 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Tue, 17 May 2022 19:58:49 -0400 Subject: [PATCH 01/28] wip --- api/authorization.yml | 5 +- api/swagger.yml | 17 ++++++- go.mod | 16 ++++-- go.sum | 16 ++++++ pkg/api/auth_middleware.go | 68 +++++++++++++++++++++---- pkg/api/controller.go | 53 ++++++++++++++++++++ pkg/api/oidc_handler.go | 78 +++++++++++++++++++++++++++++ pkg/api/serve.go | 38 +++++++++++++- pkg/auth/model/model.go | 1 + pkg/auth/service.go | 14 +++++- pkg/ddl/000038_auth_oidc.down.sql | 4 ++ pkg/ddl/000038_auth_oidc.up.sql | 6 +++ webui/src/lib/components/navbar.jsx | 5 +- webui/src/lib/hooks/api.jsx | 10 +--- webui/vite.config.js | 10 ++++ 15 files changed, 311 insertions(+), 30 deletions(-) create mode 100644 pkg/api/oidc_handler.go create mode 100644 pkg/ddl/000038_auth_oidc.down.sql create mode 100644 pkg/ddl/000038_auth_oidc.up.sql diff --git a/api/authorization.yml b/api/authorization.yml index 178009922af..a60e87590cc 100644 --- a/api/authorization.yml +++ b/api/authorization.yml @@ -129,7 +129,8 @@ components: encryptedPassword: type: string format: byte - + oidc_open_id: + type: string UserPassword: type: object required: @@ -153,6 +154,8 @@ components: encryptedPassword: type: string format: byte + oidc_open_id: + type: string required: - username diff --git a/api/swagger.yml b/api/swagger.yml index 27779bd7129..60369c8625a 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -8,7 +8,8 @@ info: servers: - url: "/api/v1" description: lakeFS server endpoint - + - url: "/" + description: login and logout pages security: - jwt_token: [] - basic_auth: [] @@ -1147,6 +1148,20 @@ paths: schema: $ref: "#/components/schemas/CurrentUser" + /oidc/callback: + get: + tags: + - auth + operationId: oauthCallback + security: [] + responses: + 302: + description: successfully got token + 401: + description: failed to exchange authorization code for token + default: + $ref: "#/components/responses/ServerError" + /auth/login: post: tags: diff --git a/go.mod b/go.mod index 98c4a8cfbd8..3d61eec1454 100644 --- a/go.mod +++ b/go.mod @@ -66,8 +66,8 @@ require ( github.com/xitongsys/parquet-go v1.6.0 github.com/xitongsys/parquet-go-source v0.0.0-20201108113611-f372b7d813be golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 - golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914 - golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d + golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 + golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 google.golang.org/api v0.51.0 google.golang.org/protobuf v1.27.1 gopkg.in/natefinch/lumberjack.v2 v2.0.0 @@ -77,6 +77,14 @@ require ( require golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 +require ( + github.com/coreos/go-oidc v2.2.1+incompatible // indirect + github.com/gorilla/securecookie v1.1.1 // indirect + github.com/gorilla/sessions v1.2.1 // indirect + github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 // indirect + gopkg.in/square/go-jose.v2 v2.5.1 // indirect +) + require ( 4d63.com/gochecknoglobals v0.0.0-20201008074935-acfc0b28355a // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect @@ -264,8 +272,8 @@ require ( golang.org/x/exp v0.0.0-20210220032938-85be41e4509f // indirect golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect - golang.org/x/net v0.0.0-20211101193420-4a448f8816b3 // indirect - golang.org/x/sys v0.0.0-20211102061401-a2f17f7b995c // indirect + golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect + golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/tools v0.1.10 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect diff --git a/go.sum b/go.sum index 14b8acdabcc..6fe9a317fb1 100644 --- a/go.sum +++ b/go.sum @@ -406,6 +406,8 @@ github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8Nz github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk= +github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= @@ -830,6 +832,10 @@ github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -1356,6 +1362,7 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/polyfloyd/go-errorlint v0.0.0-20201127212506-19bd8db6546f h1:xAw10KgJqG5NJDfmRqJ05Z0IFblKumjtMeyiOLxj3+4= github.com/polyfloyd/go-errorlint v0.0.0-20201127212506-19bd8db6546f/go.mod h1:wi9BfjxjF/bwiZ701TzmfKu6UKC357IOAtNr0Td0Lvw= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 h1:0XM1XL/OFFJjXsYXlG30spTkV/E9+gmd5GD1w2HE8xM= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -1825,6 +1832,8 @@ golang.org/x/net v0.0.0-20211013171255-e13a2654a71e/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211101193420-4a448f8816b3 h1:VrJZAjbekhoRn7n5FBujY31gboH+iB3pdLxn3gE9FjU= golang.org/x/net v0.0.0-20211101193420-4a448f8816b3/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180227000427-d7d64896b5ff/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1841,6 +1850,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914 h1:3B43BWw0xEBsLZ/NO1VALz6fppU3481pik+2Ksv45z8= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 h1:OSnWWcOd/CtWQC2cYSBgbTSJv3ciqd8r54ySIW2y3RE= +golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1969,11 +1980,15 @@ golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211102061401-a2f17f7b995c h1:QOfDMdrf/UwlVR0UBq2Mpr58UzNtvgJRXA4BgPfFACs= golang.org/x/sys v0.0.0-20211102061401-a2f17f7b995c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2311,6 +2326,7 @@ gopkg.in/retry.v1 v1.0.3 h1:a9CArYczAVv6Qs6VGoLMio99GEs7kY9UzSF9+LD+iGs= gopkg.in/retry.v1 v1.0.3/go.mod h1:FJkXmWiMaAo7xB+xhvDF59zhfjDWyzmyAxiT4dB688g= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index 4a1f5e784ad..ed84e66e9df 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -2,14 +2,18 @@ package api import ( "context" + "errors" "net/http" "strconv" "strings" + "time" "github.com/getkin/kin-openapi/openapi3" "github.com/getkin/kin-openapi/routers" "github.com/getkin/kin-openapi/routers/legacy" + "github.com/go-openapi/swag" "github.com/golang-jwt/jwt" + "github.com/gorilla/sessions" "github.com/treeverse/lakefs/pkg/auth" "github.com/treeverse/lakefs/pkg/auth/model" "github.com/treeverse/lakefs/pkg/logging" @@ -28,7 +32,7 @@ func extractSecurityRequirements(router routers.Router, r *http.Request) (openap return *route.Operation.Security, nil } -func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authenticator auth.Authenticator, authService auth.Service) func(next http.Handler) http.Handler { +func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authenticator auth.Authenticator, authService auth.Service, sessionStore sessions.Store) func(next http.Handler) http.Handler { router, err := legacy.NewRouter(swagger) if err != nil { panic(err) @@ -40,7 +44,7 @@ func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authentica writeError(w, http.StatusBadRequest, err) return } - user, err := checkSecurityRequirements(r, securityRequirements, logger, authenticator, authService) + user, err := checkSecurityRequirements(r, securityRequirements, logger, authenticator, authService, sessionStore) if err != nil { writeError(w, http.StatusUnauthorized, err) return @@ -55,11 +59,14 @@ func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authentica // checkSecurityRequirements goes over the security requirements and check the authentication. returns the user information and error if the security check was required. // it will return nil user and error in case of no security checks to match. -func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.SecurityRequirements, logger logging.Logger, authenticator auth.Authenticator, authService auth.Service) (*model.User, error) { +func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.SecurityRequirements, logger logging.Logger, authenticator auth.Authenticator, authService auth.Service, sessionStore sessions.Store) (*model.User, error) { ctx := r.Context() var user *model.User var err error - + session, err := sessionStore.Get(r, OIDCAuthSessionName) + if err != nil { + return nil, err + } logger = logger.WithContext(ctx) for _, securityRequirement := range securityRequirements { for provider := range securityRequirement { @@ -84,12 +91,14 @@ func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.Se } user, err = userByAuth(ctx, logger, authenticator, authService, accessKey, secretKey) case "cookie_auth": - // validate jwt token from cookie - jwtCookie, _ := r.Cookie(JWTCookieName) - if jwtCookie == nil { - continue - } - user, err = userByToken(ctx, logger, authService, jwtCookie.Value) + // TODO if oidc enabled: + user, err = userFromOIDC(ctx, logger, authService, session) + //// validate jwt token from cookie + //jwtCookie, _ := r.Cookie(JWTCookieName) + //if jwtCookie == nil { + // continue + //} + //user, err = userByToken(ctx, logger, authService, jwtCookie.Value) default: // unknown security requirement to check logger.WithField("provider", provider).Error("Authentication middleware unknown security requirement provider") @@ -106,6 +115,45 @@ func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.Se return nil, nil } +func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.Service, authSession *sessions.Session) (*model.User, error) { + profile, ok := authSession.Values["profile"].(map[string]interface{}) + if !ok || profile == nil { + return nil, ErrAuthenticatingRequest + } + if _, ok = profile["email"]; !ok { + return nil, ErrAuthenticatingRequest + } + email := "" + if email, ok = profile["email"].(string); !ok || email == "" { + return nil, ErrAuthenticatingRequest + } + + user, err := authService.GetUserByEmail(ctx, email) + if err == nil { + return user, nil + } + if !errors.Is(err, auth.ErrNotFound) { + return nil, err + } + u := &model.User{ + CreatedAt: time.Now().UTC(), + FriendlyName: swag.String(profile["name"].(string)), // TODO make safe + Source: "oidc", + Email: swag.String(email), + OidcOpenID: profile["sub"].(string), // TODO make safe + Username: email, + } + _, err = authService.CreateUser(ctx, u) + if err != nil { + return nil, err + } + err = authService.AddUserToGroup(ctx, u.Username, auth.DevelopersGroup) // TODO default group should be configurable? + if err != nil { + return nil, err + } + return u, nil +} + func userByToken(ctx context.Context, logger logging.Logger, authService auth.Service, tokenString string) (*model.User, error) { claims, err := auth.VerifyToken(authService.SecretStore().SharedSecret(), tokenString) // make sure no audience is set for login token diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 3db3f91515d..286f99baa75 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -18,7 +18,9 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" + "github.com/coreos/go-oidc" "github.com/go-openapi/swag" + "github.com/gorilla/sessions" nanoid "github.com/matoous/go-nanoid/v2" "github.com/treeverse/lakefs/pkg/actions" "github.com/treeverse/lakefs/pkg/auth" @@ -37,6 +39,7 @@ import ( "github.com/treeverse/lakefs/pkg/stats" "github.com/treeverse/lakefs/pkg/upload" "github.com/treeverse/lakefs/pkg/version" + "golang.org/x/oauth2" ) type contextKey string @@ -81,6 +84,9 @@ type Controller struct { AuditChecker AuditChecker Logger logging.Logger Emailer *email.Emailer + sessionStore sessions.Store + oauthConfig oauth2.Config // TODO move from here + oidcVerifier *oidc.IDTokenVerifier // TODO move from here } func (c *Controller) GetAuthCapabilities(w http.ResponseWriter, _ *http.Request) { @@ -172,6 +178,47 @@ func (c *Controller) Logout(w http.ResponseWriter, _ *http.Request) { writeResponse(w, http.StatusOK, nil) } +func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + + session, err := c.sessionStore.Get(r, OIDCAuthSessionName) + if err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + if r.URL.Query().Get("state") != session.Values["state"] { + writeError(w, http.StatusBadRequest, "Invalid state parameter.") + return + } + + // Exchange an authorization code for a token. + token, err := c.oauthConfig.Exchange(ctx, r.URL.Query().Get("code")) + if err != nil { + writeError(w, http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") + return + } + rawIDToken, ok := token.Extra("id_token").(string) + if !ok { + writeError(w, http.StatusUnauthorized, "no id_token field in oauth2 token") + } + + idToken, err := c.oidcVerifier.Verify(ctx, rawIDToken) + + var profile map[string]interface{} + if err := idToken.Claims(&profile); err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + session.Values["access_token"] = token.AccessToken + session.Values["profile"] = profile + err = session.Save(r, w) + if err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + http.Redirect(w, r, "/", http.StatusTemporaryRedirect) +} + func (c *Controller) Login(w http.ResponseWriter, r *http.Request, body LoginJSONRequestBody) { ctx := r.Context() user, err := userByAuth(ctx, c.Logger, c.Authenticator, c.Auth, body.AccessKeyId, body.SecretAccessKey) @@ -3399,6 +3446,9 @@ func NewController( auditChecker AuditChecker, logger logging.Logger, emailer *email.Emailer, + oauthConfig oauth2.Config, + oidcVerifier *oidc.IDTokenVerifier, + sessionStore sessions.Store, ) *Controller { return &Controller{ Config: cfg, @@ -3414,6 +3464,9 @@ func NewController( AuditChecker: auditChecker, Logger: logger, Emailer: emailer, + oauthConfig: oauthConfig, + oidcVerifier: oidcVerifier, + sessionStore: sessionStore, } } diff --git a/pkg/api/oidc_handler.go b/pkg/api/oidc_handler.go new file mode 100644 index 00000000000..91b4b033bc9 --- /dev/null +++ b/pkg/api/oidc_handler.go @@ -0,0 +1,78 @@ +package api + +import ( + "crypto/rand" + "encoding/base64" + "net/http" + "net/url" + + "github.com/gorilla/sessions" + "golang.org/x/oauth2" +) + +const ( + OIDCAuthSessionName = "auth-session" +) + +func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig oauth2.Config) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + state, err := generateRandomState() + if err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + + session, err := sessionStore.Get(r, OIDCAuthSessionName) + if err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + session.Values["state"] = state + if err := session.Save(r, w); err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + http.Redirect(w, r, oauthConfig.AuthCodeURL(state), http.StatusTemporaryRedirect) + } +} + +func NewOIDCLogoutHandler(sessionStore sessions.Store, oauthConfig oauth2.Config, logoutUrl *url.URL) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + session, err := sessionStore.Get(r, OIDCAuthSessionName) + if err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + session.Values = map[interface{}]interface{}{} + if err := session.Save(r, w); err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + scheme := "http" + if r.TLS != nil { + scheme = "https" + } + + returnTo, err := url.Parse(scheme + "://" + r.Host) + if err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + + parameters := url.Values{} + parameters.Add("returnTo", returnTo.String()) + parameters.Add("client_id", oauthConfig.ClientID) + logoutUrl.RawQuery = parameters.Encode() + http.Redirect(w, r, logoutUrl.String(), http.StatusTemporaryRedirect) + } +} + +func generateRandomState() (string, error) { + b := make([]byte, 32) + _, err := rand.Read(b) + if err != nil { + return "", err + } + state := base64.StdEncoding.EncodeToString(b) + return state, nil +} diff --git a/pkg/api/serve.go b/pkg/api/serve.go index 3aa6d94cfe7..7599db185c2 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -3,16 +3,22 @@ package api //go:generate oapi-codegen -package api -generate "types,client,chi-server,spec" -templates tmpl -o lakefs.gen.go ../../api/swagger.yml import ( + "context" + "encoding/gob" "encoding/json" "errors" "io" "net/http" + "net/url" + "os" + "github.com/coreos/go-oidc" "github.com/getkin/kin-openapi/openapi3" "github.com/getkin/kin-openapi/openapi3filter" "github.com/getkin/kin-openapi/routers" "github.com/getkin/kin-openapi/routers/legacy" "github.com/go-chi/chi/v5" + "github.com/gorilla/sessions" "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/treeverse/lakefs/pkg/auth" "github.com/treeverse/lakefs/pkg/block" @@ -24,6 +30,7 @@ import ( "github.com/treeverse/lakefs/pkg/httputil" "github.com/treeverse/lakefs/pkg/logging" "github.com/treeverse/lakefs/pkg/stats" + "golang.org/x/oauth2" ) const ( @@ -54,11 +61,29 @@ func Serve( emailer *email.Emailer, gatewayDomains []string, ) http.Handler { + gob.Register(map[string]interface{}{}) logger.Info("initialize OpenAPI server") swagger, err := GetSwagger() if err != nil { panic(err) } + + provider, _ := oidc.NewProvider( // TODO handle error - and move this away + context.Background(), // TODO context should not be here? + "https://"+os.Getenv("OIDC_DOMAIN")+"/", + ) + oauthConfig := oauth2.Config{ + ClientID: os.Getenv("OIDC_CLIENT_ID"), // TODO use generic variable names + ClientSecret: os.Getenv("OIDC_CLIENT_SECRET"), + RedirectURL: os.Getenv("OIDC_CALLBACK_URL"), + Endpoint: provider.Endpoint(), + Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, + } + sessionStore := sessions.NewCookieStore(authService.SecretStore().SharedSecret()) + oidcVerifier := provider.Verifier(&oidc.Config{ + ClientID: oauthConfig.ClientID, + }) + r := chi.NewRouter() apiRouter := r.With( OapiRequestValidatorWithOptions(swagger, &openapi3filter.Options{ @@ -68,10 +93,9 @@ func Serve( RequestIDHeaderName, logging.Fields{logging.ServiceNameFieldKey: LoggerServiceName}, cfg.GetLoggingTraceRequestHeaders()), - AuthMiddleware(logger, swagger, authenticator, authService), + AuthMiddleware(logger, swagger, authenticator, authService, sessionStore), MetricsMiddleware(swagger), ) - controller := NewController( cfg, catalog, @@ -86,6 +110,9 @@ func Serve( auditChecker, logger, emailer, + oauthConfig, + oidcVerifier, + sessionStore, ) HandlerFromMuxWithBaseURL(controller, apiRouter, BaseURL) @@ -94,6 +121,13 @@ func Serve( r.Mount("/_pprof/", httputil.ServePPROF("/_pprof/")) r.Mount("/swagger.json", http.HandlerFunc(swaggerSpecHandler)) r.Mount(BaseURL, http.HandlerFunc(InvalidAPIEndpointHandler)) + r.Mount("/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig)) // TODO only if oidc enabled: + logoutUrl, err := url.Parse("https://" + os.Getenv("OIDC_DOMAIN") + "/v2/logout") + if err != nil { + panic(err) + } + r.Mount("/logout", NewOIDCLogoutHandler(sessionStore, oauthConfig, logoutUrl)) // TODO only if oidc enabled: + r.Mount("/", NewUIHandler(gatewayDomains)) return r } diff --git a/pkg/auth/model/model.go b/pkg/auth/model/model.go index 7bd0e369535..3f16f15fea3 100644 --- a/pkg/auth/model/model.go +++ b/pkg/auth/model/model.go @@ -38,6 +38,7 @@ type User struct { Email *string `db:"email" json:"email"` EncryptedPassword []byte `db:"encrypted_password" json:"encrypted_password"` Source string `db:"source" json:"source"` + OidcOpenID string `db:"oidc_openid"` } func (u *User) UpdatePassword(password string) error { diff --git a/pkg/auth/service.go b/pkg/auth/service.go index 7a9819e5411..bcce1501276 100644 --- a/pkg/auth/service.go +++ b/pkg/auth/service.go @@ -185,6 +185,15 @@ func getUserByEmail(tx db.Tx, email string) (*model.User, error) { return user, nil } +func getUserByOidcOpenID(tx db.Tx, oidcOpenID string) (*model.User, error) { + user := &model.User{} + err := tx.Get(user, `SELECT * FROM auth_users WHERE oidc_openid = $1`, oidcOpenID) + if err != nil { + return nil, err + } + return user, nil +} + func getGroup(tx db.Tx, groupDisplayName string) (*model.Group, error) { group := &model.Group{} err := tx.Get(group, `SELECT * FROM auth_groups WHERE display_name = $1`, groupDisplayName) @@ -269,8 +278,8 @@ func (s *DBAuthService) CreateUser(ctx context.Context, user *model.User) (int64 } var id int64 err := tx.Get(&id, - `INSERT INTO auth_users (display_name, created_at, friendly_name, source, email) VALUES ($1, $2, $3, $4, $5) RETURNING id`, - user.Username, user.CreatedAt, user.FriendlyName, user.Source, user.Email) + `INSERT INTO auth_users (display_name, created_at, friendly_name, source, email, oidc_openid) VALUES ($1, $2, $3, $4, $5, $6) RETURNING id`, + user.Username, user.CreatedAt, user.FriendlyName, user.Source, user.Email, user.OidcOpenID) return id, err }) if err != nil { @@ -1031,6 +1040,7 @@ func (a *APIAuthService) CreateUser(ctx context.Context, user *model.User) (int6 FriendlyName: user.FriendlyName, Source: &user.Source, Username: user.Username, + OidcOpenId: &user.OidcOpenID, }) if err != nil { return InvalidUserID, err diff --git a/pkg/ddl/000038_auth_oidc.down.sql b/pkg/ddl/000038_auth_oidc.down.sql new file mode 100644 index 00000000000..ca61fe02a01 --- /dev/null +++ b/pkg/ddl/000038_auth_oidc.down.sql @@ -0,0 +1,4 @@ +BEGIN; +ALTER TABLE auth_users + DROP COLUMN IF EXISTS oidc_openid; +COMMIT ; diff --git a/pkg/ddl/000038_auth_oidc.up.sql b/pkg/ddl/000038_auth_oidc.up.sql new file mode 100644 index 00000000000..9c05d680ac6 --- /dev/null +++ b/pkg/ddl/000038_auth_oidc.up.sql @@ -0,0 +1,6 @@ +BEGIN; + +ALTER TABLE auth_users + ADD COLUMN IF NOT EXISTS oidc_openid VARCHAR(100) UNIQUE; + +COMMIT; diff --git a/webui/src/lib/components/navbar.jsx b/webui/src/lib/components/navbar.jsx index 9524e76967b..8875c777937 100644 --- a/webui/src/lib/components/navbar.jsx +++ b/webui/src/lib/components/navbar.jsx @@ -7,9 +7,12 @@ import {auth, config} from "../api"; import {useRouter} from "../hooks/router"; import {Link} from "./nav"; import {useAPI} from "../hooks/api"; +import {useHistory} from "react-router-dom"; const NavUserInfo = () => { const router = useRouter(); + const history = useHistory(); + const { user, loading, error } = useUser(); const { response: versionResponse, loading: versionLoading, error: versionError } = useAPI(() => { return config.getLakeFSVersion() @@ -22,7 +25,7 @@ const NavUserInfo = () => { { auth.logout().then(() => { - router.push('/auth/login') + window.location = '/logout' }) }}> Logout diff --git a/webui/src/lib/hooks/api.jsx b/webui/src/lib/hooks/api.jsx index 85e1ba4f501..0a3ceff6289 100644 --- a/webui/src/lib/hooks/api.jsx +++ b/webui/src/lib/hooks/api.jsx @@ -55,15 +55,7 @@ export const useAPI = (promise, deps = []) => { useEffect(() => { if (login) { - const loginPathname = '/auth/login'; - if (router.route === loginPathname) { - return; - } - router.push({ - pathname: loginPathname, - query: {next: router.route}, - }); - setLogin(false); + window.location = '/login'; } }, [login, router]) diff --git a/webui/vite.config.js b/webui/vite.config.js index 12432e95c8b..2fef78bbb7c 100644 --- a/webui/vite.config.js +++ b/webui/vite.config.js @@ -27,6 +27,16 @@ export default ({ command }) => { target: 'http://localhost:8000', changeOrigin: true, secure: false + }, + '/login': { + target: 'http://localhost:8000', + changeOrigin: false, + secure: false + }, + '/logout': { + target: 'http://localhost:8000', + changeOrigin: false, + secure: false } } } From 19174287c6694d23b0ce7dc542a1adec110f3f00 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Wed, 1 Jun 2022 17:16:41 -0400 Subject: [PATCH 02/28] wip --- api/authorization.yml | 4 - api/swagger.yml | 12 +- clients/java/README.md | 13 + clients/java/api/openapi.yaml | 28 ++ clients/java/docs/ActionsApi.md | 32 +- clients/java/docs/AuthApi.md | 283 ++++++++++++++-- clients/java/docs/BranchesApi.md | 56 +++- clients/java/docs/CommitsApi.md | 24 +- clients/java/docs/ConfigApi.md | 16 +- clients/java/docs/ImportApi.md | 16 +- clients/java/docs/MetadataApi.md | 24 +- clients/java/docs/ObjectsApi.md | 64 +++- clients/java/docs/RefsApi.md | 40 ++- clients/java/docs/RepositoriesApi.md | 56 +++- clients/java/docs/RetentionApi.md | 24 +- clients/java/docs/SetupState.md | 1 + clients/java/docs/StagingApi.md | 16 +- clients/java/docs/TagsApi.md | 32 +- .../io/lakefs/clients/api/ActionsApi.java | 8 +- .../java/io/lakefs/clients/api/ApiClient.java | 2 + .../java/io/lakefs/clients/api/AuthApi.java | 166 +++++++-- .../io/lakefs/clients/api/BranchesApi.java | 14 +- .../io/lakefs/clients/api/CommitsApi.java | 6 +- .../java/io/lakefs/clients/api/ConfigApi.java | 4 +- .../java/io/lakefs/clients/api/ImportApi.java | 4 +- .../io/lakefs/clients/api/MetadataApi.java | 6 +- .../io/lakefs/clients/api/ObjectsApi.java | 16 +- .../java/io/lakefs/clients/api/RefsApi.java | 10 +- .../lakefs/clients/api/RepositoriesApi.java | 14 +- .../io/lakefs/clients/api/RetentionApi.java | 6 +- .../io/lakefs/clients/api/StagingApi.java | 4 +- .../java/io/lakefs/clients/api/TagsApi.java | 8 +- .../lakefs/clients/api/model/SetupState.java | 33 +- .../io/lakefs/clients/api/AuthApiTest.java | 14 + .../clients/api/model/SetupStateTest.java | 8 + clients/python/README.md | 14 + clients/python/docs/ActionsApi.md | 36 +- clients/python/docs/AuthApi.md | 315 ++++++++++++++++-- clients/python/docs/BranchesApi.md | 63 +++- clients/python/docs/CommitsApi.md | 27 +- clients/python/docs/ConfigApi.md | 18 +- clients/python/docs/ImportApi.md | 18 +- clients/python/docs/MetadataApi.md | 27 +- clients/python/docs/ObjectsApi.md | 72 +++- clients/python/docs/RefsApi.md | 45 ++- clients/python/docs/RepositoriesApi.md | 63 +++- clients/python/docs/RetentionApi.md | 27 +- clients/python/docs/SetupState.md | 1 + clients/python/docs/StagingApi.md | 18 +- clients/python/docs/TagsApi.md | 36 +- .../python/lakefs_client/api/actions_api.py | 12 +- clients/python/lakefs_client/api/auth_api.py | 186 +++++++++-- .../python/lakefs_client/api/branches_api.py | 21 +- .../python/lakefs_client/api/commits_api.py | 9 +- .../python/lakefs_client/api/config_api.py | 6 +- .../python/lakefs_client/api/import_api.py | 6 +- .../python/lakefs_client/api/metadata_api.py | 9 +- .../python/lakefs_client/api/objects_api.py | 24 +- clients/python/lakefs_client/api/refs_api.py | 15 +- .../lakefs_client/api/repositories_api.py | 21 +- .../python/lakefs_client/api/retention_api.py | 9 +- .../python/lakefs_client/api/staging_api.py | 6 +- clients/python/lakefs_client/api/tags_api.py | 12 +- clients/python/lakefs_client/configuration.py | 9 + .../python/lakefs_client/model/setup_state.py | 4 + clients/python/test/test_auth_api.py | 6 + cmd/lakefs/cmd/run.go | 24 ++ docs/assets/js/swagger.yml | 23 +- go.sum | 8 + pkg/api/auth_middleware.go | 44 ++- pkg/api/controller.go | 18 +- pkg/api/oidc_handler.go | 10 +- pkg/api/serve.go | 35 +- pkg/auth/model/model.go | 1 - pkg/auth/service.go | 14 +- pkg/config/config.go | 4 + pkg/config/template.go | 8 + pkg/ddl/000038_auth_oidc.down.sql | 4 - pkg/ddl/000038_auth_oidc.up.sql | 6 - webui/src/lib/components/navbar.jsx | 6 +- webui/src/lib/hooks/api.jsx | 11 +- webui/src/pages/auth/login.jsx | 18 +- webui/src/styles/globals.css | 16 +- webui/vite.config.js | 4 +- 84 files changed, 2021 insertions(+), 432 deletions(-) delete mode 100644 pkg/ddl/000038_auth_oidc.down.sql delete mode 100644 pkg/ddl/000038_auth_oidc.up.sql diff --git a/api/authorization.yml b/api/authorization.yml index a60e87590cc..95939f7582e 100644 --- a/api/authorization.yml +++ b/api/authorization.yml @@ -129,8 +129,6 @@ components: encryptedPassword: type: string format: byte - oidc_open_id: - type: string UserPassword: type: object required: @@ -154,8 +152,6 @@ components: encryptedPassword: type: string format: byte - oidc_open_id: - type: string required: - username diff --git a/api/swagger.yml b/api/swagger.yml index 60369c8625a..124c95ae2cc 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -8,13 +8,11 @@ info: servers: - url: "/api/v1" description: lakeFS server endpoint - - url: "/" - description: login and logout pages security: - jwt_token: [] - basic_auth: [] - cookie_auth: [] - + - oidc_auth: [] components: securitySchemes: basic_auth: @@ -28,7 +26,10 @@ components: type: apiKey in: cookie name: access_token - + oidc_auth: + type: apiKey + in: cookie + name: auth_session parameters: PaginationPrefix: in: query @@ -588,6 +589,8 @@ components: state: type: string enum: [initialized, not_initialized] + oidc_enabled: + type: boolean AccessKeyCredentials: type: object properties: @@ -1161,7 +1164,6 @@ paths: description: failed to exchange authorization code for token default: $ref: "#/components/responses/ServerError" - /auth/login: post: tags: diff --git a/clients/java/README.md b/clients/java/README.md index dd4533e2fd4..c769b2ff154 100644 --- a/clients/java/README.md +++ b/clients/java/README.md @@ -99,6 +99,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ActionsApi apiInstance = new ActionsApi(defaultClient); String repository = "repository_example"; // String | String runId = "runId_example"; // String | @@ -158,6 +164,7 @@ Class | Method | HTTP request | Description *AuthApi* | [**listUsers**](docs/AuthApi.md#listUsers) | **GET** /auth/users | list users *AuthApi* | [**login**](docs/AuthApi.md#login) | **POST** /auth/login | perform a login *AuthApi* | [**logout**](docs/AuthApi.md#logout) | **POST** /auth/logout | logs out a cookie-authenticated user +*AuthApi* | [**oauthCallback**](docs/AuthApi.md#oauthCallback) | **GET** /oidc/callback | *AuthApi* | [**updatePassword**](docs/AuthApi.md#updatePassword) | **POST** /auth/password | Update user password by reset_password token *AuthApi* | [**updatePolicy**](docs/AuthApi.md#updatePolicy) | **PUT** /auth/policies/{policyId} | update policy *BranchesApi* | [**createBranch**](docs/BranchesApi.md#createBranch) | **POST** /repositories/{repository}/branches | create branch @@ -301,6 +308,12 @@ Authentication schemes defined for the API: - **Type**: HTTP basic authentication +### oidc_auth + +- **Type**: API key +- **API key parameter name**: auth_session +- **Location**: + ## Recommendation diff --git a/clients/java/api/openapi.yaml b/clients/java/api/openapi.yaml index 5a16ff2cb23..fd525e7e430 100644 --- a/clients/java/api/openapi.yaml +++ b/clients/java/api/openapi.yaml @@ -10,6 +10,7 @@ security: - jwt_token: [] - basic_auth: [] - cookie_auth: [] +- oidc_auth: [] paths: /setup_lakefs: get: @@ -85,6 +86,24 @@ paths: tags: - auth x-accepts: application/json + /oidc/callback: + get: + operationId: oauthCallback + responses: + "302": + description: successfully got token + "401": + description: failed to exchange authorization code for token + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Internal Server Error + security: [] + tags: + - auth + x-accepts: application/json /auth/login: post: operationId: login @@ -5041,6 +5060,8 @@ components: - location type: object Error: + example: + message: message properties: message: description: short message explaining the error @@ -5141,6 +5162,7 @@ components: type: object SetupState: example: + oidc_enabled: true state: initialized properties: state: @@ -5148,6 +5170,8 @@ components: - initialized - not_initialized type: string + oidc_enabled: + type: boolean type: object AccessKeyCredentials: example: @@ -5919,4 +5943,8 @@ components: in: cookie name: access_token type: apiKey + oidc_auth: + in: cookie + name: auth_session + type: apiKey diff --git a/clients/java/docs/ActionsApi.md b/clients/java/docs/ActionsApi.md index bcc317efdf8..99f1106aeea 100644 --- a/clients/java/docs/ActionsApi.md +++ b/clients/java/docs/ActionsApi.md @@ -46,6 +46,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ActionsApi apiInstance = new ActionsApi(defaultClient); String repository = "repository_example"; // String | String runId = "runId_example"; // String | @@ -76,7 +82,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -127,6 +133,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ActionsApi apiInstance = new ActionsApi(defaultClient); String repository = "repository_example"; // String | String runId = "runId_example"; // String | @@ -159,7 +171,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -210,6 +222,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ActionsApi apiInstance = new ActionsApi(defaultClient); String repository = "repository_example"; // String | String after = "after_example"; // String | return items after this value @@ -246,7 +264,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -297,6 +315,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ActionsApi apiInstance = new ActionsApi(defaultClient); String repository = "repository_example"; // String | String runId = "runId_example"; // String | @@ -331,7 +355,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/AuthApi.md b/clients/java/docs/AuthApi.md index 0ea20b3481b..a9321cb334f 100644 --- a/clients/java/docs/AuthApi.md +++ b/clients/java/docs/AuthApi.md @@ -35,6 +35,7 @@ Method | HTTP request | Description [**listUsers**](AuthApi.md#listUsers) | **GET** /auth/users | list users [**login**](AuthApi.md#login) | **POST** /auth/login | perform a login [**logout**](AuthApi.md#logout) | **POST** /auth/logout | logs out a cookie-authenticated user +[**oauthCallback**](AuthApi.md#oauthCallback) | **GET** /oidc/callback | [**updatePassword**](AuthApi.md#updatePassword) | **POST** /auth/password | Update user password by reset_password token [**updatePolicy**](AuthApi.md#updatePolicy) | **PUT** /auth/policies/{policyId} | update policy @@ -75,6 +76,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String groupId = "groupId_example"; // String | String userId = "userId_example"; // String | @@ -104,7 +111,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -155,6 +162,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String groupId = "groupId_example"; // String | String policyId = "policyId_example"; // String | @@ -184,7 +197,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -235,6 +248,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | String policyId = "policyId_example"; // String | @@ -264,7 +283,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -315,6 +334,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | try { @@ -343,7 +368,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -394,6 +419,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); GroupCreation groupCreation = new GroupCreation(); // GroupCreation | try { @@ -422,7 +453,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -473,6 +504,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); Policy policy = new Policy(); // Policy | try { @@ -501,7 +538,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -552,6 +589,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); UserCreation userCreation = new UserCreation(); // UserCreation | try { @@ -580,7 +623,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -631,6 +674,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | String accessKeyId = "accessKeyId_example"; // String | @@ -660,7 +709,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -711,6 +760,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String groupId = "groupId_example"; // String | try { @@ -738,7 +793,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -789,6 +844,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String groupId = "groupId_example"; // String | String userId = "userId_example"; // String | @@ -818,7 +879,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -869,6 +930,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String policyId = "policyId_example"; // String | try { @@ -896,7 +963,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -947,6 +1014,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | try { @@ -974,7 +1047,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1025,6 +1098,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String groupId = "groupId_example"; // String | String policyId = "policyId_example"; // String | @@ -1054,7 +1133,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1105,6 +1184,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | String policyId = "policyId_example"; // String | @@ -1134,7 +1219,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1303,6 +1388,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | String accessKeyId = "accessKeyId_example"; // String | @@ -1333,7 +1424,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1384,6 +1475,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); try { CurrentUser result = apiInstance.getCurrentUser(); @@ -1408,7 +1505,7 @@ This endpoint does not need any parameter. ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1456,6 +1553,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String groupId = "groupId_example"; // String | try { @@ -1484,7 +1587,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1535,6 +1638,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String policyId = "policyId_example"; // String | try { @@ -1563,7 +1672,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1614,6 +1723,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | try { @@ -1642,7 +1757,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1693,6 +1808,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String groupId = "groupId_example"; // String | String prefix = "prefix_example"; // String | return items prefixed with this value @@ -1727,7 +1848,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1777,6 +1898,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String groupId = "groupId_example"; // String | String prefix = "prefix_example"; // String | return items prefixed with this value @@ -1811,7 +1938,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1862,6 +1989,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String prefix = "prefix_example"; // String | return items prefixed with this value String after = "after_example"; // String | return items after this value @@ -1894,7 +2027,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1944,6 +2077,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String prefix = "prefix_example"; // String | return items prefixed with this value String after = "after_example"; // String | return items after this value @@ -1976,7 +2115,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2026,6 +2165,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | String prefix = "prefix_example"; // String | return items prefixed with this value @@ -2060,7 +2205,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2111,6 +2256,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | String prefix = "prefix_example"; // String | return items prefixed with this value @@ -2145,7 +2296,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2196,6 +2347,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String userId = "userId_example"; // String | String prefix = "prefix_example"; // String | return items prefixed with this value @@ -2232,7 +2389,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2283,6 +2440,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String prefix = "prefix_example"; // String | return items prefixed with this value String after = "after_example"; // String | return items after this value @@ -2315,7 +2478,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2455,6 +2618,64 @@ null (empty response body) **401** | Unauthorized | - | **0** | Internal Server Error | - | + +# **oauthCallback** +> Error oauthCallback() + + + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.AuthApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + AuthApi apiInstance = new AuthApi(defaultClient); + try { + Error result = apiInstance.oauthCallback(); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling AuthApi#oauthCallback"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters +This endpoint does not need any parameter. + +### Return type + +[**Error**](Error.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**302** | successfully got token | - | +**401** | failed to exchange authorization code for token | - | +**0** | Internal Server Error | - | + # **updatePassword** > updatePassword(updatePasswordByToken) @@ -2559,6 +2780,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + AuthApi apiInstance = new AuthApi(defaultClient); String policyId = "policyId_example"; // String | Policy policy = new Policy(); // Policy | @@ -2589,7 +2816,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/BranchesApi.md b/clients/java/docs/BranchesApi.md index afba784aba8..7d24d0173c9 100644 --- a/clients/java/docs/BranchesApi.md +++ b/clients/java/docs/BranchesApi.md @@ -49,6 +49,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + BranchesApi apiInstance = new BranchesApi(defaultClient); String repository = "repository_example"; // String | BranchCreation branchCreation = new BranchCreation(); // BranchCreation | @@ -79,7 +85,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -132,6 +138,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + BranchesApi apiInstance = new BranchesApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -161,7 +173,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -212,6 +224,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + BranchesApi apiInstance = new BranchesApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -250,7 +268,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -301,6 +319,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + BranchesApi apiInstance = new BranchesApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -331,7 +355,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -382,6 +406,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + BranchesApi apiInstance = new BranchesApi(defaultClient); String repository = "repository_example"; // String | String prefix = "prefix_example"; // String | return items prefixed with this value @@ -416,7 +446,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -467,6 +497,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + BranchesApi apiInstance = new BranchesApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -498,7 +534,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -549,6 +585,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + BranchesApi apiInstance = new BranchesApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -580,7 +622,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/CommitsApi.md b/clients/java/docs/CommitsApi.md index f67a318d02b..8ad44b04737 100644 --- a/clients/java/docs/CommitsApi.md +++ b/clients/java/docs/CommitsApi.md @@ -45,6 +45,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + CommitsApi apiInstance = new CommitsApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -79,7 +85,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -132,6 +138,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + CommitsApi apiInstance = new CommitsApi(defaultClient); String repository = "repository_example"; // String | String commitId = "commitId_example"; // String | @@ -162,7 +174,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -213,6 +225,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + CommitsApi apiInstance = new CommitsApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -247,7 +265,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/ConfigApi.md b/clients/java/docs/ConfigApi.md index 2f15f9dc64d..09074377adc 100644 --- a/clients/java/docs/ConfigApi.md +++ b/clients/java/docs/ConfigApi.md @@ -48,6 +48,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ConfigApi apiInstance = new ConfigApi(defaultClient); try { VersionConfig result = apiInstance.getLakeFSVersion(); @@ -72,7 +78,7 @@ This endpoint does not need any parameter. ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -180,6 +186,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ConfigApi apiInstance = new ConfigApi(defaultClient); try { StorageConfig result = apiInstance.getStorageConfig(); @@ -204,7 +216,7 @@ This endpoint does not need any parameter. ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/ImportApi.md b/clients/java/docs/ImportApi.md index eaf3b44bd69..09908880f3b 100644 --- a/clients/java/docs/ImportApi.md +++ b/clients/java/docs/ImportApi.md @@ -44,6 +44,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ImportApi apiInstance = new ImportApi(defaultClient); String repository = "repository_example"; // String | MetaRangeCreation metaRangeCreation = new MetaRangeCreation(); // MetaRangeCreation | @@ -74,7 +80,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -126,6 +132,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ImportApi apiInstance = new ImportApi(defaultClient); String repository = "repository_example"; // String | StageRangeCreation stageRangeCreation = new StageRangeCreation(); // StageRangeCreation | @@ -156,7 +168,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/MetadataApi.md b/clients/java/docs/MetadataApi.md index a07dc8c56f0..6e2f1df35eb 100644 --- a/clients/java/docs/MetadataApi.md +++ b/clients/java/docs/MetadataApi.md @@ -45,6 +45,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + MetadataApi apiInstance = new MetadataApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -77,7 +83,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -128,6 +134,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + MetadataApi apiInstance = new MetadataApi(defaultClient); String repository = "repository_example"; // String | String metaRange = "metaRange_example"; // String | @@ -158,7 +170,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -209,6 +221,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + MetadataApi apiInstance = new MetadataApi(defaultClient); String repository = "repository_example"; // String | String range = "range_example"; // String | @@ -239,7 +257,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/ObjectsApi.md b/clients/java/docs/ObjectsApi.md index 11474a81024..cf642952a92 100644 --- a/clients/java/docs/ObjectsApi.md +++ b/clients/java/docs/ObjectsApi.md @@ -50,6 +50,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ObjectsApi apiInstance = new ObjectsApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -81,7 +87,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -132,6 +138,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ObjectsApi apiInstance = new ObjectsApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -164,7 +176,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -216,6 +228,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ObjectsApi apiInstance = new ObjectsApi(defaultClient); String repository = "repository_example"; // String | String ref = "ref_example"; // String | a reference (could be either a branch or a commit ID) @@ -248,7 +266,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -300,6 +318,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ObjectsApi apiInstance = new ObjectsApi(defaultClient); String repository = "repository_example"; // String | String ref = "ref_example"; // String | a reference (could be either a branch or a commit ID) @@ -332,7 +356,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -383,6 +407,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ObjectsApi apiInstance = new ObjectsApi(defaultClient); String repository = "repository_example"; // String | String ref = "ref_example"; // String | a reference (could be either a branch or a commit ID) @@ -423,7 +453,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -474,6 +504,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ObjectsApi apiInstance = new ObjectsApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -508,7 +544,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -560,6 +596,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ObjectsApi apiInstance = new ObjectsApi(defaultClient); String repository = "repository_example"; // String | String ref = "ref_example"; // String | a reference (could be either a branch or a commit ID) @@ -594,7 +636,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -646,6 +688,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + ObjectsApi apiInstance = new ObjectsApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -684,7 +732,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/RefsApi.md b/clients/java/docs/RefsApi.md index ea983fa09a5..ba2636c400e 100644 --- a/clients/java/docs/RefsApi.md +++ b/clients/java/docs/RefsApi.md @@ -47,6 +47,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RefsApi apiInstance = new RefsApi(defaultClient); String repository = "repository_example"; // String | String leftRef = "leftRef_example"; // String | a reference (could be either a branch or a commit ID) @@ -91,7 +97,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -142,6 +148,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RefsApi apiInstance = new RefsApi(defaultClient); String repository = "repository_example"; // String | try { @@ -170,7 +182,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -222,6 +234,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RefsApi apiInstance = new RefsApi(defaultClient); String repository = "repository_example"; // String | String ref = "ref_example"; // String | @@ -260,7 +278,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -311,6 +329,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RefsApi apiInstance = new RefsApi(defaultClient); String repository = "repository_example"; // String | String sourceRef = "sourceRef_example"; // String | source ref @@ -345,7 +369,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -399,6 +423,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RefsApi apiInstance = new RefsApi(defaultClient); String repository = "repository_example"; // String | RefsDump refsDump = new RefsDump(); // RefsDump | @@ -428,7 +458,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/RepositoriesApi.md b/clients/java/docs/RepositoriesApi.md index 1973b95d8a8..ca05a6c29bb 100644 --- a/clients/java/docs/RepositoriesApi.md +++ b/clients/java/docs/RepositoriesApi.md @@ -49,6 +49,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RepositoriesApi apiInstance = new RepositoriesApi(defaultClient); String repository = "repository_example"; // String | BranchProtectionRule branchProtectionRule = new BranchProtectionRule(); // BranchProtectionRule | @@ -78,7 +84,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -129,6 +135,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RepositoriesApi apiInstance = new RepositoriesApi(defaultClient); RepositoryCreation repositoryCreation = new RepositoryCreation(); // RepositoryCreation | Boolean bare = false; // Boolean | If true, create a bare repository with no initial commit and branch @@ -159,7 +171,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -211,6 +223,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RepositoriesApi apiInstance = new RepositoriesApi(defaultClient); String repository = "repository_example"; // String | InlineObject1 inlineObject1 = new InlineObject1(); // InlineObject1 | @@ -240,7 +258,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -291,6 +309,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RepositoriesApi apiInstance = new RepositoriesApi(defaultClient); String repository = "repository_example"; // String | try { @@ -318,7 +342,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -369,6 +393,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RepositoriesApi apiInstance = new RepositoriesApi(defaultClient); String repository = "repository_example"; // String | try { @@ -397,7 +427,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -448,6 +478,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RepositoriesApi apiInstance = new RepositoriesApi(defaultClient); String repository = "repository_example"; // String | try { @@ -476,7 +512,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -527,6 +563,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RepositoriesApi apiInstance = new RepositoriesApi(defaultClient); String prefix = "prefix_example"; // String | return items prefixed with this value String after = "after_example"; // String | return items after this value @@ -559,7 +601,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/RetentionApi.md b/clients/java/docs/RetentionApi.md index e8c4df78b1b..efac6bd5745 100644 --- a/clients/java/docs/RetentionApi.md +++ b/clients/java/docs/RetentionApi.md @@ -45,6 +45,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RetentionApi apiInstance = new RetentionApi(defaultClient); String repository = "repository_example"; // String | try { @@ -73,7 +79,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -124,6 +130,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RetentionApi apiInstance = new RetentionApi(defaultClient); String repository = "repository_example"; // String | GarbageCollectionPrepareRequest garbageCollectionPrepareRequest = new GarbageCollectionPrepareRequest(); // GarbageCollectionPrepareRequest | @@ -154,7 +166,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -205,6 +217,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + RetentionApi apiInstance = new RetentionApi(defaultClient); String repository = "repository_example"; // String | GarbageCollectionRules garbageCollectionRules = new GarbageCollectionRules(); // GarbageCollectionRules | @@ -234,7 +252,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/SetupState.md b/clients/java/docs/SetupState.md index e939bd91724..079b97512d9 100644 --- a/clients/java/docs/SetupState.md +++ b/clients/java/docs/SetupState.md @@ -8,6 +8,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **state** | [**StateEnum**](#StateEnum) | | [optional] +**oidcEnabled** | **Boolean** | | [optional] diff --git a/clients/java/docs/StagingApi.md b/clients/java/docs/StagingApi.md index a045d850838..5b50c925386 100644 --- a/clients/java/docs/StagingApi.md +++ b/clients/java/docs/StagingApi.md @@ -44,6 +44,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + StagingApi apiInstance = new StagingApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -76,7 +82,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -129,6 +135,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + StagingApi apiInstance = new StagingApi(defaultClient); String repository = "repository_example"; // String | String branch = "branch_example"; // String | @@ -163,7 +175,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/docs/TagsApi.md b/clients/java/docs/TagsApi.md index 867a9c41a7c..b686430fb10 100644 --- a/clients/java/docs/TagsApi.md +++ b/clients/java/docs/TagsApi.md @@ -46,6 +46,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + TagsApi apiInstance = new TagsApi(defaultClient); String repository = "repository_example"; // String | TagCreation tagCreation = new TagCreation(); // TagCreation | @@ -76,7 +82,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -129,6 +135,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + TagsApi apiInstance = new TagsApi(defaultClient); String repository = "repository_example"; // String | String tag = "tag_example"; // String | @@ -158,7 +170,7 @@ null (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -209,6 +221,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + TagsApi apiInstance = new TagsApi(defaultClient); String repository = "repository_example"; // String | String tag = "tag_example"; // String | @@ -239,7 +257,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -290,6 +308,12 @@ public class Example { HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); jwt_token.setBearerToken("BEARER TOKEN"); + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + TagsApi apiInstance = new TagsApi(defaultClient); String repository = "repository_example"; // String | String prefix = "prefix_example"; // String | return items prefixed with this value @@ -324,7 +348,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/java/src/main/java/io/lakefs/clients/api/ActionsApi.java b/clients/java/src/main/java/io/lakefs/clients/api/ActionsApi.java index e3d36180ea9..1b8e5fe22e1 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/ActionsApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/ActionsApi.java @@ -102,7 +102,7 @@ public okhttp3.Call getRunCall(String repository, String runId, final ApiCallbac final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -238,7 +238,7 @@ public okhttp3.Call getRunHookOutputCall(String repository, String runId, String final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -398,7 +398,7 @@ public okhttp3.Call listRepositoryRunsCall(String repository, String after, Inte final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -546,7 +546,7 @@ public okhttp3.Call listRunHooksCall(String repository, String runId, String aft final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/ApiClient.java b/clients/java/src/main/java/io/lakefs/clients/api/ApiClient.java index a714816ae8a..70bbc95db4d 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/ApiClient.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/ApiClient.java @@ -89,6 +89,7 @@ public ApiClient() { authentications.put("basic_auth", new HttpBasicAuth()); authentications.put("cookie_auth", new ApiKeyAuth("cookie", "access_token")); authentications.put("jwt_token", new HttpBearerAuth("bearer")); + authentications.put("oidc_auth", new ApiKeyAuth("cookie", "auth_session")); // Prevent the authentications from being modified. authentications = Collections.unmodifiableMap(authentications); } @@ -105,6 +106,7 @@ public ApiClient(OkHttpClient client) { authentications.put("basic_auth", new HttpBasicAuth()); authentications.put("cookie_auth", new ApiKeyAuth("cookie", "access_token")); authentications.put("jwt_token", new HttpBearerAuth("bearer")); + authentications.put("oidc_auth", new ApiKeyAuth("cookie", "auth_session")); // Prevent the authentications from being modified. authentications = Collections.unmodifiableMap(authentications); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/AuthApi.java b/clients/java/src/main/java/io/lakefs/clients/api/AuthApi.java index 06ef94ea870..97dab874e3c 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/AuthApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/AuthApi.java @@ -115,7 +115,7 @@ public okhttp3.Call addGroupMembershipCall(String groupId, String userId, final final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -245,7 +245,7 @@ public okhttp3.Call attachPolicyToGroupCall(String groupId, String policyId, fin final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -375,7 +375,7 @@ public okhttp3.Call attachPolicyToUserCall(String userId, String policyId, final final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -503,7 +503,7 @@ public okhttp3.Call createCredentialsCall(String userId, final ApiCallback _call final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -626,7 +626,7 @@ public okhttp3.Call createGroupCall(GroupCreation groupCreation, final ApiCallba final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -744,7 +744,7 @@ public okhttp3.Call createPolicyCall(Policy policy, final ApiCallback _callback) final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -867,7 +867,7 @@ public okhttp3.Call createUserCall(UserCreation userCreation, final ApiCallback final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -988,7 +988,7 @@ public okhttp3.Call deleteCredentialsCall(String userId, String accessKeyId, fin final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -1116,7 +1116,7 @@ public okhttp3.Call deleteGroupCall(String groupId, final ApiCallback _callback) final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -1238,7 +1238,7 @@ public okhttp3.Call deleteGroupMembershipCall(String groupId, String userId, fin final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -1366,7 +1366,7 @@ public okhttp3.Call deletePolicyCall(String policyId, final ApiCallback _callbac final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -1486,7 +1486,7 @@ public okhttp3.Call deleteUserCall(String userId, final ApiCallback _callback) t final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -1608,7 +1608,7 @@ public okhttp3.Call detachPolicyFromGroupCall(String groupId, String policyId, f final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -1738,7 +1738,7 @@ public okhttp3.Call detachPolicyFromUserCall(String userId, String policyId, fin final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -2089,7 +2089,7 @@ public okhttp3.Call getCredentialsCall(String userId, String accessKeyId, final final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -2216,7 +2216,7 @@ public okhttp3.Call getCurrentUserCall(final ApiCallback _callback) throws ApiEx final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -2323,7 +2323,7 @@ public okhttp3.Call getGroupCall(String groupId, final ApiCallback _callback) th final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -2447,7 +2447,7 @@ public okhttp3.Call getPolicyCall(String policyId, final ApiCallback _callback) final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -2571,7 +2571,7 @@ public okhttp3.Call getUserCall(String userId, final ApiCallback _callback) thro final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -2709,7 +2709,7 @@ public okhttp3.Call listGroupMembersCall(String groupId, String prefix, String a final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -2854,7 +2854,7 @@ public okhttp3.Call listGroupPoliciesCall(String groupId, String prefix, String final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -2999,7 +2999,7 @@ public okhttp3.Call listGroupsCall(String prefix, String after, Integer amount, final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -3133,7 +3133,7 @@ public okhttp3.Call listPoliciesCall(String prefix, String after, Integer amount final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -3270,7 +3270,7 @@ public okhttp3.Call listUserCredentialsCall(String userId, String prefix, String final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -3418,7 +3418,7 @@ public okhttp3.Call listUserGroupsCall(String userId, String prefix, String afte final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -3571,7 +3571,7 @@ public okhttp3.Call listUserPoliciesCall(String userId, String prefix, String af final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -3719,7 +3719,7 @@ public okhttp3.Call listUsersCall(String prefix, String after, Integer amount, f final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -4019,6 +4019,116 @@ public okhttp3.Call logoutAsync(final ApiCallback _callback) throws ApiExc localVarApiClient.executeAsync(localVarCall, _callback); return localVarCall; } + /** + * Build call for oauthCallback + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + +
Status Code Description Response Headers
302 successfully got token -
401 failed to exchange authorization code for token -
0 Internal Server Error -
+ */ + public okhttp3.Call oauthCallbackCall(final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/oidc/callback"; + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { }; + return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call oauthCallbackValidateBeforeCall(final ApiCallback _callback) throws ApiException { + + + okhttp3.Call localVarCall = oauthCallbackCall(_callback); + return localVarCall; + + } + + /** + * + * + * @return Error + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + +
Status Code Description Response Headers
302 successfully got token -
401 failed to exchange authorization code for token -
0 Internal Server Error -
+ */ + public Error oauthCallback() throws ApiException { + ApiResponse localVarResp = oauthCallbackWithHttpInfo(); + return localVarResp.getData(); + } + + /** + * + * + * @return ApiResponse<Error> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + +
Status Code Description Response Headers
302 successfully got token -
401 failed to exchange authorization code for token -
0 Internal Server Error -
+ */ + public ApiResponse oauthCallbackWithHttpInfo() throws ApiException { + okhttp3.Call localVarCall = oauthCallbackValidateBeforeCall(null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + /** + * (asynchronously) + * + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + +
Status Code Description Response Headers
302 successfully got token -
401 failed to exchange authorization code for token -
0 Internal Server Error -
+ */ + public okhttp3.Call oauthCallbackAsync(final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = oauthCallbackValidateBeforeCall(_callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } /** * Build call for updatePassword * @param updatePasswordByToken (required) @@ -4177,7 +4287,7 @@ public okhttp3.Call updatePolicyCall(String policyId, Policy policy, final ApiCa final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/BranchesApi.java b/clients/java/src/main/java/io/lakefs/clients/api/BranchesApi.java index db6ff3cea53..aee2533a1bc 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/BranchesApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/BranchesApi.java @@ -105,7 +105,7 @@ public okhttp3.Call createBranchCall(String repository, BranchCreation branchCre final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -245,7 +245,7 @@ public okhttp3.Call deleteBranchCall(String repository, String branch, final Api final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -395,7 +395,7 @@ public okhttp3.Call diffBranchCall(String repository, String branch, String afte final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -541,7 +541,7 @@ public okhttp3.Call getBranchCall(String repository, String branch, final ApiCal final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -688,7 +688,7 @@ public okhttp3.Call listBranchesCall(String repository, String prefix, String af final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -824,7 +824,7 @@ public okhttp3.Call resetBranchCall(String repository, String branch, ResetCreat final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -963,7 +963,7 @@ public okhttp3.Call revertBranchCall(String repository, String branch, RevertCre final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/CommitsApi.java b/clients/java/src/main/java/io/lakefs/clients/api/CommitsApi.java index dbcfc506691..6a2d152686f 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/CommitsApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/CommitsApi.java @@ -109,7 +109,7 @@ public okhttp3.Call commitCall(String repository, String branch, CommitCreation final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -260,7 +260,7 @@ public okhttp3.Call getCommitCall(String repository, String commitId, final ApiC final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -406,7 +406,7 @@ public okhttp3.Call logBranchCommitsCall(String repository, String branch, Strin final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/ConfigApi.java b/clients/java/src/main/java/io/lakefs/clients/api/ConfigApi.java index fd62df48622..6d279191db8 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/ConfigApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/ConfigApi.java @@ -97,7 +97,7 @@ public okhttp3.Call getLakeFSVersionCall(final ApiCallback _callback) throws Api final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -309,7 +309,7 @@ public okhttp3.Call getStorageConfigCall(final ApiCallback _callback) throws Api final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/ImportApi.java b/clients/java/src/main/java/io/lakefs/clients/api/ImportApi.java index dd7000602f6..05251b5ea0b 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/ImportApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/ImportApi.java @@ -102,7 +102,7 @@ public okhttp3.Call createMetaRangeCall(String repository, MetaRangeCreation met final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -239,7 +239,7 @@ public okhttp3.Call ingestRangeCall(String repository, StageRangeCreation stageR final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/MetadataApi.java b/clients/java/src/main/java/io/lakefs/clients/api/MetadataApi.java index 05ffa823091..1ec8c6e4956 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/MetadataApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/MetadataApi.java @@ -104,7 +104,7 @@ public okhttp3.Call createSymlinkFileCall(String repository, String branch, Stri final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -241,7 +241,7 @@ public okhttp3.Call getMetaRangeCall(String repository, String metaRange, final final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -375,7 +375,7 @@ public okhttp3.Call getRangeCall(String repository, String range, final ApiCallb final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/ObjectsApi.java b/clients/java/src/main/java/io/lakefs/clients/api/ObjectsApi.java index d6f0b5954cd..1f201230f87 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/ObjectsApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/ObjectsApi.java @@ -110,7 +110,7 @@ public okhttp3.Call deleteObjectCall(String repository, String branch, String pa final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -250,7 +250,7 @@ public okhttp3.Call deleteObjectsCall(String repository, String branch, PathList final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -401,7 +401,7 @@ public okhttp3.Call getObjectCall(String repository, String ref, String path, fi final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -551,7 +551,7 @@ public okhttp3.Call getUnderlyingPropertiesCall(String repository, String ref, S final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -718,7 +718,7 @@ public okhttp3.Call listObjectsCall(String repository, String ref, Boolean userM final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -874,7 +874,7 @@ public okhttp3.Call stageObjectCall(String repository, String branch, String pat final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -1038,7 +1038,7 @@ public okhttp3.Call statObjectCall(String repository, String ref, String path, B final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -1208,7 +1208,7 @@ public okhttp3.Call uploadObjectCall(String repository, String branch, String pa final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/RefsApi.java b/clients/java/src/main/java/io/lakefs/clients/api/RefsApi.java index eb0f4e1be83..dcb25f51fd4 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/RefsApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/RefsApi.java @@ -135,7 +135,7 @@ public okhttp3.Call diffRefsCall(String repository, String leftRef, String right final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -294,7 +294,7 @@ public okhttp3.Call dumpRefsCall(String repository, final ApiCallback _callback) final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -443,7 +443,7 @@ public okhttp3.Call logCommitsCall(String repository, String ref, String after, final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -595,7 +595,7 @@ public okhttp3.Call mergeIntoBranchCall(String repository, String sourceRef, Str final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -749,7 +749,7 @@ public okhttp3.Call restoreRefsCall(String repository, RefsDump refsDump, final final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/RepositoriesApi.java b/clients/java/src/main/java/io/lakefs/clients/api/RepositoriesApi.java index dd72b66bbaa..509a8fa4974 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/RepositoriesApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/RepositoriesApi.java @@ -102,7 +102,7 @@ public okhttp3.Call createBranchProtectionRuleCall(String repository, BranchProt final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -235,7 +235,7 @@ public okhttp3.Call createRepositoryCall(RepositoryCreation repositoryCreation, final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -366,7 +366,7 @@ public okhttp3.Call deleteBranchProtectionRuleCall(String repository, InlineObje final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -494,7 +494,7 @@ public okhttp3.Call deleteRepositoryCall(String repository, final ApiCallback _c final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -614,7 +614,7 @@ public okhttp3.Call getBranchProtectionRulesCall(String repository, final ApiCal final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -738,7 +738,7 @@ public okhttp3.Call getRepositoryCall(String repository, final ApiCallback _call final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -874,7 +874,7 @@ public okhttp3.Call listRepositoriesCall(String prefix, String after, Integer am final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/RetentionApi.java b/clients/java/src/main/java/io/lakefs/clients/api/RetentionApi.java index ddd86ad5de4..487da8fdfd3 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/RetentionApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/RetentionApi.java @@ -99,7 +99,7 @@ public okhttp3.Call getGarbageCollectionRulesCall(String repository, final ApiCa final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -224,7 +224,7 @@ public okhttp3.Call prepareGarbageCollectionCommitsCall(String repository, Garba final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -352,7 +352,7 @@ public okhttp3.Call setGarbageCollectionRulesCall(String repository, GarbageColl final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/StagingApi.java b/clients/java/src/main/java/io/lakefs/clients/api/StagingApi.java index eeaa1338804..e13feeaeec4 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/StagingApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/StagingApi.java @@ -106,7 +106,7 @@ public okhttp3.Call getPhysicalAddressCall(String repository, String branch, Str final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -256,7 +256,7 @@ public okhttp3.Call linkPhysicalAddressCall(String repository, String branch, St final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/TagsApi.java b/clients/java/src/main/java/io/lakefs/clients/api/TagsApi.java index f474e54c30d..5d9fd5059a8 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/TagsApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/TagsApi.java @@ -102,7 +102,7 @@ public okhttp3.Call createTagCall(String repository, TagCreation tagCreation, fi final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -242,7 +242,7 @@ public okhttp3.Call deleteTagCall(String repository, String tag, final ApiCallba final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -372,7 +372,7 @@ public okhttp3.Call getTagCall(String repository, String tag, final ApiCallback final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } @@ -519,7 +519,7 @@ public okhttp3.Call listTagsCall(String repository, String prefix, String after, final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); localVarHeaderParams.put("Content-Type", localVarContentType); - String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token" }; + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth" }; return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); } diff --git a/clients/java/src/main/java/io/lakefs/clients/api/model/SetupState.java b/clients/java/src/main/java/io/lakefs/clients/api/model/SetupState.java index d399312d149..dc52d6895cd 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/model/SetupState.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/model/SetupState.java @@ -80,6 +80,10 @@ public StateEnum read(final JsonReader jsonReader) throws IOException { @SerializedName(SERIALIZED_NAME_STATE) private StateEnum state; + public static final String SERIALIZED_NAME_OIDC_ENABLED = "oidc_enabled"; + @SerializedName(SERIALIZED_NAME_OIDC_ENABLED) + private Boolean oidcEnabled; + public SetupState state(StateEnum state) { @@ -104,6 +108,29 @@ public void setState(StateEnum state) { } + public SetupState oidcEnabled(Boolean oidcEnabled) { + + this.oidcEnabled = oidcEnabled; + return this; + } + + /** + * Get oidcEnabled + * @return oidcEnabled + **/ + @javax.annotation.Nullable + @ApiModelProperty(value = "") + + public Boolean getOidcEnabled() { + return oidcEnabled; + } + + + public void setOidcEnabled(Boolean oidcEnabled) { + this.oidcEnabled = oidcEnabled; + } + + @Override public boolean equals(Object o) { if (this == o) { @@ -113,12 +140,13 @@ public boolean equals(Object o) { return false; } SetupState setupState = (SetupState) o; - return Objects.equals(this.state, setupState.state); + return Objects.equals(this.state, setupState.state) && + Objects.equals(this.oidcEnabled, setupState.oidcEnabled); } @Override public int hashCode() { - return Objects.hash(state); + return Objects.hash(state, oidcEnabled); } @Override @@ -126,6 +154,7 @@ public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class SetupState {\n"); sb.append(" state: ").append(toIndentedString(state)).append("\n"); + sb.append(" oidcEnabled: ").append(toIndentedString(oidcEnabled)).append("\n"); sb.append("}"); return sb.toString(); } diff --git a/clients/java/src/test/java/io/lakefs/clients/api/AuthApiTest.java b/clients/java/src/test/java/io/lakefs/clients/api/AuthApiTest.java index 2da44958dbc..74e51aa6b45 100644 --- a/clients/java/src/test/java/io/lakefs/clients/api/AuthApiTest.java +++ b/clients/java/src/test/java/io/lakefs/clients/api/AuthApiTest.java @@ -541,6 +541,20 @@ public void logoutTest() throws ApiException { // TODO: test validations } + /** + * + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void oauthCallbackTest() throws ApiException { + Error response = api.oauthCallback(); + // TODO: test validations + } + /** * Update user password by reset_password token * diff --git a/clients/java/src/test/java/io/lakefs/clients/api/model/SetupStateTest.java b/clients/java/src/test/java/io/lakefs/clients/api/model/SetupStateTest.java index 60919f59255..07786f24ec5 100644 --- a/clients/java/src/test/java/io/lakefs/clients/api/model/SetupStateTest.java +++ b/clients/java/src/test/java/io/lakefs/clients/api/model/SetupStateTest.java @@ -48,4 +48,12 @@ public void stateTest() { // TODO: test state } + /** + * Test the property 'oidcEnabled' + */ + @Test + public void oidcEnabledTest() { + // TODO: test oidcEnabled + } + } diff --git a/clients/python/README.md b/clients/python/README.md index a2d8c32f66d..f0102a440c1 100644 --- a/clients/python/README.md +++ b/clients/python/README.md @@ -82,6 +82,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: @@ -139,6 +145,7 @@ Class | Method | HTTP request | Description *AuthApi* | [**list_users**](docs/AuthApi.md#list_users) | **GET** /auth/users | list users *AuthApi* | [**login**](docs/AuthApi.md#login) | **POST** /auth/login | perform a login *AuthApi* | [**logout**](docs/AuthApi.md#logout) | **POST** /auth/logout | logs out a cookie-authenticated user +*AuthApi* | [**oauth_callback**](docs/AuthApi.md#oauth_callback) | **GET** /oidc/callback | *AuthApi* | [**update_password**](docs/AuthApi.md#update_password) | **POST** /auth/password | Update user password by reset_password token *AuthApi* | [**update_policy**](docs/AuthApi.md#update_policy) | **PUT** /auth/policies/{policyId} | update policy *BranchesApi* | [**create_branch**](docs/BranchesApi.md#create_branch) | **POST** /repositories/{repository}/branches | create branch @@ -286,6 +293,13 @@ Class | Method | HTTP request | Description - **Type**: Bearer authentication (JWT) +## oidc_auth + +- **Type**: API key +- **API key parameter name**: auth_session +- **Location**: + + ## Author services@treeverse.io diff --git a/clients/python/docs/ActionsApi.md b/clients/python/docs/ActionsApi.md index 883b78f5028..47db5f8e9be 100644 --- a/clients/python/docs/ActionsApi.md +++ b/clients/python/docs/ActionsApi.md @@ -20,6 +20,7 @@ get a run * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -56,6 +57,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -86,7 +93,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -115,6 +122,7 @@ get run hook output * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -150,6 +158,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -182,7 +196,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -211,6 +225,7 @@ list runs * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -247,6 +262,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -292,7 +313,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -321,6 +342,7 @@ list run hooks * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -357,6 +379,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -400,7 +428,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/AuthApi.md b/clients/python/docs/AuthApi.md index e322b675485..b8b8dc62008 100644 --- a/clients/python/docs/AuthApi.md +++ b/clients/python/docs/AuthApi.md @@ -35,6 +35,7 @@ Method | HTTP request | Description [**list_users**](AuthApi.md#list_users) | **GET** /auth/users | list users [**login**](AuthApi.md#login) | **POST** /auth/login | perform a login [**logout**](AuthApi.md#logout) | **POST** /auth/logout | logs out a cookie-authenticated user +[**oauth_callback**](AuthApi.md#oauth_callback) | **GET** /oidc/callback | [**update_password**](AuthApi.md#update_password) | **POST** /auth/password | Update user password by reset_password token [**update_policy**](AuthApi.md#update_policy) | **PUT** /auth/policies/{policyId} | update policy @@ -49,6 +50,7 @@ add group membership * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -84,6 +86,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -113,7 +121,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -142,6 +150,7 @@ attach policy to group * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -177,6 +186,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -206,7 +221,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -235,6 +250,7 @@ attach policy to user * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -270,6 +286,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -299,7 +321,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -328,6 +350,7 @@ create credentials * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -364,6 +387,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -392,7 +421,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -421,6 +450,7 @@ create group * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -458,6 +488,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -489,7 +525,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -518,6 +554,7 @@ create policy * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -554,6 +591,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -594,7 +637,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -623,6 +666,7 @@ create user * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -660,6 +704,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -692,7 +742,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -721,6 +771,7 @@ delete credentials * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -756,6 +807,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -785,7 +842,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -814,6 +871,7 @@ delete group * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -849,6 +907,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -876,7 +940,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -905,6 +969,7 @@ delete group membership * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -940,6 +1005,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -969,7 +1040,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -998,6 +1069,7 @@ delete policy * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1033,6 +1105,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -1060,7 +1138,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1089,6 +1167,7 @@ delete user * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1124,6 +1203,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -1151,7 +1236,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1180,6 +1265,7 @@ detach policy from group * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1215,6 +1301,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -1244,7 +1336,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1273,6 +1365,7 @@ detach policy from user * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1308,6 +1401,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -1337,7 +1436,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1498,6 +1597,7 @@ get credentials * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1534,6 +1634,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -1564,7 +1670,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1593,6 +1699,7 @@ get current user * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1628,6 +1735,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -1652,7 +1765,7 @@ This endpoint does not need any parameter. ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1678,6 +1791,7 @@ get group * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1714,6 +1828,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -1742,7 +1862,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1771,6 +1891,7 @@ get policy * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1807,6 +1928,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -1835,7 +1962,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1864,6 +1991,7 @@ get user * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1900,6 +2028,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -1928,7 +2062,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -1957,6 +2091,7 @@ list group members * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -1993,6 +2128,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -2036,7 +2177,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2064,6 +2205,7 @@ list group policies * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -2100,6 +2242,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -2143,7 +2291,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2172,6 +2320,7 @@ list groups * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -2208,6 +2357,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -2241,7 +2396,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2269,6 +2424,7 @@ list policies * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -2305,6 +2461,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -2338,7 +2500,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2366,6 +2528,7 @@ list user credentials * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -2402,6 +2565,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -2445,7 +2614,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2474,6 +2643,7 @@ list user groups * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -2510,6 +2680,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -2553,7 +2729,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2582,6 +2758,7 @@ list user policies * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -2618,6 +2795,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -2663,7 +2846,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2692,6 +2875,7 @@ list users * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -2728,6 +2912,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -2761,7 +2951,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -2925,6 +3115,68 @@ void (empty response body) [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **oauth_callback** +> Error oauth_callback() + + + +### Example + + +```python +import time +import lakefs_client +from lakefs_client.api import auth_api +from lakefs_client.model.error import Error +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient() as api_client: + # Create an instance of the API class + api_instance = auth_api.AuthApi(api_client) + + # example, this endpoint has no required or optional parameters + try: + api_response = api_instance.oauth_callback() + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling AuthApi->oauth_callback: %s\n" % e) +``` + + +### Parameters +This endpoint does not need any parameter. + +### Return type + +[**Error**](Error.md) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**302** | successfully got token | - | +**401** | failed to exchange authorization code for token | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **update_password** > update_password(update_password_by_token) @@ -3017,6 +3269,7 @@ update policy * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -3053,6 +3306,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -3095,7 +3354,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/BranchesApi.md b/clients/python/docs/BranchesApi.md index 238bbdc270b..8a138b0c426 100644 --- a/clients/python/docs/BranchesApi.md +++ b/clients/python/docs/BranchesApi.md @@ -23,6 +23,7 @@ create branch * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -59,6 +60,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -92,7 +99,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -123,6 +130,7 @@ delete branch * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -158,6 +166,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -187,7 +201,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -216,6 +230,7 @@ diff branch * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -252,6 +267,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -299,7 +320,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -328,6 +349,7 @@ get branch * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -364,6 +386,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -394,7 +422,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -423,6 +451,7 @@ list branches * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -459,6 +488,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -502,7 +537,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -531,6 +566,7 @@ reset branch * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -567,6 +603,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -601,7 +643,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -630,6 +672,7 @@ revert * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -666,6 +709,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -700,7 +749,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/CommitsApi.md b/clients/python/docs/CommitsApi.md index 2326c82cec5..288e5f70dd9 100644 --- a/clients/python/docs/CommitsApi.md +++ b/clients/python/docs/CommitsApi.md @@ -19,6 +19,7 @@ create commit * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -56,6 +57,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -105,7 +112,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -136,6 +143,7 @@ get commit * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -172,6 +180,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -202,7 +216,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -231,6 +245,7 @@ get commit log from branch. Deprecated: replaced by logCommits by passing branch * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -267,6 +282,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -310,7 +331,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/ConfigApi.md b/clients/python/docs/ConfigApi.md index ebe0000db8d..99d47e1f051 100644 --- a/clients/python/docs/ConfigApi.md +++ b/clients/python/docs/ConfigApi.md @@ -22,6 +22,7 @@ get version of lakeFS server * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -58,6 +59,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -81,7 +88,7 @@ This endpoint does not need any parameter. ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -173,6 +180,7 @@ retrieve lakeFS storage configuration * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -209,6 +217,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -232,7 +246,7 @@ This endpoint does not need any parameter. ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/ImportApi.md b/clients/python/docs/ImportApi.md index 006c79534b9..828aa15c78b 100644 --- a/clients/python/docs/ImportApi.md +++ b/clients/python/docs/ImportApi.md @@ -18,6 +18,7 @@ create a lakeFS metarange file from the given ranges * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -55,6 +56,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -95,7 +102,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -125,6 +132,7 @@ create a lakeFS range file from the source uri * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -162,6 +170,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -197,7 +211,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/MetadataApi.md b/clients/python/docs/MetadataApi.md index 63ff5c21e92..2560b4b8575 100644 --- a/clients/python/docs/MetadataApi.md +++ b/clients/python/docs/MetadataApi.md @@ -19,6 +19,7 @@ creates symlink files corresponding to the given directory * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -55,6 +56,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -96,7 +103,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -125,6 +132,7 @@ return URI to a meta-range file * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -161,6 +169,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -191,7 +205,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -220,6 +234,7 @@ return URI to a range file * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -256,6 +271,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -286,7 +307,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/ObjectsApi.md b/clients/python/docs/ObjectsApi.md index 8aae8200660..265f2c8ecf2 100644 --- a/clients/python/docs/ObjectsApi.md +++ b/clients/python/docs/ObjectsApi.md @@ -24,6 +24,7 @@ delete object * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -59,6 +60,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -90,7 +97,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -119,6 +126,7 @@ delete objects * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -156,6 +164,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -192,7 +206,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -222,6 +236,7 @@ get object content * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -257,6 +272,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -289,7 +310,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -319,6 +340,7 @@ get object properties on underlying storage * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -355,6 +377,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -387,7 +415,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -416,6 +444,7 @@ list objects under a given prefix * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -452,6 +481,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -501,7 +536,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -530,6 +565,7 @@ stage an object's metadata for the given branch * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -567,6 +603,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -610,7 +652,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -640,6 +682,7 @@ get object metadata * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -676,6 +719,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -719,7 +768,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -749,6 +798,7 @@ Name | Type | Description | Notes * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -785,6 +835,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -830,7 +886,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/RefsApi.md b/clients/python/docs/RefsApi.md index f5b84dcffdc..41096312dae 100644 --- a/clients/python/docs/RefsApi.md +++ b/clients/python/docs/RefsApi.md @@ -21,6 +21,7 @@ diff references * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -57,6 +58,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -110,7 +117,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -139,6 +146,7 @@ Dump repository refs (tags, commits, branches) to object store * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -175,6 +183,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -203,7 +217,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -233,6 +247,7 @@ get commit log from ref. If both objects and prefixes are empty, return all comm * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -269,6 +284,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -320,7 +341,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -349,6 +370,7 @@ merge references * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -386,6 +408,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -435,7 +463,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -467,6 +495,7 @@ Restore repository refs (tags, commits, branches) from object store * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -503,6 +532,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -536,7 +571,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/RepositoriesApi.md b/clients/python/docs/RepositoriesApi.md index 20289f56121..51fd2f3bdef 100644 --- a/clients/python/docs/RepositoriesApi.md +++ b/clients/python/docs/RepositoriesApi.md @@ -23,6 +23,7 @@ Method | HTTP request | Description * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -59,6 +60,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -89,7 +96,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -118,6 +125,7 @@ create repository * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -155,6 +163,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -198,7 +212,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -228,6 +242,7 @@ Name | Type | Description | Notes * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -264,6 +279,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -294,7 +315,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -323,6 +344,7 @@ delete repository * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -358,6 +380,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -385,7 +413,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -414,6 +442,7 @@ get branch protection rules * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -450,6 +479,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -478,7 +513,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -507,6 +542,7 @@ get repository * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -543,6 +579,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -571,7 +613,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -600,6 +642,7 @@ list repositories * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -636,6 +679,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -669,7 +718,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/RetentionApi.md b/clients/python/docs/RetentionApi.md index 59a0de59aa0..3d17cd48324 100644 --- a/clients/python/docs/RetentionApi.md +++ b/clients/python/docs/RetentionApi.md @@ -19,6 +19,7 @@ Method | HTTP request | Description * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -55,6 +56,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -82,7 +89,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -111,6 +118,7 @@ save lists of active and expired commits for garbage collection * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -148,6 +156,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -189,7 +203,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -218,6 +232,7 @@ Name | Type | Description | Notes * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -254,6 +269,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -290,7 +311,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/SetupState.md b/clients/python/docs/SetupState.md index 1509832cebe..98bc9c4096a 100644 --- a/clients/python/docs/SetupState.md +++ b/clients/python/docs/SetupState.md @@ -5,6 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **state** | **str** | | [optional] +**oidc_enabled** | **bool** | | [optional] **any string name** | **bool, date, datetime, dict, float, int, list, str, none_type** | any string name can be used but the value must be the correct type | [optional] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/clients/python/docs/StagingApi.md b/clients/python/docs/StagingApi.md index fd365532607..6bd45dc1759 100644 --- a/clients/python/docs/StagingApi.md +++ b/clients/python/docs/StagingApi.md @@ -18,6 +18,7 @@ get a physical address and a return token to write object to underlying storage * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -54,6 +55,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -86,7 +93,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -117,6 +124,7 @@ If the supplied token matches the current staging token, associate the object as * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -155,6 +163,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -200,7 +214,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/docs/TagsApi.md b/clients/python/docs/TagsApi.md index 92d63eeb0b4..aa7d67a828d 100644 --- a/clients/python/docs/TagsApi.md +++ b/clients/python/docs/TagsApi.md @@ -20,6 +20,7 @@ create tag * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -57,6 +58,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -90,7 +97,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -121,6 +128,7 @@ delete tag * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -156,6 +164,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -185,7 +199,7 @@ void (empty response body) ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -214,6 +228,7 @@ get tag * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -250,6 +265,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -280,7 +301,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers @@ -309,6 +330,7 @@ list tags * Basic Authentication (basic_auth): * Api Key Authentication (cookie_auth): * Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): ```python import time @@ -345,6 +367,12 @@ configuration = lakefs_client.Configuration( access_token = 'YOUR_BEARER_TOKEN' ) +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + # Enter a context with an instance of the API client with lakefs_client.ApiClient(configuration) as api_client: # Create an instance of the API class @@ -388,7 +416,7 @@ Name | Type | Description | Notes ### Authorization -[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token) +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth) ### HTTP request headers diff --git a/clients/python/lakefs_client/api/actions_api.py b/clients/python/lakefs_client/api/actions_api.py index 76579afc802..2c5615af733 100644 --- a/clients/python/lakefs_client/api/actions_api.py +++ b/clients/python/lakefs_client/api/actions_api.py @@ -45,7 +45,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/actions/runs/{run_id}', 'operation_id': 'get_run', @@ -104,7 +105,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/actions/runs/{run_id}/hooks/{hook_run_id}/output', 'operation_id': 'get_run_hook_output', @@ -170,7 +172,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/actions/runs', 'operation_id': 'list_repository_runs', @@ -249,7 +252,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/actions/runs/{run_id}/hooks', 'operation_id': 'list_run_hooks', diff --git a/clients/python/lakefs_client/api/auth_api.py b/clients/python/lakefs_client/api/auth_api.py index 4d6266da601..31a82938fa0 100644 --- a/clients/python/lakefs_client/api/auth_api.py +++ b/clients/python/lakefs_client/api/auth_api.py @@ -59,7 +59,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups/{groupId}/members/{userId}', 'operation_id': 'add_group_membership', @@ -118,7 +119,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups/{groupId}/policies/{policyId}', 'operation_id': 'attach_policy_to_group', @@ -177,7 +179,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}/policies/{policyId}', 'operation_id': 'attach_policy_to_user', @@ -236,7 +239,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}/credentials', 'operation_id': 'create_credentials', @@ -289,7 +293,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups', 'operation_id': 'create_group', @@ -341,7 +346,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/policies', 'operation_id': 'create_policy', @@ -395,7 +401,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users', 'operation_id': 'create_user', @@ -447,7 +454,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}/credentials/{accessKeyId}', 'operation_id': 'delete_credentials', @@ -506,7 +514,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups/{groupId}', 'operation_id': 'delete_group', @@ -559,7 +568,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups/{groupId}/members/{userId}', 'operation_id': 'delete_group_membership', @@ -618,7 +628,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/policies/{policyId}', 'operation_id': 'delete_policy', @@ -671,7 +682,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}', 'operation_id': 'delete_user', @@ -724,7 +736,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups/{groupId}/policies/{policyId}', 'operation_id': 'detach_policy_from_group', @@ -783,7 +796,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}/policies/{policyId}', 'operation_id': 'detach_policy_from_user', @@ -934,7 +948,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}/credentials/{accessKeyId}', 'operation_id': 'get_credentials', @@ -993,7 +1008,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/user', 'operation_id': 'get_current_user', @@ -1039,7 +1055,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups/{groupId}', 'operation_id': 'get_group', @@ -1092,7 +1109,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/policies/{policyId}', 'operation_id': 'get_policy', @@ -1145,7 +1163,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}', 'operation_id': 'get_user', @@ -1198,7 +1217,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups/{groupId}/members', 'operation_id': 'list_group_members', @@ -1272,7 +1292,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups/{groupId}/policies', 'operation_id': 'list_group_policies', @@ -1346,7 +1367,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/groups', 'operation_id': 'list_groups', @@ -1413,7 +1435,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/policies', 'operation_id': 'list_policies', @@ -1480,7 +1503,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}/credentials', 'operation_id': 'list_user_credentials', @@ -1554,7 +1578,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}/groups', 'operation_id': 'list_user_groups', @@ -1628,7 +1653,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users/{userId}/policies', 'operation_id': 'list_user_policies', @@ -1707,7 +1733,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/users', 'operation_id': 'list_users', @@ -1860,6 +1887,48 @@ def __init__(self, api_client=None): }, api_client=api_client ) + self.oauth_callback_endpoint = _Endpoint( + settings={ + 'response_type': (Error,), + 'auth': [], + 'endpoint_path': '/oidc/callback', + 'operation_id': 'oauth_callback', + 'http_method': 'GET', + 'servers': None, + }, + params_map={ + 'all': [ + ], + 'required': [], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + }, + 'attribute_map': { + }, + 'location_map': { + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) self.update_password_endpoint = _Endpoint( settings={ 'response_type': None, @@ -1918,7 +1987,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/auth/policies/{policyId}', 'operation_id': 'update_policy', @@ -4003,6 +4073,66 @@ def logout( kwargs['_host_index'] = kwargs.get('_host_index') return self.logout_endpoint.call_with_http_info(**kwargs) + def oauth_callback( + self, + **kwargs + ): + """oauth_callback # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.oauth_callback(async_req=True) + >>> result = thread.get() + + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + Error + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + return self.oauth_callback_endpoint.call_with_http_info(**kwargs) + def update_password( self, update_password_by_token, diff --git a/clients/python/lakefs_client/api/branches_api.py b/clients/python/lakefs_client/api/branches_api.py index edd977ffd6b..654bd85f13b 100644 --- a/clients/python/lakefs_client/api/branches_api.py +++ b/clients/python/lakefs_client/api/branches_api.py @@ -48,7 +48,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches', 'operation_id': 'create_branch', @@ -109,7 +110,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}', 'operation_id': 'delete_branch', @@ -168,7 +170,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/diff', 'operation_id': 'diff_branch', @@ -253,7 +256,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}', 'operation_id': 'get_branch', @@ -312,7 +316,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches', 'operation_id': 'list_branches', @@ -386,7 +391,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}', 'operation_id': 'reset_branch', @@ -452,7 +458,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/revert', 'operation_id': 'revert_branch', diff --git a/clients/python/lakefs_client/api/commits_api.py b/clients/python/lakefs_client/api/commits_api.py index 3cfe1ede1b7..81d34bf0cbf 100644 --- a/clients/python/lakefs_client/api/commits_api.py +++ b/clients/python/lakefs_client/api/commits_api.py @@ -45,7 +45,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/commits', 'operation_id': 'commit', @@ -116,7 +117,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/commits/{commitId}', 'operation_id': 'get_commit', @@ -175,7 +177,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/commits', 'operation_id': 'log_branch_commits', diff --git a/clients/python/lakefs_client/api/config_api.py b/clients/python/lakefs_client/api/config_api.py index 23447be34eb..145ab82cd7e 100644 --- a/clients/python/lakefs_client/api/config_api.py +++ b/clients/python/lakefs_client/api/config_api.py @@ -47,7 +47,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/config/version', 'operation_id': 'get_lake_fs_version', @@ -135,7 +136,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/config/storage', 'operation_id': 'get_storage_config', diff --git a/clients/python/lakefs_client/api/import_api.py b/clients/python/lakefs_client/api/import_api.py index c4dc10d1087..74b2aacd6eb 100644 --- a/clients/python/lakefs_client/api/import_api.py +++ b/clients/python/lakefs_client/api/import_api.py @@ -46,7 +46,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/metaranges', 'operation_id': 'create_meta_range', @@ -106,7 +107,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/ranges', 'operation_id': 'ingest_range', diff --git a/clients/python/lakefs_client/api/metadata_api.py b/clients/python/lakefs_client/api/metadata_api.py index 595df91e45a..9b574651031 100644 --- a/clients/python/lakefs_client/api/metadata_api.py +++ b/clients/python/lakefs_client/api/metadata_api.py @@ -43,7 +43,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/{branch}/symlink', 'operation_id': 'create_symlink_file', @@ -107,7 +108,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/metadata/meta_range/{meta_range}', 'operation_id': 'get_meta_range', @@ -166,7 +168,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/metadata/range/{range}', 'operation_id': 'get_range', diff --git a/clients/python/lakefs_client/api/objects_api.py b/clients/python/lakefs_client/api/objects_api.py index 53f072174b1..92a136e57eb 100644 --- a/clients/python/lakefs_client/api/objects_api.py +++ b/clients/python/lakefs_client/api/objects_api.py @@ -48,7 +48,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/objects', 'operation_id': 'delete_object', @@ -113,7 +114,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/objects/delete', 'operation_id': 'delete_objects', @@ -179,7 +181,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/{ref}/objects', 'operation_id': 'get_object', @@ -245,7 +248,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/{ref}/objects/underlyingProperties', 'operation_id': 'get_underlying_properties', @@ -310,7 +314,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/{ref}/objects/ls', 'operation_id': 'list_objects', @@ -400,7 +405,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/objects', 'operation_id': 'stage_object', @@ -472,7 +478,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/{ref}/objects/stat', 'operation_id': 'stat_object', @@ -542,7 +549,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/objects', 'operation_id': 'upload_object', diff --git a/clients/python/lakefs_client/api/refs_api.py b/clients/python/lakefs_client/api/refs_api.py index e94bcbfa788..bbd6e46f6bc 100644 --- a/clients/python/lakefs_client/api/refs_api.py +++ b/clients/python/lakefs_client/api/refs_api.py @@ -47,7 +47,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/{leftRef}/diff/{rightRef}', 'operation_id': 'diff_refs', @@ -154,7 +155,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/dump', 'operation_id': 'dump_refs', @@ -207,7 +209,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/{ref}/commits', 'operation_id': 'log_commits', @@ -294,7 +297,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/{sourceRef}/merge/{destinationBranch}', 'operation_id': 'merge_into_branch', @@ -365,7 +369,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/refs/restore', 'operation_id': 'restore_refs', diff --git a/clients/python/lakefs_client/api/repositories_api.py b/clients/python/lakefs_client/api/repositories_api.py index 86b3d98a65a..67cf7acb39a 100644 --- a/clients/python/lakefs_client/api/repositories_api.py +++ b/clients/python/lakefs_client/api/repositories_api.py @@ -47,7 +47,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branch_protection', 'operation_id': 'create_branch_protection_rule', @@ -107,7 +108,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories', 'operation_id': 'create_repository', @@ -166,7 +168,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branch_protection', 'operation_id': 'delete_branch_protection_rule', @@ -226,7 +229,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}', 'operation_id': 'delete_repository', @@ -279,7 +283,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branch_protection', 'operation_id': 'get_branch_protection_rules', @@ -332,7 +337,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}', 'operation_id': 'get_repository', @@ -385,7 +391,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories', 'operation_id': 'list_repositories', diff --git a/clients/python/lakefs_client/api/retention_api.py b/clients/python/lakefs_client/api/retention_api.py index 81e041b4f06..abf7f9fe706 100644 --- a/clients/python/lakefs_client/api/retention_api.py +++ b/clients/python/lakefs_client/api/retention_api.py @@ -45,7 +45,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/gc/rules', 'operation_id': 'get_garbage_collection_rules', @@ -98,7 +99,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/gc/prepare_commits', 'operation_id': 'prepare_garbage_collection_commits', @@ -157,7 +159,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/gc/rules', 'operation_id': 'set_garbage_collection_rules', diff --git a/clients/python/lakefs_client/api/staging_api.py b/clients/python/lakefs_client/api/staging_api.py index ff69a1ac6de..0030a6109c2 100644 --- a/clients/python/lakefs_client/api/staging_api.py +++ b/clients/python/lakefs_client/api/staging_api.py @@ -45,7 +45,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/staging/backing', 'operation_id': 'get_physical_address', @@ -110,7 +111,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/branches/{branch}/staging/backing', 'operation_id': 'link_physical_address', diff --git a/clients/python/lakefs_client/api/tags_api.py b/clients/python/lakefs_client/api/tags_api.py index f7a701f5c3a..395fa235e7d 100644 --- a/clients/python/lakefs_client/api/tags_api.py +++ b/clients/python/lakefs_client/api/tags_api.py @@ -45,7 +45,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/tags', 'operation_id': 'create_tag', @@ -105,7 +106,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/tags/{tag}', 'operation_id': 'delete_tag', @@ -164,7 +166,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/tags/{tag}', 'operation_id': 'get_tag', @@ -223,7 +226,8 @@ def __init__(self, api_client=None): 'auth': [ 'basic_auth', 'cookie_auth', - 'jwt_token' + 'jwt_token', + 'oidc_auth' ], 'endpoint_path': '/repositories/{repository}/tags', 'operation_id': 'list_tags', diff --git a/clients/python/lakefs_client/configuration.py b/clients/python/lakefs_client/configuration.py index 23217e69996..5baed58b43c 100644 --- a/clients/python/lakefs_client/configuration.py +++ b/clients/python/lakefs_client/configuration.py @@ -427,6 +427,15 @@ def auth_settings(self): 'key': 'Authorization', 'value': 'Bearer ' + self.access_token } + if 'oidc_auth' in self.api_key: + auth['oidc_auth'] = { + 'type': 'api_key', + 'in': 'cookie', + 'key': 'auth_session', + 'value': self.get_api_key_with_prefix( + 'oidc_auth', + ), + } return auth def to_debug_report(self): diff --git a/clients/python/lakefs_client/model/setup_state.py b/clients/python/lakefs_client/model/setup_state.py index c7e10a3074c..e573286bde5 100644 --- a/clients/python/lakefs_client/model/setup_state.py +++ b/clients/python/lakefs_client/model/setup_state.py @@ -87,6 +87,7 @@ def openapi_types(): """ return { 'state': (str,), # noqa: E501 + 'oidc_enabled': (bool,), # noqa: E501 } @cached_property @@ -96,6 +97,7 @@ def discriminator(): attribute_map = { 'state': 'state', # noqa: E501 + 'oidc_enabled': 'oidc_enabled', # noqa: E501 } read_only_vars = { @@ -140,6 +142,7 @@ def _from_openapi_data(cls, *args, **kwargs): # noqa: E501 through its discriminator because we passed in _visited_composed_classes = (Animal,) state (str): [optional] # noqa: E501 + oidc_enabled (bool): [optional] # noqa: E501 """ _check_type = kwargs.pop('_check_type', True) @@ -222,6 +225,7 @@ def __init__(self, *args, **kwargs): # noqa: E501 through its discriminator because we passed in _visited_composed_classes = (Animal,) state (str): [optional] # noqa: E501 + oidc_enabled (bool): [optional] # noqa: E501 """ _check_type = kwargs.pop('_check_type', True) diff --git a/clients/python/test/test_auth_api.py b/clients/python/test/test_auth_api.py index ad520a90a73..d2f8b991ce3 100644 --- a/clients/python/test/test_auth_api.py +++ b/clients/python/test/test_auth_api.py @@ -241,6 +241,12 @@ def test_logout(self): """ pass + def test_oauth_callback(self): + """Test case for oauth_callback + + """ + pass + def test_update_password(self): """Test case for update_password diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go index fee0a55036b..628dc56436b 100644 --- a/cmd/lakefs/cmd/run.go +++ b/cmd/lakefs/cmd/run.go @@ -14,6 +14,7 @@ import ( "syscall" "time" + "github.com/coreos/go-oidc" "github.com/dlmiddlecote/sqlstats" "github.com/fsnotify/fsnotify" "github.com/go-ldap/ldap/v3" @@ -40,6 +41,7 @@ import ( "github.com/treeverse/lakefs/pkg/logging" "github.com/treeverse/lakefs/pkg/stats" "github.com/treeverse/lakefs/pkg/version" + "golang.org/x/oauth2" ) const ( @@ -234,6 +236,26 @@ var runCmd = &cobra.Command{ if err != nil { logger.WithError(err).Fatal("Emailer has not been properly configured, check the values in sender field") } + oidcConfig := cfg.GetAuthOIDCConfiguration() + var oauthConfig *oauth2.Config + var oidcProvider *oidc.Provider + if oidcConfig != nil { + oidcProvider, err = oidc.NewProvider( + cmd.Context(), + "https://"+oidcConfig.Domain+"/", + ) + if err != nil { + logger.WithError(err).Fatal("Failed to initialize OIDC provider") + } + cfg.GetBlockstoreDefaultNamespacePrefix() + oauthConfig = &oauth2.Config{ + ClientID: oidcConfig.ClientID, + ClientSecret: oidcConfig.ClientSecret, + RedirectURL: oidcConfig.CallbackURL, + Endpoint: oidcProvider.Endpoint(), + Scopes: []string{oidc.ScopeOpenID, "profile"}, + } + } apiHandler := api.Serve( cfg, c, @@ -251,6 +273,8 @@ var runCmd = &cobra.Command{ emailer, cfg.GetS3GatewayDomainNames(), cfg.GetUISnippets(), + oidcProvider, + oauthConfig, ) // init gateway server diff --git a/docs/assets/js/swagger.yml b/docs/assets/js/swagger.yml index 27779bd7129..124c95ae2cc 100644 --- a/docs/assets/js/swagger.yml +++ b/docs/assets/js/swagger.yml @@ -8,12 +8,11 @@ info: servers: - url: "/api/v1" description: lakeFS server endpoint - security: - jwt_token: [] - basic_auth: [] - cookie_auth: [] - + - oidc_auth: [] components: securitySchemes: basic_auth: @@ -27,7 +26,10 @@ components: type: apiKey in: cookie name: access_token - + oidc_auth: + type: apiKey + in: cookie + name: auth_session parameters: PaginationPrefix: in: query @@ -587,6 +589,8 @@ components: state: type: string enum: [initialized, not_initialized] + oidc_enabled: + type: boolean AccessKeyCredentials: type: object properties: @@ -1147,6 +1151,19 @@ paths: schema: $ref: "#/components/schemas/CurrentUser" + /oidc/callback: + get: + tags: + - auth + operationId: oauthCallback + security: [] + responses: + 302: + description: successfully got token + 401: + description: failed to exchange authorization code for token + default: + $ref: "#/components/responses/ServerError" /auth/login: post: tags: diff --git a/go.sum b/go.sum index 23e63e1a0e1..acfc155fa1d 100644 --- a/go.sum +++ b/go.sum @@ -447,6 +447,8 @@ github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8Nz github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk= +github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= @@ -892,6 +894,10 @@ github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -1475,6 +1481,7 @@ github.com/polyfloyd/go-errorlint v1.0.0/go.mod h1:KZy4xxPJyy88/gldCe5OdW6OQRtNO github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= +github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 h1:0XM1XL/OFFJjXsYXlG30spTkV/E9+gmd5GD1w2HE8xM= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -2591,6 +2598,7 @@ gopkg.in/retry.v1 v1.0.3 h1:a9CArYczAVv6Qs6VGoLMio99GEs7kY9UzSF9+LD+iGs= gopkg.in/retry.v1 v1.0.3/go.mod h1:FJkXmWiMaAo7xB+xhvDF59zhfjDWyzmyAxiT4dB688g= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index ed84e66e9df..e39d2613cda 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -11,11 +11,11 @@ import ( "github.com/getkin/kin-openapi/openapi3" "github.com/getkin/kin-openapi/routers" "github.com/getkin/kin-openapi/routers/legacy" - "github.com/go-openapi/swag" "github.com/golang-jwt/jwt" "github.com/gorilla/sessions" "github.com/treeverse/lakefs/pkg/auth" "github.com/treeverse/lakefs/pkg/auth/model" + "github.com/treeverse/lakefs/pkg/db" "github.com/treeverse/lakefs/pkg/logging" ) @@ -91,14 +91,14 @@ func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.Se } user, err = userByAuth(ctx, logger, authenticator, authService, accessKey, secretKey) case "cookie_auth": - // TODO if oidc enabled: + // validate jwt token from cookie + jwtCookie, _ := r.Cookie(JWTCookieName) + if jwtCookie == nil { + continue + } + user, err = userByToken(ctx, logger, authService, jwtCookie.Value) + case "oidc_auth": user, err = userFromOIDC(ctx, logger, authService, session) - //// validate jwt token from cookie - //jwtCookie, _ := r.Cookie(JWTCookieName) - //if jwtCookie == nil { - // continue - //} - //user, err = userByToken(ctx, logger, authService, jwtCookie.Value) default: // unknown security requirement to check logger.WithField("provider", provider).Error("Authentication middleware unknown security requirement provider") @@ -107,9 +107,7 @@ func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.Se if err != nil { return nil, err } - if user != nil { - return user, nil - } + return user, nil } } return nil, nil @@ -120,31 +118,29 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S if !ok || profile == nil { return nil, ErrAuthenticatingRequest } - if _, ok = profile["email"]; !ok { + username, ok := profile["sub"].(string) + if !ok { + logger.WithField("sub", profile["sub"]).Error("Failed type assertion for sub claim") return nil, ErrAuthenticatingRequest } - email := "" - if email, ok = profile["email"].(string); !ok || email == "" { - return nil, ErrAuthenticatingRequest - } - - user, err := authService.GetUserByEmail(ctx, email) + user, err := authService.GetUser(ctx, username) if err == nil { return user, nil } if !errors.Is(err, auth.ErrNotFound) { return nil, err } + u := &model.User{ - CreatedAt: time.Now().UTC(), - FriendlyName: swag.String(profile["name"].(string)), // TODO make safe - Source: "oidc", - Email: swag.String(email), - OidcOpenID: profile["sub"].(string), // TODO make safe - Username: email, + CreatedAt: time.Now().UTC(), + Source: "oidc", + Username: username, } _, err = authService.CreateUser(ctx, u) if err != nil { + if errors.Is(err, db.ErrAlreadyExists) { + return authService.GetUser(ctx, username) + } return nil, err } err = authService.AddUserToGroup(ctx, u.Username, auth.DevelopersGroup) // TODO default group should be configurable? diff --git a/pkg/api/controller.go b/pkg/api/controller.go index bb9d22e5923..2702b813901 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -85,8 +85,8 @@ type Controller struct { Logger logging.Logger Emailer *email.Emailer sessionStore sessions.Store - oauthConfig oauth2.Config // TODO move from here - oidcVerifier *oidc.IDTokenVerifier // TODO move from here + oauthConfig *oauth2.Config + oidcProvider *oidc.Provider } func (c *Controller) GetAuthCapabilities(w http.ResponseWriter, _ *http.Request) { @@ -202,8 +202,10 @@ func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { if !ok { writeError(w, http.StatusUnauthorized, "no id_token field in oauth2 token") } - - idToken, err := c.oidcVerifier.Verify(ctx, rawIDToken) + oidcVerifier := c.oidcProvider.Verifier(&oidc.Config{ + ClientID: c.oauthConfig.ClientID, + }) + idToken, err := oidcVerifier.Verify(ctx, rawIDToken) var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { @@ -3146,7 +3148,7 @@ func (c *Controller) GetSetupState(w http.ResponseWriter, r *http.Request) { if initialized || c.Config.IsAuthTypeAPI() { state = setupStateInitialized } - response := SetupState{State: swag.String(state)} + response := SetupState{State: swag.String(state), OidcEnabled: swag.Bool(c.Config.GetAuthOIDCConfiguration() != nil)} writeResponse(w, http.StatusOK, response) } @@ -3448,8 +3450,8 @@ func NewController( auditChecker AuditChecker, logger logging.Logger, emailer *email.Emailer, - oauthConfig oauth2.Config, - oidcVerifier *oidc.IDTokenVerifier, + oauthConfig *oauth2.Config, + oidcProvider *oidc.Provider, sessionStore sessions.Store, ) *Controller { return &Controller{ @@ -3467,7 +3469,7 @@ func NewController( Logger: logger, Emailer: emailer, oauthConfig: oauthConfig, - oidcVerifier: oidcVerifier, + oidcProvider: oidcProvider, sessionStore: sessionStore, } } diff --git a/pkg/api/oidc_handler.go b/pkg/api/oidc_handler.go index 91b4b033bc9..571076bd8e9 100644 --- a/pkg/api/oidc_handler.go +++ b/pkg/api/oidc_handler.go @@ -11,10 +11,10 @@ import ( ) const ( - OIDCAuthSessionName = "auth-session" + OIDCAuthSessionName = "auth_session" ) -func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig oauth2.Config) http.HandlerFunc { +func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { state, err := generateRandomState() if err != nil { @@ -36,7 +36,7 @@ func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig oauth2.Con } } -func NewOIDCLogoutHandler(sessionStore sessions.Store, oauthConfig oauth2.Config, logoutUrl *url.URL) http.HandlerFunc { +func NewOIDCLogoutHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logoutUrl *url.URL) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { session, err := sessionStore.Get(r, OIDCAuthSessionName) if err != nil { @@ -60,8 +60,8 @@ func NewOIDCLogoutHandler(sessionStore sessions.Store, oauthConfig oauth2.Config } parameters := url.Values{} - parameters.Add("returnTo", returnTo.String()) - parameters.Add("client_id", oauthConfig.ClientID) + parameters.Add("returnTo", returnTo.String()) // TODO(johnnyaug) this is auth0 specific + parameters.Add("client_id", oauthConfig.ClientID) // TODO(johnnyaug) this is auth0 specific logoutUrl.RawQuery = parameters.Encode() http.Redirect(w, r, logoutUrl.String(), http.StatusTemporaryRedirect) } diff --git a/pkg/api/serve.go b/pkg/api/serve.go index b54138f35b2..6de5c191500 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -3,14 +3,12 @@ package api //go:generate oapi-codegen -package api -generate "types,client,chi-server,spec" -templates tmpl -o lakefs.gen.go ../../api/swagger.yml import ( - "context" "encoding/gob" "encoding/json" "errors" "io" "net/http" "net/url" - "os" "github.com/coreos/go-oidc" "github.com/getkin/kin-openapi/openapi3" @@ -63,6 +61,8 @@ func Serve( emailer *email.Emailer, gatewayDomains []string, snippets []params.CodeSnippet, + oidcProvider *oidc.Provider, + oauthConfig *oauth2.Config, ) http.Handler { gob.Register(map[string]interface{}{}) logger.Info("initialize OpenAPI server") @@ -71,22 +71,7 @@ func Serve( panic(err) } - provider, _ := oidc.NewProvider( // TODO handle error - and move this away - context.Background(), // TODO context should not be here? - "https://"+os.Getenv("OIDC_DOMAIN")+"/", - ) - oauthConfig := oauth2.Config{ - ClientID: os.Getenv("OIDC_CLIENT_ID"), // TODO use generic variable names - ClientSecret: os.Getenv("OIDC_CLIENT_SECRET"), - RedirectURL: os.Getenv("OIDC_CALLBACK_URL"), - Endpoint: provider.Endpoint(), - Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, - } sessionStore := sessions.NewCookieStore(authService.SecretStore().SharedSecret()) - oidcVerifier := provider.Verifier(&oidc.Config{ - ClientID: oauthConfig.ClientID, - }) - r := chi.NewRouter() apiRouter := r.With( OapiRequestValidatorWithOptions(swagger, &openapi3filter.Options{ @@ -114,7 +99,7 @@ func Serve( logger, emailer, oauthConfig, - oidcVerifier, + oidcProvider, sessionStore, ) HandlerFromMuxWithBaseURL(controller, apiRouter, BaseURL) @@ -124,13 +109,15 @@ func Serve( r.Mount("/_pprof/", httputil.ServePPROF("/_pprof/")) r.Mount("/swagger.json", http.HandlerFunc(swaggerSpecHandler)) r.Mount(BaseURL, http.HandlerFunc(InvalidAPIEndpointHandler)) - r.Mount("/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig)) // TODO only if oidc enabled: - logoutUrl, err := url.Parse("https://" + os.Getenv("OIDC_DOMAIN") + "/v2/logout") - if err != nil { - panic(err) + r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig)) + oidcConfig := cfg.GetAuthOIDCConfiguration() + if oidcConfig != nil { + logoutUrl, err := url.Parse("https://" + oidcConfig.Domain + "/v2/logout") // TODO(johnnyaug) this is auth0 specific + if err != nil { + panic(err) + } + r.Mount("/oidc/logout", NewOIDCLogoutHandler(sessionStore, oauthConfig, logoutUrl)) } - r.Mount("/logout", NewOIDCLogoutHandler(sessionStore, oauthConfig, logoutUrl)) // TODO only if oidc enabled: - r.Mount("/", NewUIHandler(gatewayDomains, snippets)) return r } diff --git a/pkg/auth/model/model.go b/pkg/auth/model/model.go index 3f16f15fea3..7bd0e369535 100644 --- a/pkg/auth/model/model.go +++ b/pkg/auth/model/model.go @@ -38,7 +38,6 @@ type User struct { Email *string `db:"email" json:"email"` EncryptedPassword []byte `db:"encrypted_password" json:"encrypted_password"` Source string `db:"source" json:"source"` - OidcOpenID string `db:"oidc_openid"` } func (u *User) UpdatePassword(password string) error { diff --git a/pkg/auth/service.go b/pkg/auth/service.go index dc7e1fe2daf..5d563307dc1 100644 --- a/pkg/auth/service.go +++ b/pkg/auth/service.go @@ -185,15 +185,6 @@ func getUserByEmail(tx db.Tx, email string) (*model.User, error) { return user, nil } -func getUserByOidcOpenID(tx db.Tx, oidcOpenID string) (*model.User, error) { - user := &model.User{} - err := tx.Get(user, `SELECT * FROM auth_users WHERE oidc_openid = $1`, oidcOpenID) - if err != nil { - return nil, err - } - return user, nil -} - func getGroup(tx db.Tx, groupDisplayName string) (*model.Group, error) { group := &model.Group{} err := tx.Get(group, `SELECT * FROM auth_groups WHERE display_name = $1`, groupDisplayName) @@ -278,8 +269,8 @@ func (s *DBAuthService) CreateUser(ctx context.Context, user *model.User) (int64 } var id int64 err := tx.Get(&id, - `INSERT INTO auth_users (display_name, created_at, friendly_name, source, email, oidc_openid) VALUES ($1, $2, $3, $4, $5, $6) RETURNING id`, - user.Username, user.CreatedAt, user.FriendlyName, user.Source, user.Email, user.OidcOpenID) + `INSERT INTO auth_users (display_name, created_at, friendly_name, source, email) VALUES ($1, $2, $3, $4, $5) RETURNING id`, + user.Username, user.CreatedAt, user.FriendlyName, user.Source, user.Email) return id, err }) if err != nil { @@ -1038,7 +1029,6 @@ func (a *APIAuthService) CreateUser(ctx context.Context, user *model.User) (int6 FriendlyName: user.FriendlyName, Source: &user.Source, Username: user.Username, - OidcOpenId: &user.OidcOpenID, }) if err != nil { return InvalidUserID, err diff --git a/pkg/config/config.go b/pkg/config/config.go index df7cfeda0e2..7c48ce25158 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -522,3 +522,7 @@ func (c *Config) GetUISnippets() []apiparams.CodeSnippet { } return snippets } + +func (c *Config) GetAuthOIDCConfiguration() *OIDC { + return c.values.Auth.OIDC +} diff --git a/pkg/config/template.go b/pkg/config/template.go index 36706073fc4..4a3f89c94f6 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -4,6 +4,13 @@ import ( "time" ) +type OIDC struct { + Domain string `mapstructure:"domain"` + ClientID string `mapstructure:"client_id"` + ClientSecret string `mapstructure:"client_secret"` + CallbackURL string `mapstructure:"callback_url"` +} + // LDAP holds configuration for authenticating on an LDAP server. type LDAP struct { ServerEndpoint string `mapstructure:"server_endpoint"` @@ -79,6 +86,7 @@ type configuration struct { Token string } LDAP *LDAP + OIDC *OIDC CookieDomain string `mapstructure:"cookie_domain"` } Blockstore struct { diff --git a/pkg/ddl/000038_auth_oidc.down.sql b/pkg/ddl/000038_auth_oidc.down.sql deleted file mode 100644 index ca61fe02a01..00000000000 --- a/pkg/ddl/000038_auth_oidc.down.sql +++ /dev/null @@ -1,4 +0,0 @@ -BEGIN; -ALTER TABLE auth_users - DROP COLUMN IF EXISTS oidc_openid; -COMMIT ; diff --git a/pkg/ddl/000038_auth_oidc.up.sql b/pkg/ddl/000038_auth_oidc.up.sql deleted file mode 100644 index 9c05d680ac6..00000000000 --- a/pkg/ddl/000038_auth_oidc.up.sql +++ /dev/null @@ -1,6 +0,0 @@ -BEGIN; - -ALTER TABLE auth_users - ADD COLUMN IF NOT EXISTS oidc_openid VARCHAR(100) UNIQUE; - -COMMIT; diff --git a/webui/src/lib/components/navbar.jsx b/webui/src/lib/components/navbar.jsx index 8875c777937..df50366fa63 100644 --- a/webui/src/lib/components/navbar.jsx +++ b/webui/src/lib/components/navbar.jsx @@ -7,12 +7,8 @@ import {auth, config} from "../api"; import {useRouter} from "../hooks/router"; import {Link} from "./nav"; import {useAPI} from "../hooks/api"; -import {useHistory} from "react-router-dom"; const NavUserInfo = () => { - const router = useRouter(); - const history = useHistory(); - const { user, loading, error } = useUser(); const { response: versionResponse, loading: versionLoading, error: versionError } = useAPI(() => { return config.getLakeFSVersion() @@ -25,7 +21,7 @@ const NavUserInfo = () => { { auth.logout().then(() => { - window.location = '/logout' + window.location = '/oidc/logout' }) }}> Logout diff --git a/webui/src/lib/hooks/api.jsx b/webui/src/lib/hooks/api.jsx index 0a3ceff6289..1af19cbfe73 100644 --- a/webui/src/lib/hooks/api.jsx +++ b/webui/src/lib/hooks/api.jsx @@ -54,8 +54,17 @@ export const useAPI = (promise, deps = []) => { const [login, setLogin] = useState(false); useEffect(() => { + console.log(router.route + ">>" + login) if (login) { - window.location = '/login'; + const loginPathname = '/auth/login'; + if (router.route === loginPathname) { + return; + } + router.push({ + pathname: loginPathname, + query: {next: router.route}, + }); + setLogin(false); } }, [login, router]) diff --git a/webui/src/pages/auth/login.jsx b/webui/src/pages/auth/login.jsx index a4d538ae4b0..3edbcb21dc8 100644 --- a/webui/src/pages/auth/login.jsx +++ b/webui/src/pages/auth/login.jsx @@ -10,7 +10,7 @@ import {Error} from "../../lib/components/controls" import {useRouter} from "../../lib/hooks/router"; import {useAPI} from "../../lib/hooks/api"; -const LoginForm = () => { +const LoginForm = ({oidcEnabled}) => { const router = useRouter(); const [loginError, setLoginError] = useState(null); const { response, error, loading } = useAPI(() => auth.getAuthCapabilities()); @@ -49,10 +49,16 @@ const LoginForm = () => { - { showResetPwd ? - - : "" - } +
+ { showResetPwd ? + + : "" + } + { oidcEnabled ? + + : "" + } +
@@ -72,7 +78,7 @@ const LoginPage = () => { } return ( - + ); }; diff --git a/webui/src/styles/globals.css b/webui/src/styles/globals.css index ed44dd3c8e4..eecfc57d045 100644 --- a/webui/src/styles/globals.css +++ b/webui/src/styles/globals.css @@ -22,6 +22,14 @@ padding-top: 7px; } +.card.login-widget { + width: 400px; +} + +.card.login-widget .btn { + width: 100%; +} + .card.login-widget,.card.setup-widget, .reset-pwd-widget, .request-reset-pwd-widget { margin-top: 130px; } @@ -30,14 +38,6 @@ margin-bottom: 10px; } -.card.login-widget .reset-pwd{ - font-size: 15px; - position: absolute; - bottom: 21px; - right: 19px; - padding-right: 0px; -} - .action-bar { padding-bottom: 10px; margin-bottom: 10px; diff --git a/webui/vite.config.js b/webui/vite.config.js index 2fef78bbb7c..cf89d5acf9b 100644 --- a/webui/vite.config.js +++ b/webui/vite.config.js @@ -28,12 +28,12 @@ export default ({ command }) => { changeOrigin: true, secure: false }, - '/login': { + '/oidc/login': { target: 'http://localhost:8000', changeOrigin: false, secure: false }, - '/logout': { + '/oidc/logout': { target: 'http://localhost:8000', changeOrigin: false, secure: false From 2773c984144195ec89eca59aabd27e7f6463ce5c Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 2 Jun 2022 15:11:03 -0400 Subject: [PATCH 03/28] wip --- cmd/lakefs/cmd/run.go | 3 +-- pkg/api/auth_middleware.go | 6 ++++-- pkg/api/oidc_handler.go | 27 ++++++++++++++++++++++----- pkg/api/serve.go | 7 +------ pkg/config/template.go | 8 ++++---- webui/src/lib/components/navbar.jsx | 2 +- webui/src/lib/hooks/api.jsx | 1 - 7 files changed, 33 insertions(+), 21 deletions(-) diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go index 628dc56436b..b69a4d25e32 100644 --- a/cmd/lakefs/cmd/run.go +++ b/cmd/lakefs/cmd/run.go @@ -242,7 +242,7 @@ var runCmd = &cobra.Command{ if oidcConfig != nil { oidcProvider, err = oidc.NewProvider( cmd.Context(), - "https://"+oidcConfig.Domain+"/", + "https://"+oidcConfig.Domain, ) if err != nil { logger.WithError(err).Fatal("Failed to initialize OIDC provider") @@ -251,7 +251,6 @@ var runCmd = &cobra.Command{ oauthConfig = &oauth2.Config{ ClientID: oidcConfig.ClientID, ClientSecret: oidcConfig.ClientSecret, - RedirectURL: oidcConfig.CallbackURL, Endpoint: oidcProvider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index e39d2613cda..3e026481e7c 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -107,7 +107,9 @@ func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.Se if err != nil { return nil, err } - return user, nil + if user != nil { + return user, nil + } } } return nil, nil @@ -143,7 +145,7 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S } return nil, err } - err = authService.AddUserToGroup(ctx, u.Username, auth.DevelopersGroup) // TODO default group should be configurable? + err = authService.AddUserToGroup(ctx, u.Username, auth.DevelopersGroup) // TODO(johnnyaug) for OIDC logins, authorization should be handled by the identity provider if err != nil { return nil, err } diff --git a/pkg/api/oidc_handler.go b/pkg/api/oidc_handler.go index 571076bd8e9..a18235800e7 100644 --- a/pkg/api/oidc_handler.go +++ b/pkg/api/oidc_handler.go @@ -32,17 +32,29 @@ func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Co writeError(w, http.StatusInternalServerError, err.Error()) return } + scheme := "http" + if r.TLS != nil { + scheme = "https" + } + u := url.URL{ + Scheme: scheme, + Host: r.Host, + Path: BaseURL + "/oidc/callback", + } + oauthConfig.RedirectURL = u.String() http.Redirect(w, r, oauthConfig.AuthCodeURL(state), http.StatusTemporaryRedirect) } } -func NewOIDCLogoutHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logoutUrl *url.URL) http.HandlerFunc { +func NewOIDCLogoutHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logoutUrl string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { session, err := sessionStore.Get(r, OIDCAuthSessionName) if err != nil { writeError(w, http.StatusInternalServerError, err.Error()) return } + //idTokenHint, _ := session.Values["id_token"].(string) + session.Values = map[interface{}]interface{}{} if err := session.Save(r, w); err != nil { writeError(w, http.StatusInternalServerError, err.Error()) @@ -60,10 +72,15 @@ func NewOIDCLogoutHandler(sessionStore sessions.Store, oauthConfig *oauth2.Confi } parameters := url.Values{} - parameters.Add("returnTo", returnTo.String()) // TODO(johnnyaug) this is auth0 specific - parameters.Add("client_id", oauthConfig.ClientID) // TODO(johnnyaug) this is auth0 specific - logoutUrl.RawQuery = parameters.Encode() - http.Redirect(w, r, logoutUrl.String(), http.StatusTemporaryRedirect) + //parameters.Add("id_token_hint", idTokenHint) + parameters.Add("post_logout_redirect_uri", returnTo.String()) + u, err := url.Parse(logoutUrl) + if err != nil { + // TODO log error + http.Redirect(w, r, "/", http.StatusTemporaryRedirect) + } + u.RawQuery = parameters.Encode() + http.Redirect(w, r, u.String(), http.StatusTemporaryRedirect) } } diff --git a/pkg/api/serve.go b/pkg/api/serve.go index 6de5c191500..246ee6286a3 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -8,7 +8,6 @@ import ( "errors" "io" "net/http" - "net/url" "github.com/coreos/go-oidc" "github.com/getkin/kin-openapi/openapi3" @@ -112,11 +111,7 @@ func Serve( r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig)) oidcConfig := cfg.GetAuthOIDCConfiguration() if oidcConfig != nil { - logoutUrl, err := url.Parse("https://" + oidcConfig.Domain + "/v2/logout") // TODO(johnnyaug) this is auth0 specific - if err != nil { - panic(err) - } - r.Mount("/oidc/logout", NewOIDCLogoutHandler(sessionStore, oauthConfig, logoutUrl)) + r.Mount("/oidc/logout", NewOIDCLogoutHandler(sessionStore, oauthConfig, oidcConfig.EndSessionEndpoint)) } r.Mount("/", NewUIHandler(gatewayDomains, snippets)) return r diff --git a/pkg/config/template.go b/pkg/config/template.go index 4a3f89c94f6..289e8bd1b5c 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -5,10 +5,10 @@ import ( ) type OIDC struct { - Domain string `mapstructure:"domain"` - ClientID string `mapstructure:"client_id"` - ClientSecret string `mapstructure:"client_secret"` - CallbackURL string `mapstructure:"callback_url"` + Domain string `mapstructure:"domain"` + ClientID string `mapstructure:"client_id"` + ClientSecret string `mapstructure:"client_secret"` + EndSessionEndpoint string `mapstructure:"end_session_endpoint"` } // LDAP holds configuration for authenticating on an LDAP server. diff --git a/webui/src/lib/components/navbar.jsx b/webui/src/lib/components/navbar.jsx index df50366fa63..f2647600f79 100644 --- a/webui/src/lib/components/navbar.jsx +++ b/webui/src/lib/components/navbar.jsx @@ -21,7 +21,7 @@ const NavUserInfo = () => { { auth.logout().then(() => { - window.location = '/oidc/logout' + window.location = '/oidc/logout' // TODO(johnnyaug): do this only when OIDC is enabled }) }}> Logout diff --git a/webui/src/lib/hooks/api.jsx b/webui/src/lib/hooks/api.jsx index 1af19cbfe73..85e1ba4f501 100644 --- a/webui/src/lib/hooks/api.jsx +++ b/webui/src/lib/hooks/api.jsx @@ -54,7 +54,6 @@ export const useAPI = (promise, deps = []) => { const [login, setLogin] = useState(false); useEffect(() => { - console.log(router.route + ">>" + login) if (login) { const loginPathname = '/auth/login'; if (router.route === loginPathname) { From bc0e9296578661cd52185188d3d619d91aedb155 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 2 Jun 2022 15:12:56 -0400 Subject: [PATCH 04/28] remove logout on provider side --- pkg/api/oidc_handler.go | 38 ----------------------------- pkg/api/serve.go | 6 ++--- pkg/config/template.go | 7 +++--- webui/src/lib/components/navbar.jsx | 3 ++- 4 files changed, 7 insertions(+), 47 deletions(-) diff --git a/pkg/api/oidc_handler.go b/pkg/api/oidc_handler.go index a18235800e7..f41867aac1b 100644 --- a/pkg/api/oidc_handler.go +++ b/pkg/api/oidc_handler.go @@ -46,44 +46,6 @@ func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Co } } -func NewOIDCLogoutHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logoutUrl string) http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - session, err := sessionStore.Get(r, OIDCAuthSessionName) - if err != nil { - writeError(w, http.StatusInternalServerError, err.Error()) - return - } - //idTokenHint, _ := session.Values["id_token"].(string) - - session.Values = map[interface{}]interface{}{} - if err := session.Save(r, w); err != nil { - writeError(w, http.StatusInternalServerError, err.Error()) - return - } - scheme := "http" - if r.TLS != nil { - scheme = "https" - } - - returnTo, err := url.Parse(scheme + "://" + r.Host) - if err != nil { - writeError(w, http.StatusInternalServerError, err.Error()) - return - } - - parameters := url.Values{} - //parameters.Add("id_token_hint", idTokenHint) - parameters.Add("post_logout_redirect_uri", returnTo.String()) - u, err := url.Parse(logoutUrl) - if err != nil { - // TODO log error - http.Redirect(w, r, "/", http.StatusTemporaryRedirect) - } - u.RawQuery = parameters.Encode() - http.Redirect(w, r, u.String(), http.StatusTemporaryRedirect) - } -} - func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) diff --git a/pkg/api/serve.go b/pkg/api/serve.go index 246ee6286a3..73c2d195039 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -108,10 +108,8 @@ func Serve( r.Mount("/_pprof/", httputil.ServePPROF("/_pprof/")) r.Mount("/swagger.json", http.HandlerFunc(swaggerSpecHandler)) r.Mount(BaseURL, http.HandlerFunc(InvalidAPIEndpointHandler)) - r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig)) - oidcConfig := cfg.GetAuthOIDCConfiguration() - if oidcConfig != nil { - r.Mount("/oidc/logout", NewOIDCLogoutHandler(sessionStore, oauthConfig, oidcConfig.EndSessionEndpoint)) + if cfg.GetAuthOIDCConfiguration() != nil { + r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig)) } r.Mount("/", NewUIHandler(gatewayDomains, snippets)) return r diff --git a/pkg/config/template.go b/pkg/config/template.go index 289e8bd1b5c..901d5184ec1 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -5,10 +5,9 @@ import ( ) type OIDC struct { - Domain string `mapstructure:"domain"` - ClientID string `mapstructure:"client_id"` - ClientSecret string `mapstructure:"client_secret"` - EndSessionEndpoint string `mapstructure:"end_session_endpoint"` + Domain string `mapstructure:"domain"` + ClientID string `mapstructure:"client_id"` + ClientSecret string `mapstructure:"client_secret"` } // LDAP holds configuration for authenticating on an LDAP server. diff --git a/webui/src/lib/components/navbar.jsx b/webui/src/lib/components/navbar.jsx index f2647600f79..9524e76967b 100644 --- a/webui/src/lib/components/navbar.jsx +++ b/webui/src/lib/components/navbar.jsx @@ -9,6 +9,7 @@ import {Link} from "./nav"; import {useAPI} from "../hooks/api"; const NavUserInfo = () => { + const router = useRouter(); const { user, loading, error } = useUser(); const { response: versionResponse, loading: versionLoading, error: versionError } = useAPI(() => { return config.getLakeFSVersion() @@ -21,7 +22,7 @@ const NavUserInfo = () => { { auth.logout().then(() => { - window.location = '/oidc/logout' // TODO(johnnyaug): do this only when OIDC is enabled + router.push('/auth/login') }) }}> Logout From 87011403ae00454356887f025e6cfb8539082359 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 2 Jun 2022 16:29:55 -0400 Subject: [PATCH 05/28] some docs --- cmd/lakefs/cmd/run.go | 2 +- docs/reference/configuration.md | 3 +++ docs/reference/oidc.md | 39 +++++++++++++++++++++++++++++++++ pkg/config/template.go | 2 +- 4 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 docs/reference/oidc.md diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go index b69a4d25e32..1c3eccc9492 100644 --- a/cmd/lakefs/cmd/run.go +++ b/cmd/lakefs/cmd/run.go @@ -242,7 +242,7 @@ var runCmd = &cobra.Command{ if oidcConfig != nil { oidcProvider, err = oidc.NewProvider( cmd.Context(), - "https://"+oidcConfig.Domain, + oidcConfig.URL, ) if err != nil { logger.WithError(err).Fatal("Failed to initialize OIDC provider") diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md index 326c0a87897..648eec1b346 100644 --- a/docs/reference/configuration.md +++ b/docs/reference/configuration.md @@ -55,6 +55,9 @@ This reference uses `.` to denote the nesting of values. * `auth.ldap.user_base_dn` `(string : required)` - Base DN for searching for users. Search looks for users in the subtree below this. * `auth.ldap.default_user_group` `(string : )` - Create all LDAP users in this group. Defaults to `Viewers`. * `auth.ldap.user_filter` `(string : )` - Additional filter for users. +* `auth.oidc.client_id` `(string : )` - OIDC client ID +* `auth.oidc.client_secret` `(string : )` - OIDC client secret +* `auth.oidc.url` `(string : )` - The base URL of your OIDC compatible identity provider * `blockstore.type` `(one of ["local", "s3", "gs", "azure", "mem"] : required)`. Block adapter to use. This controls where the underlying data will be stored * `blockstore.default_namespace_prefix` `(string : )` - Use this to help your users choose a storage namespace for their repositories. If specified, the storage namespace will be filled with this default value as a prefix, when creating a repository from the UI. diff --git a/docs/reference/oidc.md b/docs/reference/oidc.md new file mode 100644 index 00000000000..feb464050a6 --- /dev/null +++ b/docs/reference/oidc.md @@ -0,0 +1,39 @@ +--- +layout: default +title: OIDC support +description: Use an OIDC provider to manage lakeFS users +parent: Reference +nav_order: 67 +has_children: false +--- + +# OIDC support + +{: .no_toc } + +You can manage lakeFS users externally using an OpenID Connect (OIDC) compatible identity provider. + +{% include toc.html %} + +## Configuring lakeFS server for OIDC + +To support OIDC, add the following configurations to your [lakeFS configuration](./configuration.md). +As always, you may choose to provide these configurations using [environment variables](./configuration.md#using-environment-variables). + +```yaml +auth: + oidc: + client_id: example-client-id + client_secret: exampleSecretValue + domain: https://my-account.oidc-provider-example.com +``` + +Note that you may have other configuration values under the `auth` key, so make sure you combine them correctly. + +## Adding policy claims to your users + +## Logging in using OIDC + +## Limitations + +- Groups are not currently supported for externally managed users. diff --git a/pkg/config/template.go b/pkg/config/template.go index 901d5184ec1..0bc951ffd7b 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -5,7 +5,7 @@ import ( ) type OIDC struct { - Domain string `mapstructure:"domain"` + URL string `mapstructure:"url"` ClientID string `mapstructure:"client_id"` ClientSecret string `mapstructure:"client_secret"` } From 9962f06e9de37804fe0c71544bd1f29550e5c761 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 2 Jun 2022 16:43:30 -0400 Subject: [PATCH 06/28] some docs --- docs/reference/oidc.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/oidc.md b/docs/reference/oidc.md index feb464050a6..5f3c943a210 100644 --- a/docs/reference/oidc.md +++ b/docs/reference/oidc.md @@ -37,3 +37,4 @@ Note that you may have other configuration values under the `auth` key, so make ## Limitations - Groups are not currently supported for externally managed users. +- Creating programmatic access credentials is not supported for externally managed users. From e85f159c035c2642f53a83e3d2566739d83e3df9 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 9 Jun 2022 14:08:48 +0300 Subject: [PATCH 07/28] =?UTF-8?q?wip=CB=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/authorization.yml | 1 + pkg/api/auth_middleware.go | 58 ++++++++++++++++++++++--------- pkg/api/controller.go | 14 +++++++- pkg/api/serve.go | 2 +- pkg/auth/model/model.go | 1 + pkg/auth/service.go | 4 +-- pkg/config/template.go | 7 ++-- pkg/ddl/000038_oidc_user.down.sql | 6 ++++ pkg/ddl/000038_oidc_user.up.sql | 5 +++ 9 files changed, 74 insertions(+), 24 deletions(-) create mode 100644 pkg/ddl/000038_oidc_user.down.sql create mode 100644 pkg/ddl/000038_oidc_user.up.sql diff --git a/api/authorization.yml b/api/authorization.yml index 95939f7582e..178009922af 100644 --- a/api/authorization.yml +++ b/api/authorization.yml @@ -129,6 +129,7 @@ components: encryptedPassword: type: string format: byte + UserPassword: type: object required: diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index 15975b6cc39..1541b88d0dc 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -14,6 +14,7 @@ import ( "github.com/gorilla/sessions" "github.com/treeverse/lakefs/pkg/auth" "github.com/treeverse/lakefs/pkg/auth/model" + "github.com/treeverse/lakefs/pkg/config" "github.com/treeverse/lakefs/pkg/db" "github.com/treeverse/lakefs/pkg/logging" ) @@ -31,7 +32,7 @@ func extractSecurityRequirements(router routers.Router, r *http.Request) (openap return *route.Operation.Security, nil } -func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authenticator auth.Authenticator, authService auth.Service, sessionStore sessions.Store) func(next http.Handler) http.Handler { +func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authenticator auth.Authenticator, authService auth.Service, sessionStore sessions.Store, oidcConfig *config.OIDC) func(next http.Handler) http.Handler { router, err := legacy.NewRouter(swagger) if err != nil { panic(err) @@ -43,7 +44,7 @@ func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authentica writeError(w, http.StatusBadRequest, err) return } - user, err := checkSecurityRequirements(r, securityRequirements, logger, authenticator, authService, sessionStore) + user, err := checkSecurityRequirements(r, securityRequirements, logger, authenticator, authService, sessionStore, oidcConfig) if err != nil { writeError(w, http.StatusUnauthorized, err) return @@ -58,7 +59,14 @@ func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authentica // checkSecurityRequirements goes over the security requirements and check the authentication. returns the user information and error if the security check was required. // it will return nil user and error in case of no security checks to match. -func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.SecurityRequirements, logger logging.Logger, authenticator auth.Authenticator, authService auth.Service, sessionStore sessions.Store) (*model.User, error) { +func checkSecurityRequirements(r *http.Request, + securityRequirements openapi3.SecurityRequirements, + logger logging.Logger, + authenticator auth.Authenticator, + authService auth.Service, + sessionStore sessions.Store, + oidcConfig *config.OIDC, +) (*model.User, error) { ctx := r.Context() var user *model.User var err error @@ -97,7 +105,7 @@ func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.Se } user, err = userByToken(ctx, logger, authService, jwtCookie.Value) case "oidc_auth": - user, err = userFromOIDC(ctx, logger, authService, session) + user, err = userFromOIDC(ctx, logger, authService, session, oidcConfig) default: // unknown security requirement to check logger.WithField("provider", provider).Error("Authentication middleware unknown security requirement provider") @@ -114,17 +122,21 @@ func checkSecurityRequirements(r *http.Request, securityRequirements openapi3.Se return nil, nil } -func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.Service, authSession *sessions.Session) (*model.User, error) { +func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.Service, authSession *sessions.Session, oidcConfig *config.OIDC) (*model.User, error) { profile, ok := authSession.Values["profile"].(map[string]interface{}) if !ok || profile == nil { return nil, ErrAuthenticatingRequest } - username, ok := profile["sub"].(string) + accessTokenClaims, ok := authSession.Values["access_token_claims"].(map[string]interface{}) + if !ok || profile == nil { + return nil, ErrAuthenticatingRequest + } + externalID, ok := profile["sub"].(string) if !ok { logger.WithField("sub", profile["sub"]).Error("Failed type assertion for sub claim") return nil, ErrAuthenticatingRequest } - user, err := authService.GetUser(ctx, username) + user, err := authService.GetUser(ctx, externalID) if err == nil { return user, nil } @@ -132,23 +144,35 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S return nil, err } - u := &model.User{ - CreatedAt: time.Now().UTC(), - Source: "oidc", - Username: username, + u := model.BaseUser{ + CreatedAt: time.Now().UTC(), + Source: "oidc", + Username: externalID, + ExternalID: externalID, } - _, err = authService.CreateUser(ctx, u) + userID, err := authService.CreateUser(ctx, &u) + if err != nil { if errors.Is(err, db.ErrAlreadyExists) { - return authService.GetUser(ctx, username) + return authService.GetUser(ctx, externalID) } return nil, err } - err = authService.AddUserToGroup(ctx, u.Username, auth.DevelopersGroup) // TODO(johnnyaug) for OIDC logins, authorization should be handled by the identity provider - if err != nil { - return nil, err + initialGroups := oidcConfig.DefaultInitialGroups + if userInitialGroups, ok := accessTokenClaims["initial_groups"].(string); ok { + initialGroups = strings.Split(userInitialGroups, ",") + } + for _, g := range initialGroups { + err = authService.AddUserToGroup(ctx, u.Username, strings.TrimSpace(g)) + if err != nil { + return nil, err + } } - return u, nil + + return &model.User{ + ID: userID, + BaseUser: u, + }, nil } func userByToken(ctx context.Context, logger logging.Logger, authService auth.Service, tokenString string) (*model.User, error) { diff --git a/pkg/api/controller.go b/pkg/api/controller.go index bfca9dad792..6479a31f05e 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -203,6 +203,11 @@ func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { if !ok { writeError(w, http.StatusUnauthorized, "no id_token field in oauth2 token") } + rawAccessToken, ok := token.Extra("access_token").(string) + if !ok { + writeError(w, http.StatusUnauthorized, "no access_token field in oauth2 token") + } + oidcVerifier := c.oidcProvider.Verifier(&oidc.Config{ ClientID: c.oauthConfig.ClientID, }) @@ -213,7 +218,14 @@ func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { writeError(w, http.StatusInternalServerError, err.Error()) return } - session.Values["access_token"] = token.AccessToken + var accessTokenClaims map[string]interface{} + accessToken, err := oidcVerifier.Verify(ctx, rawAccessToken) + if err := accessToken.Claims(&accessTokenClaims); err != nil { + writeError(w, http.StatusInternalServerError, err.Error()) + return + } + + session.Values["access_token_claims"] = accessTokenClaims session.Values["profile"] = profile err = session.Save(r, w) if err != nil { diff --git a/pkg/api/serve.go b/pkg/api/serve.go index 73c2d195039..34a9a577d3b 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -80,7 +80,7 @@ func Serve( RequestIDHeaderName, logging.Fields{logging.ServiceNameFieldKey: LoggerServiceName}, cfg.GetLoggingTraceRequestHeaders()), - AuthMiddleware(logger, swagger, middlewareAuthenticator, authService, sessionStore), + AuthMiddleware(logger, swagger, middlewareAuthenticator, authService, sessionStore, cfg.GetAuthOIDCConfiguration()), MetricsMiddleware(swagger), ) controller := NewController( diff --git a/pkg/auth/model/model.go b/pkg/auth/model/model.go index 00f32017013..1b44e984b8b 100644 --- a/pkg/auth/model/model.go +++ b/pkg/auth/model/model.go @@ -51,6 +51,7 @@ type BaseUser struct { Email *string `db:"email" json:"email"` EncryptedPassword []byte `db:"encrypted_password" json:"encrypted_password"` Source string `db:"source" json:"source"` + ExternalID string `db:"external_id" json:"external_id"` } type User struct { diff --git a/pkg/auth/service.go b/pkg/auth/service.go index 4af2002637d..cc82064d0c2 100644 --- a/pkg/auth/service.go +++ b/pkg/auth/service.go @@ -277,8 +277,8 @@ func (s *DBAuthService) CreateUser(ctx context.Context, user *model.BaseUser) (s } var id int64 err := tx.Get(&id, - `INSERT INTO auth_users (display_name, created_at, friendly_name, source, email) VALUES ($1, $2, $3, $4, $5) RETURNING id`, - user.Username, user.CreatedAt, user.FriendlyName, user.Source, user.Email) + `INSERT INTO auth_users (display_name, created_at, friendly_name, source, email, external_id) VALUES ($1, $2, $3, $4, $5, $6) RETURNING id`, + user.Username, user.CreatedAt, user.FriendlyName, user.Source, user.Email, user.ExternalID) return id, err }) if err != nil { diff --git a/pkg/config/template.go b/pkg/config/template.go index 0bc951ffd7b..10bf40f3ba0 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -5,9 +5,10 @@ import ( ) type OIDC struct { - URL string `mapstructure:"url"` - ClientID string `mapstructure:"client_id"` - ClientSecret string `mapstructure:"client_secret"` + URL string `mapstructure:"url"` + ClientID string `mapstructure:"client_id"` + ClientSecret string `mapstructure:"client_secret"` + DefaultInitialGroups []string `mapstructure:"default_initial_groups"` } // LDAP holds configuration for authenticating on an LDAP server. diff --git a/pkg/ddl/000038_oidc_user.down.sql b/pkg/ddl/000038_oidc_user.down.sql new file mode 100644 index 00000000000..bf82a37d979 --- /dev/null +++ b/pkg/ddl/000038_oidc_user.down.sql @@ -0,0 +1,6 @@ +BEGIN; +DROP INDEX email_unique_idx; +ALTER TABLE auth_users +DROP COLUMN IF EXISTS email, + DROP COLUMN IF EXISTS encrypted_password; +COMMIT ; diff --git a/pkg/ddl/000038_oidc_user.up.sql b/pkg/ddl/000038_oidc_user.up.sql new file mode 100644 index 00000000000..b25dbfdae41 --- /dev/null +++ b/pkg/ddl/000038_oidc_user.up.sql @@ -0,0 +1,5 @@ +BEGIN; + +ALTER TABLE auth_users + ADD COLUMN IF NOT EXISTS external_id VARCHAR(255) UNIQUE; +END; From 35e0c42ce23459ae5b459e0b0d75d879248dea8f Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 9 Jun 2022 14:30:02 +0300 Subject: [PATCH 08/28] fix marshalling bug in db service --- pkg/auth/service.go | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/pkg/auth/service.go b/pkg/auth/service.go index cc82064d0c2..a817cc650a2 100644 --- a/pkg/auth/service.go +++ b/pkg/auth/service.go @@ -475,7 +475,7 @@ func (s *DBAuthService) ListEffectivePolicies(ctx context.Context, username stri } func (s *DBAuthService) ListGroupPolicies(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.BasePolicy, *model.Paginator, error) { - var policy model.BasePolicy + var policy model.DBPolicy query := psql.Select("auth_policies.*"). From("auth_policies"). Join("auth_group_policies ON (auth_policies.id = auth_group_policies.policy_id)"). @@ -489,7 +489,12 @@ func (s *DBAuthService) ListGroupPolicies(ctx context.Context, groupDisplayName if err != nil { return nil, paginator, err } - return slice.Interface().([]*model.BasePolicy), paginator, nil + dbPolicies := slice.Interface().([]*model.DBPolicy) + policies := make([]*model.BasePolicy, len(dbPolicies)) + for i := range dbPolicies { + policies[i] = &dbPolicies[i].BasePolicy + } + return policies, paginator, nil } func (s *DBAuthService) CreateGroup(ctx context.Context, group *model.BaseGroup) error { @@ -584,8 +589,8 @@ func (s *DBAuthService) ListUserGroups(ctx context.Context, username string, par if _, err := getUser(tx, username); err != nil { return nil, err } - groups := make([]*model.Group, 0) - err := tx.Select(&groups, ` + dbGroups := make([]*model.DBGroup, 0) + err := tx.Select(&dbGroups, ` SELECT auth_groups.* FROM auth_groups INNER JOIN auth_user_groups ON (auth_groups.id = auth_user_groups.group_id) INNER JOIN auth_users ON (auth_user_groups.user_id = auth_users.id) @@ -599,12 +604,16 @@ func (s *DBAuthService) ListUserGroups(ctx context.Context, username string, par if err != nil { return nil, err } + groups := make([]*model.Group, len(dbGroups)) + for i := range dbGroups { + groups[i] = model.ConvertGroup(dbGroups[i]) + } p := &model.Paginator{} if len(groups) == params.Amount+1 { // we have more pages groups = groups[0:params.Amount] p.Amount = params.Amount - p.NextPageToken = groups[len(groups)-1].DisplayName + p.NextPageToken = groups[len(dbGroups)-1].DisplayName return &res{groups, p}, nil } p.Amount = len(groups) @@ -626,8 +635,8 @@ func (s *DBAuthService) ListGroupUsers(ctx context.Context, groupDisplayName str if _, err := getGroup(tx, groupDisplayName); err != nil { return nil, err } - users := make([]*model.User, 0) - err := tx.Select(&users, ` + dbUsers := make([]*model.DBUser, 0) + err := tx.Select(&dbUsers, ` SELECT auth_users.* FROM auth_users INNER JOIN auth_user_groups ON (auth_users.id = auth_user_groups.user_id) INNER JOIN auth_groups ON (auth_user_groups.group_id = auth_groups.id) @@ -642,6 +651,10 @@ func (s *DBAuthService) ListGroupUsers(ctx context.Context, groupDisplayName str return nil, err } p := &model.Paginator{} + users := make([]*model.User, len(dbUsers)) + for i := range dbUsers { + users[i] = model.ConvertUser(dbUsers[i]) + } if len(users) == params.Amount+1 { // we have more pages users = users[0:params.Amount] @@ -697,7 +710,7 @@ func (s *DBAuthService) GetPolicy(ctx context.Context, policyDisplayName string) if err != nil { return nil, err } - return policy.(*model.BasePolicy), nil + return &policy.(*model.DBPolicy).BasePolicy, nil } func (s *DBAuthService) DeletePolicy(ctx context.Context, policyDisplayName string) error { @@ -713,8 +726,8 @@ func (s *DBAuthService) ListPolicies(ctx context.Context, params *model.Paginati paginator *model.Paginator } result, err := s.db.Transact(ctx, func(tx db.Tx) (interface{}, error) { - policies := make([]*model.BasePolicy, 0) - err := tx.Select(&policies, ` + dbPolicies := make([]*model.DBPolicy, 0) + err := tx.Select(&dbPolicies, ` SELECT * FROM auth_policies WHERE display_name > $1 @@ -726,7 +739,10 @@ func (s *DBAuthService) ListPolicies(ctx context.Context, params *model.Paginati return nil, err } p := &model.Paginator{} - + policies := make([]*model.BasePolicy, len(dbPolicies)) + for i := range dbPolicies { + policies[i] = &dbPolicies[i].BasePolicy + } if len(policies) == params.Amount+1 { // we have more pages policies = policies[0:params.Amount] From 4196132272f8aaaca94aac333d9e83ff2cb11088 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 9 Jun 2022 14:30:29 +0300 Subject: [PATCH 09/28] Revert "fix marshalling bug in db service" This reverts commit 35e0c42ce23459ae5b459e0b0d75d879248dea8f. --- pkg/auth/service.go | 38 +++++++++++--------------------------- 1 file changed, 11 insertions(+), 27 deletions(-) diff --git a/pkg/auth/service.go b/pkg/auth/service.go index a817cc650a2..cc82064d0c2 100644 --- a/pkg/auth/service.go +++ b/pkg/auth/service.go @@ -475,7 +475,7 @@ func (s *DBAuthService) ListEffectivePolicies(ctx context.Context, username stri } func (s *DBAuthService) ListGroupPolicies(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.BasePolicy, *model.Paginator, error) { - var policy model.DBPolicy + var policy model.BasePolicy query := psql.Select("auth_policies.*"). From("auth_policies"). Join("auth_group_policies ON (auth_policies.id = auth_group_policies.policy_id)"). @@ -489,12 +489,7 @@ func (s *DBAuthService) ListGroupPolicies(ctx context.Context, groupDisplayName if err != nil { return nil, paginator, err } - dbPolicies := slice.Interface().([]*model.DBPolicy) - policies := make([]*model.BasePolicy, len(dbPolicies)) - for i := range dbPolicies { - policies[i] = &dbPolicies[i].BasePolicy - } - return policies, paginator, nil + return slice.Interface().([]*model.BasePolicy), paginator, nil } func (s *DBAuthService) CreateGroup(ctx context.Context, group *model.BaseGroup) error { @@ -589,8 +584,8 @@ func (s *DBAuthService) ListUserGroups(ctx context.Context, username string, par if _, err := getUser(tx, username); err != nil { return nil, err } - dbGroups := make([]*model.DBGroup, 0) - err := tx.Select(&dbGroups, ` + groups := make([]*model.Group, 0) + err := tx.Select(&groups, ` SELECT auth_groups.* FROM auth_groups INNER JOIN auth_user_groups ON (auth_groups.id = auth_user_groups.group_id) INNER JOIN auth_users ON (auth_user_groups.user_id = auth_users.id) @@ -604,16 +599,12 @@ func (s *DBAuthService) ListUserGroups(ctx context.Context, username string, par if err != nil { return nil, err } - groups := make([]*model.Group, len(dbGroups)) - for i := range dbGroups { - groups[i] = model.ConvertGroup(dbGroups[i]) - } p := &model.Paginator{} if len(groups) == params.Amount+1 { // we have more pages groups = groups[0:params.Amount] p.Amount = params.Amount - p.NextPageToken = groups[len(dbGroups)-1].DisplayName + p.NextPageToken = groups[len(groups)-1].DisplayName return &res{groups, p}, nil } p.Amount = len(groups) @@ -635,8 +626,8 @@ func (s *DBAuthService) ListGroupUsers(ctx context.Context, groupDisplayName str if _, err := getGroup(tx, groupDisplayName); err != nil { return nil, err } - dbUsers := make([]*model.DBUser, 0) - err := tx.Select(&dbUsers, ` + users := make([]*model.User, 0) + err := tx.Select(&users, ` SELECT auth_users.* FROM auth_users INNER JOIN auth_user_groups ON (auth_users.id = auth_user_groups.user_id) INNER JOIN auth_groups ON (auth_user_groups.group_id = auth_groups.id) @@ -651,10 +642,6 @@ func (s *DBAuthService) ListGroupUsers(ctx context.Context, groupDisplayName str return nil, err } p := &model.Paginator{} - users := make([]*model.User, len(dbUsers)) - for i := range dbUsers { - users[i] = model.ConvertUser(dbUsers[i]) - } if len(users) == params.Amount+1 { // we have more pages users = users[0:params.Amount] @@ -710,7 +697,7 @@ func (s *DBAuthService) GetPolicy(ctx context.Context, policyDisplayName string) if err != nil { return nil, err } - return &policy.(*model.DBPolicy).BasePolicy, nil + return policy.(*model.BasePolicy), nil } func (s *DBAuthService) DeletePolicy(ctx context.Context, policyDisplayName string) error { @@ -726,8 +713,8 @@ func (s *DBAuthService) ListPolicies(ctx context.Context, params *model.Paginati paginator *model.Paginator } result, err := s.db.Transact(ctx, func(tx db.Tx) (interface{}, error) { - dbPolicies := make([]*model.DBPolicy, 0) - err := tx.Select(&dbPolicies, ` + policies := make([]*model.BasePolicy, 0) + err := tx.Select(&policies, ` SELECT * FROM auth_policies WHERE display_name > $1 @@ -739,10 +726,7 @@ func (s *DBAuthService) ListPolicies(ctx context.Context, params *model.Paginati return nil, err } p := &model.Paginator{} - policies := make([]*model.BasePolicy, len(dbPolicies)) - for i := range dbPolicies { - policies[i] = &dbPolicies[i].BasePolicy - } + if len(policies) == params.Amount+1 { // we have more pages policies = policies[0:params.Amount] From 8cb2bcdd08b3ed11776071d1b83a0ee79f9b3a4b Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 9 Jun 2022 19:44:06 +0300 Subject: [PATCH 10/28] wip --- pkg/api/auth_middleware.go | 15 ++--- pkg/api/controller.go | 62 ++++++------------- ...{oidc_handler.go => oidc_login_handler.go} | 5 +- pkg/api/serve.go | 7 +-- pkg/auth/oidc/authenticator.go | 42 +++++++++++++ pkg/config/config.go | 6 ++ 6 files changed, 80 insertions(+), 57 deletions(-) rename pkg/api/{oidc_handler.go => oidc_login_handler.go} (90%) create mode 100644 pkg/auth/oidc/authenticator.go diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index 1541b88d0dc..f70fe234440 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -14,6 +14,7 @@ import ( "github.com/gorilla/sessions" "github.com/treeverse/lakefs/pkg/auth" "github.com/treeverse/lakefs/pkg/auth/model" + "github.com/treeverse/lakefs/pkg/auth/oidc" "github.com/treeverse/lakefs/pkg/config" "github.com/treeverse/lakefs/pkg/db" "github.com/treeverse/lakefs/pkg/logging" @@ -123,17 +124,13 @@ func checkSecurityRequirements(r *http.Request, } func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.Service, authSession *sessions.Session, oidcConfig *config.OIDC) (*model.User, error) { - profile, ok := authSession.Values["profile"].(map[string]interface{}) - if !ok || profile == nil { + idTokenClaims, ok := authSession.Values[IdTokenClaimsSessionKey].(oidc.Claims) + if !ok || idTokenClaims == nil { return nil, ErrAuthenticatingRequest } - accessTokenClaims, ok := authSession.Values["access_token_claims"].(map[string]interface{}) - if !ok || profile == nil { - return nil, ErrAuthenticatingRequest - } - externalID, ok := profile["sub"].(string) + externalID, ok := idTokenClaims["sub"].(string) if !ok { - logger.WithField("sub", profile["sub"]).Error("Failed type assertion for sub claim") + logger.WithField("sub", idTokenClaims["sub"]).Error("Failed type assertion for sub claim") return nil, ErrAuthenticatingRequest } user, err := authService.GetUser(ctx, externalID) @@ -159,7 +156,7 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S return nil, err } initialGroups := oidcConfig.DefaultInitialGroups - if userInitialGroups, ok := accessTokenClaims["initial_groups"].(string); ok { + if userInitialGroups, ok := idTokenClaims[oidcConfig.InitialGroupsClaimName].(string); ok { initialGroups = strings.Split(userInitialGroups, ",") } for _, g := range initialGroups { diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 6479a31f05e..3b2fa95a681 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -3,6 +3,7 @@ package api import ( "bytes" "context" + "encoding/gob" "encoding/json" "errors" "fmt" @@ -18,13 +19,13 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" - "github.com/coreos/go-oidc" "github.com/go-openapi/swag" "github.com/gorilla/sessions" nanoid "github.com/matoous/go-nanoid/v2" "github.com/treeverse/lakefs/pkg/actions" "github.com/treeverse/lakefs/pkg/auth" "github.com/treeverse/lakefs/pkg/auth/model" + "github.com/treeverse/lakefs/pkg/auth/oidc" "github.com/treeverse/lakefs/pkg/block" "github.com/treeverse/lakefs/pkg/block/adapter" "github.com/treeverse/lakefs/pkg/catalog" @@ -40,7 +41,6 @@ import ( "github.com/treeverse/lakefs/pkg/stats" "github.com/treeverse/lakefs/pkg/upload" "github.com/treeverse/lakefs/pkg/version" - "golang.org/x/oauth2" ) type contextKey string @@ -86,8 +86,7 @@ type Controller struct { Logger logging.Logger Emailer *email.Emailer sessionStore sessions.Store - oauthConfig *oauth2.Config - oidcProvider *oidc.Provider + oidcAuthenticator *oidc.Authenticator } func (c *Controller) GetAuthCapabilities(w http.ResponseWriter, _ *http.Request) { @@ -166,7 +165,7 @@ func (c *Controller) DeleteObjects(w http.ResponseWriter, r *http.Request, body writeResponse(w, http.StatusOK, response) } -func (c *Controller) Logout(w http.ResponseWriter, _ *http.Request) { +func (c *Controller) Logout(w http.ResponseWriter, r *http.Request) { http.SetCookie(w, &http.Cookie{ Name: JWTCookieName, Value: "", @@ -176,57 +175,35 @@ func (c *Controller) Logout(w http.ResponseWriter, _ *http.Request) { Expires: time.Unix(0, 0), SameSite: http.SameSiteStrictMode, }) - + session, err := c.sessionStore.Get(r, OIDCAuthSessionName) + if err != nil { + writeError(w, http.StatusInternalServerError, err) + } + session.Values = nil + err = session.Save(r, w) + if err != nil { + writeError(w, http.StatusInternalServerError, err) + } writeResponse(w, http.StatusOK, nil) } func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { ctx := r.Context() - session, err := c.sessionStore.Get(r, OIDCAuthSessionName) if err != nil { writeError(w, http.StatusInternalServerError, err.Error()) return } - if r.URL.Query().Get("state") != session.Values["state"] { + if r.URL.Query().Get("state") != session.Values[StateSessionKey] { writeError(w, http.StatusBadRequest, "Invalid state parameter.") return } - - // Exchange an authorization code for a token. - token, err := c.oauthConfig.Exchange(ctx, r.URL.Query().Get("code")) + idTokenClaims, err := c.oidcAuthenticator.GetIDTokenClaims(ctx, r.URL.Query().Get("code")) if err != nil { - writeError(w, http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") - return - } - rawIDToken, ok := token.Extra("id_token").(string) - if !ok { - writeError(w, http.StatusUnauthorized, "no id_token field in oauth2 token") - } - rawAccessToken, ok := token.Extra("access_token").(string) - if !ok { - writeError(w, http.StatusUnauthorized, "no access_token field in oauth2 token") - } - - oidcVerifier := c.oidcProvider.Verifier(&oidc.Config{ - ClientID: c.oauthConfig.ClientID, - }) - idToken, err := oidcVerifier.Verify(ctx, rawIDToken) - - var profile map[string]interface{} - if err := idToken.Claims(&profile); err != nil { - writeError(w, http.StatusInternalServerError, err.Error()) - return - } - var accessTokenClaims map[string]interface{} - accessToken, err := oidcVerifier.Verify(ctx, rawAccessToken) - if err := accessToken.Claims(&accessTokenClaims); err != nil { writeError(w, http.StatusInternalServerError, err.Error()) return } - - session.Values["access_token_claims"] = accessTokenClaims - session.Values["profile"] = profile + session.Values[IdTokenClaimsSessionKey] = idTokenClaims err = session.Save(r, w) if err != nil { writeError(w, http.StatusInternalServerError, err.Error()) @@ -3462,10 +3439,10 @@ func NewController( auditChecker AuditChecker, logger logging.Logger, emailer *email.Emailer, - oauthConfig *oauth2.Config, - oidcProvider *oidc.Provider, + oidcAuthenticator *oidc.Authenticator, sessionStore sessions.Store, ) *Controller { + gob.Register(oidc.Claims{}) return &Controller{ Config: cfg, Catalog: catalog, @@ -3480,9 +3457,8 @@ func NewController( AuditChecker: auditChecker, Logger: logger, Emailer: emailer, - oauthConfig: oauthConfig, - oidcProvider: oidcProvider, sessionStore: sessionStore, + oidcAuthenticator: oidcAuthenticator, } } diff --git a/pkg/api/oidc_handler.go b/pkg/api/oidc_login_handler.go similarity index 90% rename from pkg/api/oidc_handler.go rename to pkg/api/oidc_login_handler.go index f41867aac1b..c55fc5933a8 100644 --- a/pkg/api/oidc_handler.go +++ b/pkg/api/oidc_login_handler.go @@ -12,6 +12,9 @@ import ( const ( OIDCAuthSessionName = "auth_session" + + IdTokenClaimsSessionKey = "id_token_claims" + StateSessionKey = "state" ) func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config) http.HandlerFunc { @@ -27,7 +30,7 @@ func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Co writeError(w, http.StatusInternalServerError, err.Error()) return } - session.Values["state"] = state + session.Values[StateSessionKey] = state if err := session.Save(r, w); err != nil { writeError(w, http.StatusInternalServerError, err.Error()) return diff --git a/pkg/api/serve.go b/pkg/api/serve.go index 34a9a577d3b..00f712e57e4 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -3,7 +3,6 @@ package api //go:generate oapi-codegen -package api -generate "types,client,chi-server,spec" -templates tmpl -o lakefs.gen.go ../../api/swagger.yml import ( - "encoding/gob" "encoding/json" "errors" "io" @@ -19,6 +18,7 @@ import ( "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/treeverse/lakefs/pkg/api/params" "github.com/treeverse/lakefs/pkg/auth" + authoidc "github.com/treeverse/lakefs/pkg/auth/oidc" "github.com/treeverse/lakefs/pkg/block" "github.com/treeverse/lakefs/pkg/catalog" "github.com/treeverse/lakefs/pkg/cloud" @@ -63,7 +63,6 @@ func Serve( oidcProvider *oidc.Provider, oauthConfig *oauth2.Config, ) http.Handler { - gob.Register(map[string]interface{}{}) logger.Info("initialize OpenAPI server") swagger, err := GetSwagger() if err != nil { @@ -83,6 +82,7 @@ func Serve( AuthMiddleware(logger, swagger, middlewareAuthenticator, authService, sessionStore, cfg.GetAuthOIDCConfiguration()), MetricsMiddleware(swagger), ) + oidcAuthenticator := authoidc.NewAuthenticator(oauthConfig, oidcProvider) controller := NewController( cfg, catalog, @@ -97,8 +97,7 @@ func Serve( auditChecker, logger, emailer, - oauthConfig, - oidcProvider, + oidcAuthenticator, sessionStore, ) HandlerFromMuxWithBaseURL(controller, apiRouter, BaseURL) diff --git a/pkg/auth/oidc/authenticator.go b/pkg/auth/oidc/authenticator.go new file mode 100644 index 00000000000..ab9c1289ffd --- /dev/null +++ b/pkg/auth/oidc/authenticator.go @@ -0,0 +1,42 @@ +package oidc + +import ( + "context" + + "github.com/coreos/go-oidc" + "golang.org/x/oauth2" +) + +type Authenticator struct { + oauthConfig *oauth2.Config + oidcProvider *oidc.Provider +} + +func NewAuthenticator(oauthConfig *oauth2.Config, oidcProvider *oidc.Provider) *Authenticator { + return &Authenticator{oauthConfig: oauthConfig, oidcProvider: oidcProvider} +} + +type Claims map[string]interface{} + +func (a *Authenticator) GetIDTokenClaims(ctx context.Context, code string) (Claims, error) { + token, err := a.oauthConfig.Exchange(ctx, code) + if err != nil { + return nil, err + } + rawIDToken, ok := token.Extra("id_token").(string) + if !ok { + return nil, err + } + oidcVerifier := a.oidcProvider.Verifier(&oidc.Config{ + ClientID: a.oauthConfig.ClientID, + }) + idToken, err := oidcVerifier.Verify(ctx, rawIDToken) + if err != nil { + return nil, err + } + var claims Claims + if err := idToken.Claims(&claims); err != nil { + return nil, err + } + return claims, nil +} diff --git a/pkg/config/config.go b/pkg/config/config.go index 7c48ce25158..6e948c701f3 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -51,6 +51,8 @@ const ( DefaultAuthCacheTTL = 20 * time.Second DefaultAuthCacheJitter = 3 * time.Second + DefaultAuthOIDCInitialGroupsClaimName = "initial_groups" + DefaultListenAddr = "0.0.0.0:8000" DefaultS3GatewayDomainName = "s3.local.lakefs.io" DefaultS3GatewayRegion = "us-east-1" @@ -127,6 +129,8 @@ const ( AuthCacheTTLKey = "auth.cache.ttl" AuthCacheJitterKey = "auth.cache.jitter" + AuthOIDCInitialGroupsClaimName = "auth.oidc.initial_groups_claim_name" + BlockstoreTypeKey = "blockstore.type" BlockstoreLocalPathKey = "blockstore.local.path" BlockstoreDefaultNamespacePrefixKey = "blockstore.default_namespace_prefix" @@ -187,6 +191,8 @@ func setDefaults() { viper.SetDefault(AuthCacheTTLKey, DefaultAuthCacheTTL) viper.SetDefault(AuthCacheJitterKey, DefaultAuthCacheJitter) + viper.SetDefault(AuthOIDCInitialGroupsClaimName, DefaultAuthOIDCInitialGroupsClaimName) + viper.SetDefault(BlockstoreLocalPathKey, DefaultBlockStoreLocalPath) viper.SetDefault(BlockstoreS3RegionKey, DefaultBlockStoreS3Region) viper.SetDefault(BlockstoreS3StreamingChunkSizeKey, DefaultBlockStoreS3StreamingChunkSize) From 25772608a7ba1ae4ba445f1c74ef8a8413c3d424 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 12 Jun 2022 11:34:40 +0300 Subject: [PATCH 11/28] wip --- cmd/lakefs/cmd/run.go | 2 +- pkg/api/auth_middleware.go | 2 +- pkg/api/controller.go | 3 ++- pkg/auth/model/model.go | 2 +- pkg/config/template.go | 9 +++++---- pkg/ddl/000038_oidc_user.up.sql | 2 +- webui/vite.config.js | 5 ----- 7 files changed, 11 insertions(+), 14 deletions(-) diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go index d1afa202f35..f85aa6313ae 100644 --- a/cmd/lakefs/cmd/run.go +++ b/cmd/lakefs/cmd/run.go @@ -249,7 +249,7 @@ var runCmd = &cobra.Command{ oidcConfig := cfg.GetAuthOIDCConfiguration() var oauthConfig *oauth2.Config var oidcProvider *oidc.Provider - if oidcConfig != nil { + if oidcConfig != nil && oidcConfig.URL != "" { oidcProvider, err = oidc.NewProvider( cmd.Context(), oidcConfig.URL, diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index f70fe234440..b1d9c5d8c57 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -145,7 +145,7 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S CreatedAt: time.Now().UTC(), Source: "oidc", Username: externalID, - ExternalID: externalID, + ExternalID: &externalID, } userID, err := authService.CreateUser(ctx, &u) diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 3b2fa95a681..1bfc99e097b 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -3137,7 +3137,8 @@ func (c *Controller) GetSetupState(w http.ResponseWriter, r *http.Request) { if initialized || c.Config.IsAuthTypeAPI() { state = setupStateInitialized } - response := SetupState{State: swag.String(state), OidcEnabled: swag.Bool(c.Config.GetAuthOIDCConfiguration() != nil)} + oidcEnabled := c.Config.GetAuthOIDCConfiguration() != nil && c.Config.GetAuthOIDCConfiguration().URL != "" + response := SetupState{State: swag.String(state), OidcEnabled: swag.Bool(oidcEnabled)} writeResponse(w, http.StatusOK, response) } diff --git a/pkg/auth/model/model.go b/pkg/auth/model/model.go index 1b44e984b8b..62e6df240a2 100644 --- a/pkg/auth/model/model.go +++ b/pkg/auth/model/model.go @@ -51,7 +51,7 @@ type BaseUser struct { Email *string `db:"email" json:"email"` EncryptedPassword []byte `db:"encrypted_password" json:"encrypted_password"` Source string `db:"source" json:"source"` - ExternalID string `db:"external_id" json:"external_id"` + ExternalID *string `db:"external_id" json:"external_id"` } type User struct { diff --git a/pkg/config/template.go b/pkg/config/template.go index 10bf40f3ba0..803e7cda909 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -5,10 +5,11 @@ import ( ) type OIDC struct { - URL string `mapstructure:"url"` - ClientID string `mapstructure:"client_id"` - ClientSecret string `mapstructure:"client_secret"` - DefaultInitialGroups []string `mapstructure:"default_initial_groups"` + URL string `mapstructure:"url"` + ClientID string `mapstructure:"client_id"` + ClientSecret string `mapstructure:"client_secret"` + DefaultInitialGroups []string `mapstructure:"default_initial_groups"` + InitialGroupsClaimName string `mapstructure:"initial_groups_claim_name"` } // LDAP holds configuration for authenticating on an LDAP server. diff --git a/pkg/ddl/000038_oidc_user.up.sql b/pkg/ddl/000038_oidc_user.up.sql index b25dbfdae41..71f09d7d824 100644 --- a/pkg/ddl/000038_oidc_user.up.sql +++ b/pkg/ddl/000038_oidc_user.up.sql @@ -1,5 +1,5 @@ BEGIN; ALTER TABLE auth_users - ADD COLUMN IF NOT EXISTS external_id VARCHAR(255) UNIQUE; + ADD COLUMN IF NOT EXISTS external_id VARCHAR(255) UNIQUE NULL; END; diff --git a/webui/vite.config.js b/webui/vite.config.js index cf89d5acf9b..5e698af31e3 100644 --- a/webui/vite.config.js +++ b/webui/vite.config.js @@ -32,11 +32,6 @@ export default ({ command }) => { target: 'http://localhost:8000', changeOrigin: false, secure: false - }, - '/oidc/logout': { - target: 'http://localhost:8000', - changeOrigin: false, - secure: false } } } From 4e169b2090260ba7d10f1c38ff3a47b80b849f84 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 12 Jun 2022 12:05:09 +0300 Subject: [PATCH 12/28] docs --- docs/reference/oidc.md | 25 ++++++++++++++++--------- pkg/api/auth_middleware.go | 3 +++ pkg/api/controller.go | 4 ++++ pkg/api/oidc_login_handler.go | 1 + pkg/auth/oidc/authenticator.go | 2 ++ 5 files changed, 26 insertions(+), 9 deletions(-) diff --git a/docs/reference/oidc.md b/docs/reference/oidc.md index 5f3c943a210..8c322ba9057 100644 --- a/docs/reference/oidc.md +++ b/docs/reference/oidc.md @@ -17,24 +17,31 @@ You can manage lakeFS users externally using an OpenID Connect (OIDC) compatible ## Configuring lakeFS server for OIDC -To support OIDC, add the following configurations to your [lakeFS configuration](./configuration.md). -As always, you may choose to provide these configurations using [environment variables](./configuration.md#using-environment-variables). +To support OIDC, add the following configurations to your [lakeFS configuration](./configuration.md): ```yaml auth: oidc: client_id: example-client-id client_secret: exampleSecretValue - domain: https://my-account.oidc-provider-example.com + url: https://my-account.oidc-provider-example.com + default_initial_groups: ["Developers"] ``` -Note that you may have other configuration values under the `auth` key, so make sure you combine them correctly. +Once this configuration is provided, your login page will include a link to sign-in using the +OIDC provider. When a user logs in through the OIDC provider, a corresponding lakeFS user is created. -## Adding policy claims to your users +#### Notes +{: .no_toc} +1. As always, you may choose to provide these configurations using [environment variables](./configuration.md#using-environment-variables). +2. You may already have other configuration values under the _auth_ key, so make sure you combine them correctly. -## Logging in using OIDC +## User permissions -## Limitations +Authorization is still managed via [lakeFS groups and policies](./authorization.md). -- Groups are not currently supported for externally managed users. -- Creating programmatic access credentials is not supported for externally managed users. +By default, an externally managed user is assigned to the groups configured in the _default_initial_groups_ property above. +For a user to be assigned to other groups, add the _initial_groups_ claim to their **ID token** claims. The claim should contain a +comma-separated list of group names. + +Once the user is created, you can manage their permissions from the Administration pages in the lakeFS UI. diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index b1d9c5d8c57..9fe491ee24e 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -123,6 +123,9 @@ func checkSecurityRequirements(r *http.Request, return nil, nil } +// userFromOIDC returns a user from an existing OIDC session. +// If the user doesn't exist on the lakeFS side, it is created. +// This function does not make any calls to an external provider. func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.Service, authSession *sessions.Session, oidcConfig *config.OIDC) (*model.User, error) { idTokenClaims, ok := authSession.Values[IdTokenClaimsSessionKey].(oidc.Claims) if !ok || idTokenClaims == nil { diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 1bfc99e097b..660aab58ead 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -178,15 +178,19 @@ func (c *Controller) Logout(w http.ResponseWriter, r *http.Request) { session, err := c.sessionStore.Get(r, OIDCAuthSessionName) if err != nil { writeError(w, http.StatusInternalServerError, err) + return } session.Values = nil err = session.Save(r, w) if err != nil { writeError(w, http.StatusInternalServerError, err) + return } writeResponse(w, http.StatusOK, nil) } +// OauthCallback gets a code generated by an OIDC provider. +// It exchanges the code for an id token, and saves the claims from the ID token on a session. func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { ctx := r.Context() session, err := c.sessionStore.Get(r, OIDCAuthSessionName) diff --git a/pkg/api/oidc_login_handler.go b/pkg/api/oidc_login_handler.go index c55fc5933a8..c5caacbfc0a 100644 --- a/pkg/api/oidc_login_handler.go +++ b/pkg/api/oidc_login_handler.go @@ -17,6 +17,7 @@ const ( StateSessionKey = "state" ) +// NewOIDCLoginPageHandler returns a handler to redirect the user the OIDC provider's login page. func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { state, err := generateRandomState() diff --git a/pkg/auth/oidc/authenticator.go b/pkg/auth/oidc/authenticator.go index ab9c1289ffd..dd3b0f822fd 100644 --- a/pkg/auth/oidc/authenticator.go +++ b/pkg/auth/oidc/authenticator.go @@ -18,6 +18,8 @@ func NewAuthenticator(oauthConfig *oauth2.Config, oidcProvider *oidc.Provider) * type Claims map[string]interface{} +// GetIDTokenClaims exchanges a temporary code for an ID token. +// The ID token is verified to be valid, and its Claims are then returned. func (a *Authenticator) GetIDTokenClaims(ctx context.Context, code string) (Claims, error) { token, err := a.oauthConfig.Exchange(ctx, code) if err != nil { From 55370e18a49c30587d71302e982d43a2c1b7c76c Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 12 Jun 2022 12:50:04 +0300 Subject: [PATCH 13/28] fix docs --- docs/reference/oidc.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/reference/oidc.md b/docs/reference/oidc.md index 8c322ba9057..5b733ee9fcd 100644 --- a/docs/reference/oidc.md +++ b/docs/reference/oidc.md @@ -17,7 +17,7 @@ You can manage lakeFS users externally using an OpenID Connect (OIDC) compatible ## Configuring lakeFS server for OIDC -To support OIDC, add the following configurations to your [lakeFS configuration](./configuration.md): +To support OIDC, add the following to your [lakeFS configuration](./configuration.md): ```yaml auth: @@ -28,8 +28,8 @@ auth: default_initial_groups: ["Developers"] ``` -Once this configuration is provided, your login page will include a link to sign-in using the -OIDC provider. When a user logs in through the OIDC provider, a corresponding lakeFS user is created. +Your login page will not include a link to sign-in using the +OIDC provider. When a user first logs in through the provider, a corresponding user is created in lakeFS. #### Notes {: .no_toc} @@ -40,8 +40,8 @@ OIDC provider. When a user logs in through the OIDC provider, a corresponding la Authorization is still managed via [lakeFS groups and policies](./authorization.md). -By default, an externally managed user is assigned to the groups configured in the _default_initial_groups_ property above. +By default, an externally managed user is assigned to the lakeFS groups configured in the _default_initial_groups_ property above. For a user to be assigned to other groups, add the _initial_groups_ claim to their **ID token** claims. The claim should contain a comma-separated list of group names. -Once the user is created, you can manage their permissions from the Administration pages in the lakeFS UI. +Once the user has been created, you can manage their permissions from the Administration pages in the lakeFS UI or using _lakectl_. From e0128626dc05049997b72081e58dc9b8080377f4 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 12 Jun 2022 13:06:31 +0300 Subject: [PATCH 14/28] fix tests and linters --- pkg/api/auth_middleware.go | 2 +- pkg/api/controller.go | 2 +- pkg/api/oidc_login_handler.go | 6 ++++-- pkg/api/serve_test.go | 2 +- pkg/loadtest/local_load_test.go | 2 ++ 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index 9fe491ee24e..4b5a4cca54d 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -127,7 +127,7 @@ func checkSecurityRequirements(r *http.Request, // If the user doesn't exist on the lakeFS side, it is created. // This function does not make any calls to an external provider. func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.Service, authSession *sessions.Session, oidcConfig *config.OIDC) (*model.User, error) { - idTokenClaims, ok := authSession.Values[IdTokenClaimsSessionKey].(oidc.Claims) + idTokenClaims, ok := authSession.Values[IDTokenClaimsSessionKey].(oidc.Claims) if !ok || idTokenClaims == nil { return nil, ErrAuthenticatingRequest } diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 660aab58ead..2932b20c4cb 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -207,7 +207,7 @@ func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { writeError(w, http.StatusInternalServerError, err.Error()) return } - session.Values[IdTokenClaimsSessionKey] = idTokenClaims + session.Values[IDTokenClaimsSessionKey] = idTokenClaims err = session.Save(r, w) if err != nil { writeError(w, http.StatusInternalServerError, err.Error()) diff --git a/pkg/api/oidc_login_handler.go b/pkg/api/oidc_login_handler.go index c5caacbfc0a..17b344f1004 100644 --- a/pkg/api/oidc_login_handler.go +++ b/pkg/api/oidc_login_handler.go @@ -13,8 +13,10 @@ import ( const ( OIDCAuthSessionName = "auth_session" - IdTokenClaimsSessionKey = "id_token_claims" + IDTokenClaimsSessionKey = "id_token_claims" StateSessionKey = "state" + + stateByteSize = 32 ) // NewOIDCLoginPageHandler returns a handler to redirect the user the OIDC provider's login page. @@ -51,7 +53,7 @@ func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Co } func generateRandomState() (string, error) { - b := make([]byte, 32) + b := make([]byte, stateByteSize) _, err := rand.Read(b) if err != nil { return "", err diff --git a/pkg/api/serve_test.go b/pkg/api/serve_test.go index 36807b09384..44d6e6a0b28 100644 --- a/pkg/api/serve_test.go +++ b/pkg/api/serve_test.go @@ -133,7 +133,7 @@ func setupHandlerWithWalkerFactory(t testing.TB, factory catalog.WalkerFactory, emailParams, _ := cfg.GetEmailParams() emailer, err := email.NewEmailer(emailParams) testutil.Must(t, err) - handler := api.Serve(cfg, c, authenticator, authenticator, authService, c.BlockAdapter, meta, migrator, collector, nil, actionsService, auditChecker, logging.Default(), emailer, nil, nil) + handler := api.Serve(cfg, c, authenticator, authenticator, authService, c.BlockAdapter, meta, migrator, collector, nil, actionsService, auditChecker, logging.Default(), emailer, nil, nil, nil, nil) return handler, &dependencies{ blocks: c.BlockAdapter, diff --git a/pkg/loadtest/local_load_test.go b/pkg/loadtest/local_load_test.go index 5e17050b544..034b6a1e609 100644 --- a/pkg/loadtest/local_load_test.go +++ b/pkg/loadtest/local_load_test.go @@ -156,6 +156,8 @@ func TestLocalLoad(t *testing.T) { emailer, nil, nil, + nil, + nil, ) ts := httptest.NewServer(handler) From 29211b7af213cca6ac64ebd2cb8061d66cd65e44 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 12 Jun 2022 13:22:18 +0300 Subject: [PATCH 15/28] cr fixes --- pkg/ddl/000038_oidc_user.down.sql | 6 ------ webui/src/pages/auth/login.jsx | 2 +- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/pkg/ddl/000038_oidc_user.down.sql b/pkg/ddl/000038_oidc_user.down.sql index bf82a37d979..e69de29bb2d 100644 --- a/pkg/ddl/000038_oidc_user.down.sql +++ b/pkg/ddl/000038_oidc_user.down.sql @@ -1,6 +0,0 @@ -BEGIN; -DROP INDEX email_unique_idx; -ALTER TABLE auth_users -DROP COLUMN IF EXISTS email, - DROP COLUMN IF EXISTS encrypted_password; -COMMIT ; diff --git a/webui/src/pages/auth/login.jsx b/webui/src/pages/auth/login.jsx index 219581cd1f5..3f813b8aae8 100644 --- a/webui/src/pages/auth/login.jsx +++ b/webui/src/pages/auth/login.jsx @@ -57,7 +57,7 @@ const LoginForm = ({oidcEnabled}) => { : "" } { oidcEnabled ? - + : "" } From a0153d73a85e41499fe5793467c2fd12f815ab96 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 12 Jun 2022 13:47:28 +0300 Subject: [PATCH 16/28] typo --- docs/reference/oidc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/oidc.md b/docs/reference/oidc.md index 5b733ee9fcd..ec8821648d7 100644 --- a/docs/reference/oidc.md +++ b/docs/reference/oidc.md @@ -28,7 +28,7 @@ auth: default_initial_groups: ["Developers"] ``` -Your login page will not include a link to sign-in using the +Your login page will now include a link to sign-in using the OIDC provider. When a user first logs in through the provider, a corresponding user is created in lakeFS. #### Notes From d402c954a1da6f359ff0abfbac857e04712b55c5 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 12 Jun 2022 16:02:05 +0300 Subject: [PATCH 17/28] cr fix --- pkg/api/oidc_login_handler.go | 12 ++++++++---- pkg/api/serve.go | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/pkg/api/oidc_login_handler.go b/pkg/api/oidc_login_handler.go index 17b344f1004..e5b5a356324 100644 --- a/pkg/api/oidc_login_handler.go +++ b/pkg/api/oidc_login_handler.go @@ -7,6 +7,7 @@ import ( "net/url" "github.com/gorilla/sessions" + "github.com/treeverse/lakefs/pkg/logging" "golang.org/x/oauth2" ) @@ -20,22 +21,25 @@ const ( ) // NewOIDCLoginPageHandler returns a handler to redirect the user the OIDC provider's login page. -func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config) http.HandlerFunc { +func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logger logging.Logger) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { state, err := generateRandomState() if err != nil { - writeError(w, http.StatusInternalServerError, err.Error()) + logger.Errorf("failed to generate state for oidc: %w", err) + writeError(w, http.StatusInternalServerError, "Failed to redirect to login page") return } session, err := sessionStore.Get(r, OIDCAuthSessionName) if err != nil { - writeError(w, http.StatusInternalServerError, err.Error()) + logger.Errorf("failed to get oidc session: %w", err) + writeError(w, http.StatusInternalServerError, "Failed to redirect to login page") return } session.Values[StateSessionKey] = state if err := session.Save(r, w); err != nil { - writeError(w, http.StatusInternalServerError, err.Error()) + logger.Errorf("failed to save oidc session: %w", err) + writeError(w, http.StatusInternalServerError, "Failed to redirect to login page") return } scheme := "http" diff --git a/pkg/api/serve.go b/pkg/api/serve.go index 00f712e57e4..3bc01a39475 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -108,7 +108,7 @@ func Serve( r.Mount("/swagger.json", http.HandlerFunc(swaggerSpecHandler)) r.Mount(BaseURL, http.HandlerFunc(InvalidAPIEndpointHandler)) if cfg.GetAuthOIDCConfiguration() != nil { - r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig)) + r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig, logger)) } r.Mount("/", NewUIHandler(gatewayDomains, snippets)) return r From a5e8518ea007b7fa09c6ed64ad5e2cda2bfece73 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 12 Jun 2022 19:01:23 +0300 Subject: [PATCH 18/28] cr fix + more docs --- cmd/lakefs/cmd/run.go | 2 +- docs/reference/configuration.md | 9 ++++++--- docs/reference/oidc.md | 13 +++++++++++++ pkg/api/controller.go | 2 +- pkg/config/template.go | 1 + 5 files changed, 22 insertions(+), 5 deletions(-) diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go index f85aa6313ae..56e65eae989 100644 --- a/cmd/lakefs/cmd/run.go +++ b/cmd/lakefs/cmd/run.go @@ -249,7 +249,7 @@ var runCmd = &cobra.Command{ oidcConfig := cfg.GetAuthOIDCConfiguration() var oauthConfig *oauth2.Config var oidcProvider *oidc.Provider - if oidcConfig != nil && oidcConfig.URL != "" { + if oidcConfig != nil && oidcConfig.Enabled { oidcProvider, err = oidc.NewProvider( cmd.Context(), oidcConfig.URL, diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md index 648eec1b346..84a1a9fb13a 100644 --- a/docs/reference/configuration.md +++ b/docs/reference/configuration.md @@ -55,9 +55,12 @@ This reference uses `.` to denote the nesting of values. * `auth.ldap.user_base_dn` `(string : required)` - Base DN for searching for users. Search looks for users in the subtree below this. * `auth.ldap.default_user_group` `(string : )` - Create all LDAP users in this group. Defaults to `Viewers`. * `auth.ldap.user_filter` `(string : )` - Additional filter for users. -* `auth.oidc.client_id` `(string : )` - OIDC client ID -* `auth.oidc.client_secret` `(string : )` - OIDC client secret -* `auth.oidc.url` `(string : )` - The base URL of your OIDC compatible identity provider +* `auth.oidc.enabled` `(boolean : false)` - Set to true to enable authentication with an external OIDC provider. +* `auth.oidc.client_id` `(string : )` - OIDC client ID. +* `auth.oidc.client_secret` `(string : )` - OIDC client secret. +* `auth.oidc.url` `(string : )` - The base URL of your OIDC compatible identity provider. +* `auth.oidc.default_initial_groups` `(string[] : [])` - By default, OIDC users will be assigned to these groups +* `auth.oidc.initial_groups_claim_name` `(string[] : [])` - Use this claim from the ID token to provide the initial group for new users. * `blockstore.type` `(one of ["local", "s3", "gs", "azure", "mem"] : required)`. Block adapter to use. This controls where the underlying data will be stored * `blockstore.default_namespace_prefix` `(string : )` - Use this to help your users choose a storage namespace for their repositories. If specified, the storage namespace will be filled with this default value as a prefix, when creating a repository from the UI. diff --git a/docs/reference/oidc.md b/docs/reference/oidc.md index ec8821648d7..8c8ee153f2a 100644 --- a/docs/reference/oidc.md +++ b/docs/reference/oidc.md @@ -22,6 +22,7 @@ To support OIDC, add the following to your [lakeFS configuration](./configuratio ```yaml auth: oidc: + enabled: true client_id: example-client-id client_secret: exampleSecretValue url: https://my-account.oidc-provider-example.com @@ -45,3 +46,15 @@ For a user to be assigned to other groups, add the _initial_groups_ claim to the comma-separated list of group names. Once the user has been created, you can manage their permissions from the Administration pages in the lakeFS UI or using _lakectl_. + +### Using a different claim name + +To supply the initial groups using another claim from your ID token, you can use the `auth.oidc.initial_groups_claim_name` +lakeFS configuration. For example, to take the initial groups from the _roles_ claim, add: + +```yaml +auth: + oidc: + # ... Other OIDC configurations + initial_groups_claim_name: roles +``` diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 2932b20c4cb..a0a789c1887 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -3141,7 +3141,7 @@ func (c *Controller) GetSetupState(w http.ResponseWriter, r *http.Request) { if initialized || c.Config.IsAuthTypeAPI() { state = setupStateInitialized } - oidcEnabled := c.Config.GetAuthOIDCConfiguration() != nil && c.Config.GetAuthOIDCConfiguration().URL != "" + oidcEnabled := c.Config.GetAuthOIDCConfiguration() != nil && c.Config.GetAuthOIDCConfiguration().Enabled response := SetupState{State: swag.String(state), OidcEnabled: swag.Bool(oidcEnabled)} writeResponse(w, http.StatusOK, response) } diff --git a/pkg/config/template.go b/pkg/config/template.go index 803e7cda909..b00c68013b8 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -5,6 +5,7 @@ import ( ) type OIDC struct { + Enabled bool `mapstructure:"enabled"` URL string `mapstructure:"url"` ClientID string `mapstructure:"client_id"` ClientSecret string `mapstructure:"client_secret"` From cb40ff25222e6044e824f85cecf27a1203291b51 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Mon, 13 Jun 2022 17:24:28 +0300 Subject: [PATCH 19/28] cr fixes --- pkg/api/oidc_login_handler.go | 17 +++-------------- pkg/ddl/000038_oidc_user.up.sql | 2 +- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/pkg/api/oidc_login_handler.go b/pkg/api/oidc_login_handler.go index e5b5a356324..314f84318c2 100644 --- a/pkg/api/oidc_login_handler.go +++ b/pkg/api/oidc_login_handler.go @@ -1,12 +1,11 @@ package api import ( - "crypto/rand" - "encoding/base64" "net/http" "net/url" "github.com/gorilla/sessions" + nanoid "github.com/matoous/go-nanoid/v2" "github.com/treeverse/lakefs/pkg/logging" "golang.org/x/oauth2" ) @@ -17,13 +16,13 @@ const ( IDTokenClaimsSessionKey = "id_token_claims" StateSessionKey = "state" - stateByteSize = 32 + stateLength = 22 ) // NewOIDCLoginPageHandler returns a handler to redirect the user the OIDC provider's login page. func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logger logging.Logger) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - state, err := generateRandomState() + state, err := nanoid.New(stateLength) if err != nil { logger.Errorf("failed to generate state for oidc: %w", err) writeError(w, http.StatusInternalServerError, "Failed to redirect to login page") @@ -55,13 +54,3 @@ func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Co http.Redirect(w, r, oauthConfig.AuthCodeURL(state), http.StatusTemporaryRedirect) } } - -func generateRandomState() (string, error) { - b := make([]byte, stateByteSize) - _, err := rand.Read(b) - if err != nil { - return "", err - } - state := base64.StdEncoding.EncodeToString(b) - return state, nil -} diff --git a/pkg/ddl/000038_oidc_user.up.sql b/pkg/ddl/000038_oidc_user.up.sql index 71f09d7d824..b25dbfdae41 100644 --- a/pkg/ddl/000038_oidc_user.up.sql +++ b/pkg/ddl/000038_oidc_user.up.sql @@ -1,5 +1,5 @@ BEGIN; ALTER TABLE auth_users - ADD COLUMN IF NOT EXISTS external_id VARCHAR(255) UNIQUE NULL; + ADD COLUMN IF NOT EXISTS external_id VARCHAR(255) UNIQUE; END; From d0c7df83731c986dba0400361d1300721bbc8066 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 16 Jun 2022 11:05:07 +0300 Subject: [PATCH 20/28] cr fixes --- cmd/lakefs/cmd/run.go | 3 +-- go.mod | 11 ++++------- go.sum | 7 ++++--- pkg/api/serve.go | 2 +- pkg/auth/oidc/authenticator.go | 2 +- 5 files changed, 11 insertions(+), 14 deletions(-) diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go index 56e65eae989..9446fa52546 100644 --- a/cmd/lakefs/cmd/run.go +++ b/cmd/lakefs/cmd/run.go @@ -14,7 +14,7 @@ import ( "syscall" "time" - "github.com/coreos/go-oidc" + "github.com/coreos/go-oidc/v3/oidc" "github.com/dlmiddlecote/sqlstats" "github.com/fsnotify/fsnotify" "github.com/go-ldap/ldap/v3" @@ -257,7 +257,6 @@ var runCmd = &cobra.Command{ if err != nil { logger.WithError(err).Fatal("Failed to initialize OIDC provider") } - cfg.GetBlockstoreDefaultNamespacePrefix() oauthConfig = &oauth2.Config{ ClientID: oidcConfig.ClientID, ClientSecret: oidcConfig.ClientSecret, diff --git a/go.mod b/go.mod index 160c3971e7b..26440ee1dd8 100644 --- a/go.mod +++ b/go.mod @@ -77,17 +77,12 @@ require ( require ( cloud.google.com/go/compute v1.5.0 + github.com/coreos/go-oidc/v3 v3.2.0 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 ) -require ( - github.com/coreos/go-oidc v2.2.1+incompatible // indirect - github.com/gorilla/securecookie v1.1.1 // indirect - github.com/gorilla/sessions v1.2.1 // indirect - github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 // indirect - gopkg.in/square/go-jose.v2 v2.5.1 // indirect -) +require github.com/gorilla/sessions v1.2.1 require ( cloud.google.com/go/iam v0.3.0 // indirect @@ -102,6 +97,7 @@ require ( github.com/denis-tingaikin/go-header v0.4.3 // indirect github.com/ettle/strcase v0.1.1 // indirect github.com/firefart/nonamedreturns v1.0.1 // indirect + github.com/gorilla/securecookie v1.1.1 // indirect github.com/hashicorp/go-version v1.4.0 // indirect github.com/hexops/gotextdiff v1.0.3 // indirect github.com/ldez/gomoddirectives v0.2.3 // indirect @@ -122,6 +118,7 @@ require ( github.com/yeya24/promlinter v0.2.0 // indirect gitlab.com/bosi/decorder v0.2.1 // indirect golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e // indirect + gopkg.in/square/go-jose.v2 v2.5.1 // indirect ) require ( diff --git a/go.sum b/go.sum index acfc155fa1d..4f822bec339 100644 --- a/go.sum +++ b/go.sum @@ -446,9 +446,10 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= +github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk= -github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-oidc/v3 v3.2.0 h1:2eR2MGR7thBXSQ2YbODlF0fcmgtliLCfr9iX6RW11fc= +github.com/coreos/go-oidc/v3 v3.2.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= @@ -1481,7 +1482,6 @@ github.com/polyfloyd/go-errorlint v1.0.0/go.mod h1:KZy4xxPJyy88/gldCe5OdW6OQRtNO github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 h1:0XM1XL/OFFJjXsYXlG30spTkV/E9+gmd5GD1w2HE8xM= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -1987,6 +1987,7 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200505041828-1ed23360d12c/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= diff --git a/pkg/api/serve.go b/pkg/api/serve.go index 3bc01a39475..0b251a85123 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -8,7 +8,7 @@ import ( "io" "net/http" - "github.com/coreos/go-oidc" + "github.com/coreos/go-oidc/v3/oidc" "github.com/getkin/kin-openapi/openapi3" "github.com/getkin/kin-openapi/openapi3filter" "github.com/getkin/kin-openapi/routers" diff --git a/pkg/auth/oidc/authenticator.go b/pkg/auth/oidc/authenticator.go index dd3b0f822fd..3c3f048e1fd 100644 --- a/pkg/auth/oidc/authenticator.go +++ b/pkg/auth/oidc/authenticator.go @@ -3,7 +3,7 @@ package oidc import ( "context" - "github.com/coreos/go-oidc" + "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) From 840fed108921a8afdad12f63de1789df16ffc624 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 16 Jun 2022 18:33:38 +0300 Subject: [PATCH 21/28] add external id to proto --- pkg/auth/db_service.go | 4 +- pkg/auth/model/model.go | 1 + pkg/auth/model/model.pb.go | 121 +++++++++++++++++++++---------------- pkg/auth/model/model.proto | 1 + 4 files changed, 72 insertions(+), 55 deletions(-) diff --git a/pkg/auth/db_service.go b/pkg/auth/db_service.go index 1fbe03c5db3..3410beb91f2 100644 --- a/pkg/auth/db_service.go +++ b/pkg/auth/db_service.go @@ -195,8 +195,8 @@ func (s *DBAuthService) CreateUser(ctx context.Context, user *model.BaseUser) (s } var id int64 err := tx.Get(&id, - `INSERT INTO auth_users (display_name, created_at, friendly_name, source, email) VALUES ($1, $2, $3, $4, $5) RETURNING id`, - user.Username, user.CreatedAt, user.FriendlyName, user.Source, user.Email) + `INSERT INTO auth_users (display_name, created_at, friendly_name, source, email, external_id) VALUES ($1, $2, $3, $4, $5, $6) RETURNING id`, + user.Username, user.CreatedAt, user.FriendlyName, user.Source, user.Email, user.ExternalID) return id, err }) if err != nil { diff --git a/pkg/auth/model/model.go b/pkg/auth/model/model.go index bed711c17a5..ca38d94ad39 100644 --- a/pkg/auth/model/model.go +++ b/pkg/auth/model/model.go @@ -240,6 +240,7 @@ func ProtoFromUser(u *User) *UserData { Email: swag.StringValue(u.Email), EncryptedPassword: u.EncryptedPassword, Source: u.Source, + ExternalId: swag.StringValue(u.ExternalID), } } diff --git a/pkg/auth/model/model.pb.go b/pkg/auth/model/model.pb.go index c6aeda78c22..c5f886abe2f 100644 --- a/pkg/auth/model/model.pb.go +++ b/pkg/auth/model/model.pb.go @@ -1,12 +1,13 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.19.4 +// protoc-gen-go v1.25.0 +// protoc v3.14.0 // source: model.proto package model import ( + proto "github.com/golang/protobuf/proto" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" timestamppb "google.golang.org/protobuf/types/known/timestamppb" @@ -21,6 +22,10 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + // message data model for model.User struct type UserData struct { state protoimpl.MessageState @@ -34,6 +39,7 @@ type UserData struct { Email string `protobuf:"bytes,5,opt,name=email,proto3" json:"email,omitempty"` EncryptedPassword []byte `protobuf:"bytes,6,opt,name=encrypted_password,json=encryptedPassword,proto3" json:"encrypted_password,omitempty"` Source string `protobuf:"bytes,7,opt,name=source,proto3" json:"source,omitempty"` + ExternalId string `protobuf:"bytes,8,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty"` } func (x *UserData) Reset() { @@ -117,6 +123,13 @@ func (x *UserData) GetSource() string { return "" } +func (x *UserData) GetExternalId() string { + if x != nil { + return x.ExternalId + } + return "" +} + // message data model for model.Group struct type GroupData struct { state protoimpl.MessageState @@ -452,8 +465,8 @@ var file_model_proto_rawDesc = []byte{ 0x6f, 0x2e, 0x74, 0x72, 0x65, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x2e, 0x6c, 0x61, 0x6b, 0x65, 0x66, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf3, - 0x01, 0x0a, 0x08, 0x55, 0x73, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, + 0x02, 0x0a, 0x08, 0x55, 0x73, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x69, 0x64, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, @@ -468,56 +481,58 @@ var file_model_proto_rawDesc = []byte{ 0x6f, 0x72, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x22, 0x79, 0x0a, 0x09, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x44, 0x61, 0x74, - 0x61, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x69, - 0x64, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x21, 0x0a, 0x0c, - 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x22, - 0xc9, 0x01, 0x0a, 0x0a, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x44, 0x61, 0x74, 0x61, 0x12, 0x0e, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x69, 0x64, 0x12, 0x39, - 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, + 0x75, 0x72, 0x63, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x49, 0x64, 0x22, 0x79, 0x0a, 0x09, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x44, 0x61, + 0x74, 0x61, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, + 0x69, 0x64, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x21, 0x0a, + 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, + 0x22, 0xc9, 0x01, 0x0a, 0x0a, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x44, 0x61, 0x74, 0x61, 0x12, + 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x69, 0x64, 0x12, + 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, + 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, + 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x4d, 0x0a, + 0x0a, 0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x6f, 0x2e, 0x74, 0x72, 0x65, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, + 0x2e, 0x6c, 0x61, 0x6b, 0x65, 0x66, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x6d, 0x6f, 0x64, + 0x65, 0x6c, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x44, 0x61, 0x74, 0x61, + 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22, 0xd4, 0x01, 0x0a, + 0x0e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x61, 0x74, 0x61, 0x12, + 0x22, 0x0a, 0x0d, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, + 0x79, 0x49, 0x64, 0x12, 0x48, 0x0a, 0x21, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, + 0x65, 0x64, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x1d, + 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x45, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x3b, 0x0a, + 0x0b, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, - 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, - 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x4d, 0x0a, 0x0a, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x2d, 0x2e, 0x69, 0x6f, 0x2e, 0x74, 0x72, 0x65, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x2e, - 0x6c, 0x61, 0x6b, 0x65, 0x66, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x6d, 0x6f, 0x64, 0x65, - 0x6c, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x44, 0x61, 0x74, 0x61, 0x52, - 0x0a, 0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22, 0xd4, 0x01, 0x0a, 0x0e, - 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x61, 0x74, 0x61, 0x12, 0x22, - 0x0a, 0x0d, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, - 0x49, 0x64, 0x12, 0x48, 0x0a, 0x21, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x61, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, - 0x64, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x1d, 0x73, - 0x65, 0x63, 0x72, 0x65, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x45, 0x6e, - 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x3b, 0x0a, 0x0b, - 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, 0x69, - 0x73, 0x73, 0x75, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x75, 0x73, 0x65, - 0x72, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x75, 0x73, 0x65, 0x72, - 0x49, 0x64, 0x22, 0x5b, 0x0a, 0x0d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x44, - 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x66, 0x66, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x66, 0x66, 0x65, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x61, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, - 0x61, 0x0a, 0x09, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x19, 0x0a, 0x08, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x49, 0x64, 0x12, 0x39, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, - 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, - 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x64, - 0x41, 0x74, 0x42, 0x28, 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x74, 0x72, 0x65, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x2f, 0x6c, 0x61, 0x6b, 0x65, 0x66, - 0x73, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0a, + 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x75, 0x73, + 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x75, 0x73, 0x65, + 0x72, 0x49, 0x64, 0x22, 0x5b, 0x0a, 0x0d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74, + 0x44, 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x66, 0x66, 0x65, 0x63, 0x74, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x66, 0x66, 0x65, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x06, + 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x22, 0x61, 0x0a, 0x09, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x19, 0x0a, + 0x08, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x49, 0x64, 0x12, 0x39, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, + 0x72, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, + 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, + 0x64, 0x41, 0x74, 0x42, 0x28, 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x74, 0x72, 0x65, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x2f, 0x6c, 0x61, 0x6b, 0x65, + 0x66, 0x73, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/auth/model/model.proto b/pkg/auth/model/model.proto index d0b077aad62..ed385b0e24f 100644 --- a/pkg/auth/model/model.proto +++ b/pkg/auth/model/model.proto @@ -14,6 +14,7 @@ message UserData { string email = 5; bytes encrypted_password = 6; string source = 7; + string external_id = 8; } // message data model for model.Group struct From 253a9943c2b7b5271c38e8c5ab0937c63a43cbcf Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Thu, 16 Jun 2022 19:21:53 +0300 Subject: [PATCH 22/28] add friendly name in places --- api/authorization.yml | 5 ++- pkg/api/auth_middleware.go | 32 +++++++++++++------ pkg/api/controller.go | 13 ++++---- pkg/api/oidc_login_handler.go | 22 ++++++++++++- pkg/api/serve.go | 2 +- pkg/auth/service.go | 1 + pkg/config/template.go | 1 + webui/src/pages/auth/groups/group/members.jsx | 4 +-- webui/src/pages/auth/login.jsx | 5 ++- webui/src/pages/auth/users/index.jsx | 2 +- 10 files changed, 64 insertions(+), 23 deletions(-) diff --git a/api/authorization.yml b/api/authorization.yml index 178009922af..756d5c23bb4 100644 --- a/api/authorization.yml +++ b/api/authorization.yml @@ -129,7 +129,8 @@ components: encryptedPassword: type: string format: byte - + external_id: + type: string UserPassword: type: object required: @@ -153,6 +154,8 @@ components: encryptedPassword: type: string format: byte + external_id: + type: string required: - username diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index 4b5a4cca54d..8136a0ee2ee 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -10,6 +10,7 @@ import ( "github.com/getkin/kin-openapi/openapi3" "github.com/getkin/kin-openapi/routers" "github.com/getkin/kin-openapi/routers/legacy" + "github.com/go-openapi/swag" "github.com/golang-jwt/jwt" "github.com/gorilla/sessions" "github.com/treeverse/lakefs/pkg/auth" @@ -123,6 +124,13 @@ func checkSecurityRequirements(r *http.Request, return nil, nil } +func enhanceWithFriendlyName(user *model.User, friendlyName string) *model.User { + if friendlyName != "" { + user.FriendlyName = swag.String(friendlyName) + } + return user +} + // userFromOIDC returns a user from an existing OIDC session. // If the user doesn't exist on the lakeFS side, it is created. // This function does not make any calls to an external provider. @@ -136,14 +144,17 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S logger.WithField("sub", idTokenClaims["sub"]).Error("Failed type assertion for sub claim") return nil, ErrAuthenticatingRequest } + friendlyName := "" + if oidcConfig.FriendlyNameClaimName != "" { + friendlyName, _ = idTokenClaims[oidcConfig.FriendlyNameClaimName].(string) + } user, err := authService.GetUser(ctx, externalID) if err == nil { - return user, nil + return enhanceWithFriendlyName(user, friendlyName), nil } if !errors.Is(err, auth.ErrNotFound) { return nil, err } - u := model.BaseUser{ CreatedAt: time.Now().UTC(), Source: "oidc", @@ -151,12 +162,16 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S ExternalID: &externalID, } userID, err := authService.CreateUser(ctx, &u) - if err != nil { - if errors.Is(err, db.ErrAlreadyExists) { - return authService.GetUser(ctx, externalID) + if !errors.Is(err, db.ErrAlreadyExists) { + return nil, err } - return nil, err + // user already exists - get it: + user, err = authService.GetUser(ctx, externalID) + if err != nil { + return nil, err + } + return enhanceWithFriendlyName(user, friendlyName), nil } initialGroups := oidcConfig.DefaultInitialGroups if userInitialGroups, ok := idTokenClaims[oidcConfig.InitialGroupsClaimName].(string); ok { @@ -168,11 +183,10 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S return nil, err } } - - return &model.User{ + return enhanceWithFriendlyName(&model.User{ ID: userID, BaseUser: u, - }, nil + }, friendlyName), nil } func userByToken(ctx context.Context, logger logging.Logger, authService auth.Service, tokenString string) (*model.User, error) { diff --git a/pkg/api/controller.go b/pkg/api/controller.go index a0a789c1887..ba0a8eb4e8e 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -175,13 +175,7 @@ func (c *Controller) Logout(w http.ResponseWriter, r *http.Request) { Expires: time.Unix(0, 0), SameSite: http.SameSiteStrictMode, }) - session, err := c.sessionStore.Get(r, OIDCAuthSessionName) - if err != nil { - writeError(w, http.StatusInternalServerError, err) - return - } - session.Values = nil - err = session.Save(r, w) + err := doOIDCLogout(w, r, c.sessionStore) if err != nil { writeError(w, http.StatusInternalServerError, err) return @@ -217,6 +211,10 @@ func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { } func (c *Controller) Login(w http.ResponseWriter, r *http.Request, body LoginJSONRequestBody) { + err := doOIDCLogout(w, r, c.sessionStore) + if err != nil { + c.Logger.WithError(err).Error("failed to perform OIDC logout") + } ctx := r.Context() user, err := userByAuth(ctx, c.Logger, c.Authenticator, c.Auth, body.AccessKeyId, body.SecretAccessKey) if errors.Is(err, ErrAuthenticatingRequest) { @@ -534,6 +532,7 @@ func (c *Controller) ListGroupMembers(w http.ResponseWriter, r *http.Request, gr response.Results = append(response.Results, User{ Id: u.Username, CreationDate: u.CreatedAt.Unix(), + Email: u.Email, }) } writeResponse(w, http.StatusOK, response) diff --git a/pkg/api/oidc_login_handler.go b/pkg/api/oidc_login_handler.go index 314f84318c2..ab690a44a9f 100644 --- a/pkg/api/oidc_login_handler.go +++ b/pkg/api/oidc_login_handler.go @@ -3,6 +3,7 @@ package api import ( "net/http" "net/url" + "time" "github.com/gorilla/sessions" nanoid "github.com/matoous/go-nanoid/v2" @@ -19,9 +20,28 @@ const ( stateLength = 22 ) +func doOIDCLogout(w http.ResponseWriter, r *http.Request, sessionStore sessions.Store) error { + session, err := sessionStore.Get(r, OIDCAuthSessionName) + if err != nil { + return err + } + session.Values = nil + return session.Save(r, w) +} + // NewOIDCLoginPageHandler returns a handler to redirect the user the OIDC provider's login page. -func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logger logging.Logger) http.HandlerFunc { +func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logger logging.Logger, cookieDomain string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { + // clear internal authentication cookie + http.SetCookie(w, &http.Cookie{ + Name: JWTCookieName, + Value: "", + Domain: cookieDomain, + Path: "/", + HttpOnly: true, + Expires: time.Unix(0, 0), + SameSite: http.SameSiteStrictMode, + }) state, err := nanoid.New(stateLength) if err != nil { logger.Errorf("failed to generate state for oidc: %w", err) diff --git a/pkg/api/serve.go b/pkg/api/serve.go index 0b251a85123..56e5465e841 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -108,7 +108,7 @@ func Serve( r.Mount("/swagger.json", http.HandlerFunc(swaggerSpecHandler)) r.Mount(BaseURL, http.HandlerFunc(InvalidAPIEndpointHandler)) if cfg.GetAuthOIDCConfiguration() != nil { - r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig, logger)) + r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig, logger, cfg.GetCookieDomain())) } r.Mount("/", NewUIHandler(gatewayDomains, snippets)) return r diff --git a/pkg/auth/service.go b/pkg/auth/service.go index a6084de09fa..26d0bb11848 100644 --- a/pkg/auth/service.go +++ b/pkg/auth/service.go @@ -1140,6 +1140,7 @@ func (a *APIAuthService) CreateUser(ctx context.Context, user *model.BaseUser) ( FriendlyName: user.FriendlyName, Source: &user.Source, Username: user.Username, + ExternalId: user.ExternalID, }) if err != nil { return InvalidUserID, err diff --git a/pkg/config/template.go b/pkg/config/template.go index b00c68013b8..6db6ff12d13 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -11,6 +11,7 @@ type OIDC struct { ClientSecret string `mapstructure:"client_secret"` DefaultInitialGroups []string `mapstructure:"default_initial_groups"` InitialGroupsClaimName string `mapstructure:"initial_groups_claim_name"` + FriendlyNameClaimName string `mapstructure:"friendly_name_claim_name"` } // LDAP holds configuration for authenticating on an LDAP server. diff --git a/webui/src/pages/auth/groups/group/members.jsx b/webui/src/pages/auth/groups/group/members.jsx index 3ca34511f31..cd7e3a6582a 100644 --- a/webui/src/pages/auth/groups/group/members.jsx +++ b/webui/src/pages/auth/groups/group/members.jsx @@ -45,7 +45,7 @@ const GroupMemberList = ({ groupId, after, onPaginate }) => { user.id} rowFn={user => [ - {user.id}, + {user.email || user.id}, ]} headers={['User ID', 'Created At']} @@ -54,7 +54,7 @@ const GroupMemberList = ({ groupId, after, onPaginate }) => { buttonFn: user => Are you sure you{'\''}d like to remove user {user.id} from group {groupId}?} + msg={Are you sure you{'\''}d like to remove user {user.email || user.id} from group {groupId}?} onConfirm={() => { auth.removeUserFromGroup(user.id, groupId) .catch(error => alert(error)) diff --git a/webui/src/pages/auth/login.jsx b/webui/src/pages/auth/login.jsx index 3f813b8aae8..fe84560a557 100644 --- a/webui/src/pages/auth/login.jsx +++ b/webui/src/pages/auth/login.jsx @@ -57,7 +57,10 @@ const LoginForm = ({oidcEnabled}) => { : "" } { oidcEnabled ? - + : "" } diff --git a/webui/src/pages/auth/users/index.jsx b/webui/src/pages/auth/users/index.jsx index 62b2624489f..fb8640718fe 100644 --- a/webui/src/pages/auth/users/index.jsx +++ b/webui/src/pages/auth/users/index.jsx @@ -116,7 +116,7 @@ const UsersContainer = () => { onRemove={() => setSelected(selected.filter(u => u !== user))} />, - {user.id} + {user.email || user.id} , ]}/> From 26d6753c154071a2593f67a26f0a4cf1fd6f93ab Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 19 Jun 2022 17:24:59 +0300 Subject: [PATCH 23/28] CR fixes! --- cmd/lakefs/cmd/run.go | 3 +- docs/reference/configuration.md | 2 + docs/reference/oidc.md | 2 + go.mod | 6 ++- pkg/api/auth_middleware.go | 66 +++++++++++++++++++++++++++------ pkg/api/auth_middleware_test.go | 57 ++++++++++++++++++++++++++++ pkg/api/controller.go | 44 +++++++++++----------- pkg/api/login_handler.go | 18 ++++++++- pkg/api/oidc_login_handler.go | 46 +++++------------------ pkg/api/serve.go | 7 ++-- pkg/auth/oidc/authenticator.go | 5 ++- pkg/config/config.go | 6 +-- pkg/config/template.go | 6 +-- pkg/ddl/000038_oidc_user.up.sql | 2 +- 14 files changed, 181 insertions(+), 89 deletions(-) diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go index a407b56ea85..5a924e50fa4 100644 --- a/cmd/lakefs/cmd/run.go +++ b/cmd/lakefs/cmd/run.go @@ -259,7 +259,7 @@ var runCmd = &cobra.Command{ oidcConfig := cfg.GetAuthOIDCConfiguration() var oauthConfig *oauth2.Config var oidcProvider *oidc.Provider - if oidcConfig != nil && oidcConfig.Enabled { + if oidcConfig.Enabled { oidcProvider, err = oidc.NewProvider( cmd.Context(), oidcConfig.URL, @@ -270,6 +270,7 @@ var runCmd = &cobra.Command{ oauthConfig = &oauth2.Config{ ClientID: oidcConfig.ClientID, ClientSecret: oidcConfig.ClientSecret, + RedirectURL: oidcConfig.CallbackBaseURL + api.BaseURL + "/oidc/callback", Endpoint: oidcProvider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md index 84a1a9fb13a..1e21a15e51c 100644 --- a/docs/reference/configuration.md +++ b/docs/reference/configuration.md @@ -59,8 +59,10 @@ This reference uses `.` to denote the nesting of values. * `auth.oidc.client_id` `(string : )` - OIDC client ID. * `auth.oidc.client_secret` `(string : )` - OIDC client secret. * `auth.oidc.url` `(string : )` - The base URL of your OIDC compatible identity provider. +* `auth.oidc.callback_base_url` `(string : )` - The scheme, host and port of your lakeFS installation. After authenticating, your identity provider will redirect you to a URL under this base. * `auth.oidc.default_initial_groups` `(string[] : [])` - By default, OIDC users will be assigned to these groups * `auth.oidc.initial_groups_claim_name` `(string[] : [])` - Use this claim from the ID token to provide the initial group for new users. +* `auth.oidc.friendly_name_claim_name` `(string[] : )` - If specified, the value from the claim with this name will be used as the user's display name. * `blockstore.type` `(one of ["local", "s3", "gs", "azure", "mem"] : required)`. Block adapter to use. This controls where the underlying data will be stored * `blockstore.default_namespace_prefix` `(string : )` - Use this to help your users choose a storage namespace for their repositories. If specified, the storage namespace will be filled with this default value as a prefix, when creating a repository from the UI. diff --git a/docs/reference/oidc.md b/docs/reference/oidc.md index 8c8ee153f2a..9f54b857c28 100644 --- a/docs/reference/oidc.md +++ b/docs/reference/oidc.md @@ -25,8 +25,10 @@ auth: enabled: true client_id: example-client-id client_secret: exampleSecretValue + callback_base_url: https://lakefs.example.com # The scheme, domain (and port) of your lakeFS installation url: https://my-account.oidc-provider-example.com default_initial_groups: ["Developers"] + friendly_name_claim_name: name # Optional: use the value from this claim as the user's display name ``` Your login page will now include a link to sign-in using the diff --git a/go.mod b/go.mod index 26440ee1dd8..0bf7f192d6c 100644 --- a/go.mod +++ b/go.mod @@ -82,7 +82,10 @@ require ( golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 ) -require github.com/gorilla/sessions v1.2.1 +require ( + github.com/gorilla/securecookie v1.1.1 + github.com/gorilla/sessions v1.2.1 +) require ( cloud.google.com/go/iam v0.3.0 // indirect @@ -97,7 +100,6 @@ require ( github.com/denis-tingaikin/go-header v0.4.3 // indirect github.com/ettle/strcase v0.1.1 // indirect github.com/firefart/nonamedreturns v1.0.1 // indirect - github.com/gorilla/securecookie v1.1.1 // indirect github.com/hashicorp/go-version v1.4.0 // indirect github.com/hexops/gotextdiff v1.0.3 // indirect github.com/ldez/gomoddirectives v0.2.3 // indirect diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index 8136a0ee2ee..e8c2334476d 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -46,7 +46,7 @@ func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authentica writeError(w, http.StatusBadRequest, err) return } - user, err := checkSecurityRequirements(r, securityRequirements, logger, authenticator, authService, sessionStore, oidcConfig) + user, err := checkSecurityRequirements(r, w, securityRequirements, logger, authenticator, authService, sessionStore, oidcConfig) if err != nil { writeError(w, http.StatusUnauthorized, err) return @@ -59,9 +59,38 @@ func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authentica } } +// Deprecated +// TODO(johnnyaug) remove this a week after released +func migrateFromLegacyCookie(r *http.Request, w http.ResponseWriter, logger logging.Logger, sessionStore sessions.Store) { + jwtCookie, _ := r.Cookie(JWTCookieName) + if jwtCookie == nil { + return + } + http.SetCookie(w, &http.Cookie{ + Name: JWTCookieName, + Value: "", + Domain: jwtCookie.Domain, + Path: "/", + HttpOnly: true, + Expires: time.Unix(0, 0), + SameSite: http.SameSiteStrictMode, + }) + internalAuthSession, err := sessionStore.Get(r, InternalAuthSessionName) + if err != nil { + logger.WithError(err).Error("Failed to get internal auth session") + } + if jwtCookie.Value != "" { + internalAuthSession.Values[TokenSessionKeyName] = jwtCookie.Value + err = sessionStore.Save(r, w, internalAuthSession) + if err != nil { + logger.WithError(err).Error("Failed to save internal auth session") + } + } +} + // checkSecurityRequirements goes over the security requirements and check the authentication. returns the user information and error if the security check was required. // it will return nil user and error in case of no security checks to match. -func checkSecurityRequirements(r *http.Request, +func checkSecurityRequirements(r *http.Request, w http.ResponseWriter, securityRequirements openapi3.SecurityRequirements, logger logging.Logger, authenticator auth.Authenticator, @@ -72,10 +101,7 @@ func checkSecurityRequirements(r *http.Request, ctx := r.Context() var user *model.User var err error - session, err := sessionStore.Get(r, OIDCAuthSessionName) - if err != nil { - return nil, err - } + logger = logger.WithContext(ctx) for _, securityRequirement := range securityRequirements { for provider := range securityRequirement { @@ -100,14 +126,32 @@ func checkSecurityRequirements(r *http.Request, } user, err = userByAuth(ctx, logger, authenticator, authService, accessKey, secretKey) case "cookie_auth": - // validate jwt token from cookie - jwtCookie, _ := r.Cookie(JWTCookieName) - if jwtCookie == nil { + internalAuthSession, err := sessionStore.Get(r, InternalAuthSessionName) + if err != nil { + return nil, err + } + token := "" + if internalAuthSession != nil { + token, _ = internalAuthSession.Values[TokenSessionKeyName].(string) + } + if token == "" { + migrateFromLegacyCookie(r, w, logger, sessionStore) + } + internalAuthSession, err = sessionStore.Get(r, InternalAuthSessionName) + if err != nil { + return nil, err + } + token, _ = internalAuthSession.Values[TokenSessionKeyName].(string) + if token == "" { continue } - user, err = userByToken(ctx, logger, authService, jwtCookie.Value) + user, err = userByToken(ctx, logger, authService, token) case "oidc_auth": - user, err = userFromOIDC(ctx, logger, authService, session, oidcConfig) + oidcSession, err := sessionStore.Get(r, OIDCAuthSessionName) + if err != nil { + return nil, err + } + user, err = userFromOIDC(ctx, logger, authService, oidcSession, oidcConfig) default: // unknown security requirement to check logger.WithField("provider", provider).Error("Authentication middleware unknown security requirement provider") diff --git a/pkg/api/auth_middleware_test.go b/pkg/api/auth_middleware_test.go index 398bf7acae7..8a61e837017 100644 --- a/pkg/api/auth_middleware_test.go +++ b/pkg/api/auth_middleware_test.go @@ -7,6 +7,8 @@ import ( "time" "github.com/deepmap/oapi-codegen/pkg/securityprovider" + "github.com/gorilla/securecookie" + "github.com/gorilla/sessions" "github.com/treeverse/lakefs/pkg/api" "github.com/treeverse/lakefs/pkg/auth" "github.com/treeverse/lakefs/pkg/auth/model" @@ -139,6 +141,61 @@ func testAuthMiddleware(t *testing.T, kvEnabled bool) { t.Fatal("ListRepositories() should return unauthorized response, got nil") } }) + + t.Run("valid gorilla session", func(t *testing.T) { + ctx := context.Background() + apiToken := testGenerateApiToken(ctx, t, clt, cred) + values := map[interface{}]interface{}{api.TokenSessionKeyName: apiToken} + store := sessions.NewCookieStore([]byte("some secret")) + encoded, err := securecookie.EncodeMulti(api.InternalAuthSessionName, values, store.Codecs...) + if err != nil { + t.Fatal("Failed to encode cookie value for session: ", err) + } + authProvider, err := securityprovider.NewSecurityProviderApiKey("cookie", api.InternalAuthSessionName, encoded) + if err != nil { + t.Fatal("gorilla session security provider", err) + } + authClient, err := api.NewClientWithResponses(apiEndpoint, api.WithRequestEditorFn(authProvider.Intercept)) + if err != nil { + t.Fatal("failed to create lakefs api client:", err) + } + resp, err := authClient.ListRepositoriesWithResponse(ctx, &api.ListRepositoriesParams{}) + if err != nil { + t.Fatal("ListRepositories() should return without error:", err) + } + if resp.StatusCode() != http.StatusOK { + t.Fatalf("unexpected status code %d, expected %d", resp.StatusCode(), http.StatusOK) + } + }) + + t.Run("invalid gorilla cookie", func(t *testing.T) { + ctx := context.Background() + apiToken := testGenerateBadAPIToken(t, *deps.authService) + values := map[interface{}]interface{}{api.TokenSessionKeyName: apiToken} + store := sessions.NewCookieStore([]byte("some secret")) + encoded, err := securecookie.EncodeMulti(api.InternalAuthSessionName, values, store.Codecs...) + if err != nil { + t.Fatal("Failed to encode cookie value for session: ", err) + } + authProvider, err := securityprovider.NewSecurityProviderApiKey("cookie", api.InternalAuthSessionName, encoded) + if err != nil { + t.Fatal("gorilla session security provider", err) + } + authClient, err := api.NewClientWithResponses(apiEndpoint, api.WithRequestEditorFn(authProvider.Intercept)) + if err != nil { + t.Fatal("failed to create lakefs api client:", err) + } + resp, err := authClient.ListRepositoriesWithResponse(ctx, &api.ListRepositoriesParams{}) + if err != nil { + t.Fatal("ListRepositories() should return without error:", err) + } + if resp.StatusCode() != http.StatusUnauthorized { + t.Fatal("ListRepositories() should return unauthorized status code, got", resp.StatusCode()) + } + if resp.JSON401 == nil { + t.Fatal("ListRepositories() should return unauthorized response, got nil") + } + }) } func testGenerateApiToken(ctx context.Context, t testing.TB, clt api.ClientWithResponsesInterface, cred *model.BaseCredential) string { diff --git a/pkg/api/controller.go b/pkg/api/controller.go index efa31b8b261..33a5e7f29b9 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -166,16 +166,12 @@ func (c *Controller) DeleteObjects(w http.ResponseWriter, r *http.Request, body } func (c *Controller) Logout(w http.ResponseWriter, r *http.Request) { - http.SetCookie(w, &http.Cookie{ - Name: JWTCookieName, - Value: "", - Domain: c.Config.GetCookieDomain(), - Path: "/", - HttpOnly: true, - Expires: time.Unix(0, 0), - SameSite: http.SameSiteStrictMode, - }) - err := doOIDCLogout(w, r, c.sessionStore) + err := clearSession(w, r, c.sessionStore, InternalAuthSessionName) + if err != nil { + writeError(w, http.StatusInternalServerError, err) + return + } + err = clearSession(w, r, c.sessionStore, OIDCAuthSessionName) if err != nil { writeError(w, http.StatusInternalServerError, err) return @@ -211,7 +207,7 @@ func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { } func (c *Controller) Login(w http.ResponseWriter, r *http.Request, body LoginJSONRequestBody) { - err := doOIDCLogout(w, r, c.sessionStore) + err := clearSession(w, r, c.sessionStore, OIDCAuthSessionName) if err != nil { c.Logger.WithError(err).Error("failed to perform OIDC logout") } @@ -231,16 +227,19 @@ func (c *Controller) Login(w http.ResponseWriter, r *http.Request, body LoginJSO writeError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) return } - - http.SetCookie(w, &http.Cookie{ - Name: JWTCookieName, - Value: tokenString, - Path: "/", - Domain: c.Config.GetCookieDomain(), // if not configured will return empty string which will resolve by setting the cookie on the current domain - Expires: expires, - HttpOnly: true, - SameSite: http.SameSiteStrictMode, - }) + internalAuthSession, err := c.sessionStore.Get(r, InternalAuthSessionName) + if err != nil { + c.Logger.WithError(err).Error("Failed to get internal auth session") + writeError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) + return + } + internalAuthSession.Values[TokenSessionKeyName] = tokenString + err = c.sessionStore.Save(r, w, internalAuthSession) + if err != nil { + c.Logger.WithError(err).Error("Failed to save internal auth session") + writeError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) + return + } response := AuthenticationToken{ Token: tokenString, } @@ -3141,8 +3140,7 @@ func (c *Controller) GetSetupState(w http.ResponseWriter, r *http.Request) { if initialized || c.Config.IsAuthTypeAPI() { state = setupStateInitialized } - oidcEnabled := c.Config.GetAuthOIDCConfiguration() != nil && c.Config.GetAuthOIDCConfiguration().Enabled - response := SetupState{State: swag.String(state), OidcEnabled: swag.Bool(oidcEnabled)} + response := SetupState{State: swag.String(state), OidcEnabled: swag.Bool(c.Config.GetAuthOIDCConfiguration().Enabled)} writeResponse(w, http.StatusOK, response) } diff --git a/pkg/api/login_handler.go b/pkg/api/login_handler.go index 7c335cd050d..fcc8d746496 100644 --- a/pkg/api/login_handler.go +++ b/pkg/api/login_handler.go @@ -1,10 +1,12 @@ package api import ( + "net/http" "time" "github.com/golang-jwt/jwt" "github.com/google/uuid" + "github.com/gorilla/sessions" ) type LoginRequestData struct { @@ -20,13 +22,25 @@ const ( DefaultLoginExpiration = 7 * 24 * time.Hour DefaultInvitePasswordExpiration = 6 * time.Hour DefaultResetPasswordExpiration = 20 * time.Minute - - JWTCookieName = "access_token" + // Deprecated: use gorilla managed session + JWTCookieName = "access_token" + InternalAuthSessionName = "internal_auth_session" + TokenSessionKeyName = "token" + OIDCAuthSessionName = "oidc_auth_session" LoginAudience = "login" ResetPasswordAudience = "reset_password" ) +func clearSession(w http.ResponseWriter, r *http.Request, sessionStore sessions.Store, sessionName string) error { + session, err := sessionStore.Get(r, sessionName) + if err != nil { + return err + } + session.Options.MaxAge = -1 + return session.Save(r, w) +} + func generateJWT(claims *jwt.StandardClaims, secret []byte) (string, error) { token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) return token.SignedString(secret) diff --git a/pkg/api/oidc_login_handler.go b/pkg/api/oidc_login_handler.go index ab690a44a9f..cd93cd856d1 100644 --- a/pkg/api/oidc_login_handler.go +++ b/pkg/api/oidc_login_handler.go @@ -2,8 +2,6 @@ package api import ( "net/http" - "net/url" - "time" "github.com/gorilla/sessions" nanoid "github.com/matoous/go-nanoid/v2" @@ -12,65 +10,39 @@ import ( ) const ( - OIDCAuthSessionName = "auth_session" - IDTokenClaimsSessionKey = "id_token_claims" StateSessionKey = "state" stateLength = 22 ) -func doOIDCLogout(w http.ResponseWriter, r *http.Request, sessionStore sessions.Store) error { - session, err := sessionStore.Get(r, OIDCAuthSessionName) - if err != nil { - return err - } - session.Values = nil - return session.Save(r, w) -} - // NewOIDCLoginPageHandler returns a handler to redirect the user the OIDC provider's login page. -func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logger logging.Logger, cookieDomain string) http.HandlerFunc { +func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Config, logger logging.Logger) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - // clear internal authentication cookie - http.SetCookie(w, &http.Cookie{ - Name: JWTCookieName, - Value: "", - Domain: cookieDomain, - Path: "/", - HttpOnly: true, - Expires: time.Unix(0, 0), - SameSite: http.SameSiteStrictMode, - }) + // clear internal authentication session + err := clearSession(w, r, sessionStore, InternalAuthSessionName) + if err != nil { + logger.WithError(err).Error("Failed to clear internal auth session") + } state, err := nanoid.New(stateLength) if err != nil { - logger.Errorf("failed to generate state for oidc: %w", err) + logger.WithError(err).Error("failed to generate state for oidc") writeError(w, http.StatusInternalServerError, "Failed to redirect to login page") return } session, err := sessionStore.Get(r, OIDCAuthSessionName) if err != nil { - logger.Errorf("failed to get oidc session: %w", err) + logger.WithError(err).Error("failed to get oidc session") writeError(w, http.StatusInternalServerError, "Failed to redirect to login page") return } session.Values[StateSessionKey] = state if err := session.Save(r, w); err != nil { - logger.Errorf("failed to save oidc session: %w", err) + logger.WithError(err).Error("failed to save oidc session") writeError(w, http.StatusInternalServerError, "Failed to redirect to login page") return } - scheme := "http" - if r.TLS != nil { - scheme = "https" - } - u := url.URL{ - Scheme: scheme, - Host: r.Host, - Path: BaseURL + "/oidc/callback", - } - oauthConfig.RedirectURL = u.String() http.Redirect(w, r, oauthConfig.AuthCodeURL(state), http.StatusTemporaryRedirect) } } diff --git a/pkg/api/serve.go b/pkg/api/serve.go index 56e5465e841..d994a5f907c 100644 --- a/pkg/api/serve.go +++ b/pkg/api/serve.go @@ -71,6 +71,7 @@ func Serve( sessionStore := sessions.NewCookieStore(authService.SecretStore().SharedSecret()) r := chi.NewRouter() + oidcConfig := cfg.GetAuthOIDCConfiguration() apiRouter := r.With( OapiRequestValidatorWithOptions(swagger, &openapi3filter.Options{ AuthenticationFunc: openapi3filter.NoopAuthenticationFunc, @@ -79,7 +80,7 @@ func Serve( RequestIDHeaderName, logging.Fields{logging.ServiceNameFieldKey: LoggerServiceName}, cfg.GetLoggingTraceRequestHeaders()), - AuthMiddleware(logger, swagger, middlewareAuthenticator, authService, sessionStore, cfg.GetAuthOIDCConfiguration()), + AuthMiddleware(logger, swagger, middlewareAuthenticator, authService, sessionStore, &oidcConfig), MetricsMiddleware(swagger), ) oidcAuthenticator := authoidc.NewAuthenticator(oauthConfig, oidcProvider) @@ -107,8 +108,8 @@ func Serve( r.Mount("/_pprof/", httputil.ServePPROF("/_pprof/")) r.Mount("/swagger.json", http.HandlerFunc(swaggerSpecHandler)) r.Mount(BaseURL, http.HandlerFunc(InvalidAPIEndpointHandler)) - if cfg.GetAuthOIDCConfiguration() != nil { - r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig, logger, cfg.GetCookieDomain())) + if cfg.GetAuthOIDCConfiguration().Enabled { + r.Mount("/oidc/login", NewOIDCLoginPageHandler(sessionStore, oauthConfig, logger)) } r.Mount("/", NewUIHandler(gatewayDomains, snippets)) return r diff --git a/pkg/auth/oidc/authenticator.go b/pkg/auth/oidc/authenticator.go index 3c3f048e1fd..b99206fe5c9 100644 --- a/pkg/auth/oidc/authenticator.go +++ b/pkg/auth/oidc/authenticator.go @@ -2,11 +2,14 @@ package oidc import ( "context" + "errors" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) +var ErrTokenExtract = errors.New("failed to extract id token") + type Authenticator struct { oauthConfig *oauth2.Config oidcProvider *oidc.Provider @@ -27,7 +30,7 @@ func (a *Authenticator) GetIDTokenClaims(ctx context.Context, code string) (Clai } rawIDToken, ok := token.Extra("id_token").(string) if !ok { - return nil, err + return nil, ErrTokenExtract } oidcVerifier := a.oidcProvider.Verifier(&oidc.Config{ ClientID: a.oauthConfig.ClientID, diff --git a/pkg/config/config.go b/pkg/config/config.go index 6e948c701f3..9c6c16b0631 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -514,10 +514,6 @@ func (c *Config) GetAuthAPIToken() string { return c.values.Auth.API.Token } -func (c *Config) GetCookieDomain() string { - return c.values.Auth.CookieDomain -} - func (c *Config) GetUISnippets() []apiparams.CodeSnippet { snippets := make([]apiparams.CodeSnippet, 0, len(c.values.UI.Snippets)) for _, item := range c.values.UI.Snippets { @@ -529,6 +525,6 @@ func (c *Config) GetUISnippets() []apiparams.CodeSnippet { return snippets } -func (c *Config) GetAuthOIDCConfiguration() *OIDC { +func (c *Config) GetAuthOIDCConfiguration() OIDC { return c.values.Auth.OIDC } diff --git a/pkg/config/template.go b/pkg/config/template.go index 6db6ff12d13..84c0d66dbe9 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -9,6 +9,7 @@ type OIDC struct { URL string `mapstructure:"url"` ClientID string `mapstructure:"client_id"` ClientSecret string `mapstructure:"client_secret"` + CallbackBaseURL string `mapstructure:"callback_base_url"` DefaultInitialGroups []string `mapstructure:"default_initial_groups"` InitialGroupsClaimName string `mapstructure:"initial_groups_claim_name"` FriendlyNameClaimName string `mapstructure:"friendly_name_claim_name"` @@ -88,9 +89,8 @@ type configuration struct { Endpoint string Token string } - LDAP *LDAP - OIDC *OIDC - CookieDomain string `mapstructure:"cookie_domain"` + LDAP *LDAP + OIDC OIDC } Blockstore struct { Type string `validate:"required"` diff --git a/pkg/ddl/000038_oidc_user.up.sql b/pkg/ddl/000038_oidc_user.up.sql index b25dbfdae41..86045100bef 100644 --- a/pkg/ddl/000038_oidc_user.up.sql +++ b/pkg/ddl/000038_oidc_user.up.sql @@ -1,5 +1,5 @@ BEGIN; ALTER TABLE auth_users - ADD COLUMN IF NOT EXISTS external_id VARCHAR(255) UNIQUE; + ADD COLUMN IF NOT EXISTS external_id TEXT UNIQUE; END; From 863d356cf674c50eec1fa885b04dade40c0a91d7 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Sun, 19 Jun 2022 17:29:12 +0300 Subject: [PATCH 24/28] fix lint --- pkg/api/auth_middleware.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index e8c2334476d..c8401ab1e5e 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -126,7 +126,8 @@ func checkSecurityRequirements(r *http.Request, w http.ResponseWriter, } user, err = userByAuth(ctx, logger, authenticator, authService, accessKey, secretKey) case "cookie_auth": - internalAuthSession, err := sessionStore.Get(r, InternalAuthSessionName) + var internalAuthSession *sessions.Session + internalAuthSession, err = sessionStore.Get(r, InternalAuthSessionName) if err != nil { return nil, err } @@ -147,7 +148,8 @@ func checkSecurityRequirements(r *http.Request, w http.ResponseWriter, } user, err = userByToken(ctx, logger, authService, token) case "oidc_auth": - oidcSession, err := sessionStore.Get(r, OIDCAuthSessionName) + var oidcSession *sessions.Session + oidcSession, err = sessionStore.Get(r, OIDCAuthSessionName) if err != nil { return nil, err } From c5190eb98b8ef713e0aa461af7b639690a0ccf18 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Mon, 20 Jun 2022 14:54:21 +0300 Subject: [PATCH 25/28] cr fixes --- pkg/api/auth_middleware.go | 33 ++++++++++++++++----------------- pkg/api/controller.go | 13 ++----------- pkg/api/login_handler.go | 5 +---- pkg/api/oidc_login_handler.go | 7 +------ 4 files changed, 20 insertions(+), 38 deletions(-) diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index c8401ab1e5e..f847059414a 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -75,17 +75,16 @@ func migrateFromLegacyCookie(r *http.Request, w http.ResponseWriter, logger logg Expires: time.Unix(0, 0), SameSite: http.SameSiteStrictMode, }) - internalAuthSession, err := sessionStore.Get(r, InternalAuthSessionName) - if err != nil { - logger.WithError(err).Error("Failed to get internal auth session") + if jwtCookie.Value == "" { + return } - if jwtCookie.Value != "" { - internalAuthSession.Values[TokenSessionKeyName] = jwtCookie.Value - err = sessionStore.Save(r, w, internalAuthSession) - if err != nil { - logger.WithError(err).Error("Failed to save internal auth session") - } + internalAuthSession, _ := sessionStore.Get(r, InternalAuthSessionName) + internalAuthSession.Values[TokenSessionKeyName] = jwtCookie.Value + err := sessionStore.Save(r, w, internalAuthSession) + if err != nil { + logger.WithError(err).Error("Failed to save internal auth session") } + } // checkSecurityRequirements goes over the security requirements and check the authentication. returns the user information and error if the security check was required. @@ -127,10 +126,7 @@ func checkSecurityRequirements(r *http.Request, w http.ResponseWriter, user, err = userByAuth(ctx, logger, authenticator, authService, accessKey, secretKey) case "cookie_auth": var internalAuthSession *sessions.Session - internalAuthSession, err = sessionStore.Get(r, InternalAuthSessionName) - if err != nil { - return nil, err - } + internalAuthSession, _ = sessionStore.Get(r, InternalAuthSessionName) token := "" if internalAuthSession != nil { token, _ = internalAuthSession.Values[TokenSessionKeyName].(string) @@ -199,7 +195,8 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S return enhanceWithFriendlyName(user, friendlyName), nil } if !errors.Is(err, auth.ErrNotFound) { - return nil, err + logger.WithError(err).Error("Failed to get external user from database") + return nil, ErrAuthenticatingRequest } u := model.BaseUser{ CreatedAt: time.Now().UTC(), @@ -210,12 +207,14 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S userID, err := authService.CreateUser(ctx, &u) if err != nil { if !errors.Is(err, db.ErrAlreadyExists) { - return nil, err + logger.WithError(err).Error("Failed to create external user in database") + return nil, ErrAuthenticatingRequest } // user already exists - get it: user, err = authService.GetUser(ctx, externalID) if err != nil { - return nil, err + logger.WithError(err).Error("Failed to get external user from database") + return nil, ErrAuthenticatingRequest } return enhanceWithFriendlyName(user, friendlyName), nil } @@ -226,7 +225,7 @@ func userFromOIDC(ctx context.Context, logger logging.Logger, authService auth.S for _, g := range initialGroups { err = authService.AddUserToGroup(ctx, u.Username, strings.TrimSpace(g)) if err != nil { - return nil, err + logger.WithError(err).Error("Failed to add external user to group") } } return enhanceWithFriendlyName(&model.User{ diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 33a5e7f29b9..972608e8ab9 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -183,11 +183,7 @@ func (c *Controller) Logout(w http.ResponseWriter, r *http.Request) { // It exchanges the code for an id token, and saves the claims from the ID token on a session. func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { ctx := r.Context() - session, err := c.sessionStore.Get(r, OIDCAuthSessionName) - if err != nil { - writeError(w, http.StatusInternalServerError, err.Error()) - return - } + session, _ := c.sessionStore.Get(r, OIDCAuthSessionName) if r.URL.Query().Get("state") != session.Values[StateSessionKey] { writeError(w, http.StatusBadRequest, "Invalid state parameter.") return @@ -227,12 +223,7 @@ func (c *Controller) Login(w http.ResponseWriter, r *http.Request, body LoginJSO writeError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) return } - internalAuthSession, err := c.sessionStore.Get(r, InternalAuthSessionName) - if err != nil { - c.Logger.WithError(err).Error("Failed to get internal auth session") - writeError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) - return - } + internalAuthSession, _ := c.sessionStore.Get(r, InternalAuthSessionName) internalAuthSession.Values[TokenSessionKeyName] = tokenString err = c.sessionStore.Save(r, w, internalAuthSession) if err != nil { diff --git a/pkg/api/login_handler.go b/pkg/api/login_handler.go index fcc8d746496..e03446d578b 100644 --- a/pkg/api/login_handler.go +++ b/pkg/api/login_handler.go @@ -33,10 +33,7 @@ const ( ) func clearSession(w http.ResponseWriter, r *http.Request, sessionStore sessions.Store, sessionName string) error { - session, err := sessionStore.Get(r, sessionName) - if err != nil { - return err - } + session, _ := sessionStore.Get(r, sessionName) session.Options.MaxAge = -1 return session.Save(r, w) } diff --git a/pkg/api/oidc_login_handler.go b/pkg/api/oidc_login_handler.go index cd93cd856d1..4d68e2c4cb1 100644 --- a/pkg/api/oidc_login_handler.go +++ b/pkg/api/oidc_login_handler.go @@ -31,12 +31,7 @@ func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Co return } - session, err := sessionStore.Get(r, OIDCAuthSessionName) - if err != nil { - logger.WithError(err).Error("failed to get oidc session") - writeError(w, http.StatusInternalServerError, "Failed to redirect to login page") - return - } + session, _ := sessionStore.Get(r, OIDCAuthSessionName) session.Values[StateSessionKey] = state if err := session.Save(r, w); err != nil { logger.WithError(err).Error("failed to save oidc session") From 38e43a625f64ecf23d4422fd482497b51c87ea53 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Tue, 21 Jun 2022 11:27:05 +0300 Subject: [PATCH 26/28] fix lint --- pkg/api/auth_middleware.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index f847059414a..e2a9badc9a3 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -84,7 +84,6 @@ func migrateFromLegacyCookie(r *http.Request, w http.ResponseWriter, logger logg if err != nil { logger.WithError(err).Error("Failed to save internal auth session") } - } // checkSecurityRequirements goes over the security requirements and check the authentication. returns the user information and error if the security check was required. From f4a5e572ae46c15c20d726d2e6200fdece4461cd Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Tue, 21 Jun 2022 12:49:23 +0300 Subject: [PATCH 27/28] cr fixes --- cmd/lakefs/cmd/run.go | 3 ++- pkg/api/auth_middleware.go | 17 +++++++---------- pkg/api/controller.go | 2 +- pkg/api/oidc_login_handler.go | 2 +- 4 files changed, 11 insertions(+), 13 deletions(-) diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go index 3ddccd19215..7c370ac7362 100644 --- a/cmd/lakefs/cmd/run.go +++ b/cmd/lakefs/cmd/run.go @@ -11,6 +11,7 @@ import ( "net/url" "os" "os/signal" + "strings" "syscall" "time" @@ -270,7 +271,7 @@ var runCmd = &cobra.Command{ oauthConfig = &oauth2.Config{ ClientID: oidcConfig.ClientID, ClientSecret: oidcConfig.ClientSecret, - RedirectURL: oidcConfig.CallbackBaseURL + api.BaseURL + "/oidc/callback", + RedirectURL: strings.TrimSuffix(oidcConfig.CallbackBaseURL, "/") + api.BaseURL + "/oidc/callback", Endpoint: oidcProvider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } diff --git a/pkg/api/auth_middleware.go b/pkg/api/auth_middleware.go index e2a9badc9a3..91a0d0ad7e4 100644 --- a/pkg/api/auth_middleware.go +++ b/pkg/api/auth_middleware.go @@ -59,12 +59,12 @@ func AuthMiddleware(logger logging.Logger, swagger *openapi3.Swagger, authentica } } -// Deprecated +// Deprecated: migrateFromLegacyCookie takes the token from the legacy cookie and saves it on the gorilla session. // TODO(johnnyaug) remove this a week after released -func migrateFromLegacyCookie(r *http.Request, w http.ResponseWriter, logger logging.Logger, sessionStore sessions.Store) { +func migrateFromLegacyCookie(r *http.Request, w http.ResponseWriter, logger logging.Logger, sessionStore sessions.Store) string { jwtCookie, _ := r.Cookie(JWTCookieName) if jwtCookie == nil { - return + return "" } http.SetCookie(w, &http.Cookie{ Name: JWTCookieName, @@ -76,14 +76,16 @@ func migrateFromLegacyCookie(r *http.Request, w http.ResponseWriter, logger logg SameSite: http.SameSiteStrictMode, }) if jwtCookie.Value == "" { - return + return "" } internalAuthSession, _ := sessionStore.Get(r, InternalAuthSessionName) internalAuthSession.Values[TokenSessionKeyName] = jwtCookie.Value err := sessionStore.Save(r, w, internalAuthSession) if err != nil { logger.WithError(err).Error("Failed to save internal auth session") + return "" } + return jwtCookie.Value } // checkSecurityRequirements goes over the security requirements and check the authentication. returns the user information and error if the security check was required. @@ -131,13 +133,8 @@ func checkSecurityRequirements(r *http.Request, w http.ResponseWriter, token, _ = internalAuthSession.Values[TokenSessionKeyName].(string) } if token == "" { - migrateFromLegacyCookie(r, w, logger, sessionStore) + token = migrateFromLegacyCookie(r, w, logger, sessionStore) } - internalAuthSession, err = sessionStore.Get(r, InternalAuthSessionName) - if err != nil { - return nil, err - } - token, _ = internalAuthSession.Values[TokenSessionKeyName].(string) if token == "" { continue } diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 972608e8ab9..1c26dfc752f 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -185,7 +185,7 @@ func (c *Controller) OauthCallback(w http.ResponseWriter, r *http.Request) { ctx := r.Context() session, _ := c.sessionStore.Get(r, OIDCAuthSessionName) if r.URL.Query().Get("state") != session.Values[StateSessionKey] { - writeError(w, http.StatusBadRequest, "Invalid state parameter.") + writeError(w, http.StatusBadRequest, "Invalid state parameter") return } idTokenClaims, err := c.oidcAuthenticator.GetIDTokenClaims(ctx, r.URL.Query().Get("code")) diff --git a/pkg/api/oidc_login_handler.go b/pkg/api/oidc_login_handler.go index 4d68e2c4cb1..f4f2cd7cb85 100644 --- a/pkg/api/oidc_login_handler.go +++ b/pkg/api/oidc_login_handler.go @@ -35,7 +35,7 @@ func NewOIDCLoginPageHandler(sessionStore sessions.Store, oauthConfig *oauth2.Co session.Values[StateSessionKey] = state if err := session.Save(r, w); err != nil { logger.WithError(err).Error("failed to save oidc session") - writeError(w, http.StatusInternalServerError, "Failed to redirect to login page") + writeError(w, http.StatusInternalServerError, "Failed to save auth session") return } http.Redirect(w, r, oauthConfig.AuthCodeURL(state), http.StatusTemporaryRedirect) From d1953d8b0112c52c43b721d86e19e06559373b59 Mon Sep 17 00:00:00 2001 From: johnnyaug Date: Tue, 21 Jun 2022 13:34:39 +0300 Subject: [PATCH 28/28] rename cookie in swagger --- api/swagger.yml | 4 ++-- clients/java/README.md | 4 ++-- clients/java/api/openapi.yaml | 4 ++-- .../src/main/java/io/lakefs/clients/api/ApiClient.java | 8 ++++---- clients/python/README.md | 4 ++-- clients/python/lakefs_client/configuration.py | 4 ++-- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/api/swagger.yml b/api/swagger.yml index 124c95ae2cc..0127d40a533 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -25,11 +25,11 @@ components: cookie_auth: type: apiKey in: cookie - name: access_token + name: internal_auth_session oidc_auth: type: apiKey in: cookie - name: auth_session + name: oidc_auth_session parameters: PaginationPrefix: in: query diff --git a/clients/java/README.md b/clients/java/README.md index c769b2ff154..ae9bb2ae3da 100644 --- a/clients/java/README.md +++ b/clients/java/README.md @@ -301,7 +301,7 @@ Authentication schemes defined for the API: ### cookie_auth - **Type**: API key -- **API key parameter name**: access_token +- **API key parameter name**: internal_auth_session - **Location**: ### jwt_token @@ -311,7 +311,7 @@ Authentication schemes defined for the API: ### oidc_auth - **Type**: API key -- **API key parameter name**: auth_session +- **API key parameter name**: oidc_auth_session - **Location**: diff --git a/clients/java/api/openapi.yaml b/clients/java/api/openapi.yaml index fd525e7e430..543590e8c22 100644 --- a/clients/java/api/openapi.yaml +++ b/clients/java/api/openapi.yaml @@ -5941,10 +5941,10 @@ components: type: http cookie_auth: in: cookie - name: access_token + name: internal_auth_session type: apiKey oidc_auth: in: cookie - name: auth_session + name: oidc_auth_session type: apiKey diff --git a/clients/java/src/main/java/io/lakefs/clients/api/ApiClient.java b/clients/java/src/main/java/io/lakefs/clients/api/ApiClient.java index 70bbc95db4d..144a1a636d8 100644 --- a/clients/java/src/main/java/io/lakefs/clients/api/ApiClient.java +++ b/clients/java/src/main/java/io/lakefs/clients/api/ApiClient.java @@ -87,9 +87,9 @@ public ApiClient() { // Setup authentications (key: authentication name, value: authentication). authentications.put("basic_auth", new HttpBasicAuth()); - authentications.put("cookie_auth", new ApiKeyAuth("cookie", "access_token")); + authentications.put("cookie_auth", new ApiKeyAuth("cookie", "internal_auth_session")); authentications.put("jwt_token", new HttpBearerAuth("bearer")); - authentications.put("oidc_auth", new ApiKeyAuth("cookie", "auth_session")); + authentications.put("oidc_auth", new ApiKeyAuth("cookie", "oidc_auth_session")); // Prevent the authentications from being modified. authentications = Collections.unmodifiableMap(authentications); } @@ -104,9 +104,9 @@ public ApiClient(OkHttpClient client) { // Setup authentications (key: authentication name, value: authentication). authentications.put("basic_auth", new HttpBasicAuth()); - authentications.put("cookie_auth", new ApiKeyAuth("cookie", "access_token")); + authentications.put("cookie_auth", new ApiKeyAuth("cookie", "internal_auth_session")); authentications.put("jwt_token", new HttpBearerAuth("bearer")); - authentications.put("oidc_auth", new ApiKeyAuth("cookie", "auth_session")); + authentications.put("oidc_auth", new ApiKeyAuth("cookie", "oidc_auth_session")); // Prevent the authentications from being modified. authentications = Collections.unmodifiableMap(authentications); } diff --git a/clients/python/README.md b/clients/python/README.md index f0102a440c1..35a0ba13493 100644 --- a/clients/python/README.md +++ b/clients/python/README.md @@ -284,7 +284,7 @@ Class | Method | HTTP request | Description ## cookie_auth - **Type**: API key -- **API key parameter name**: access_token +- **API key parameter name**: internal_auth_session - **Location**: @@ -296,7 +296,7 @@ Class | Method | HTTP request | Description ## oidc_auth - **Type**: API key -- **API key parameter name**: auth_session +- **API key parameter name**: oidc_auth_session - **Location**: diff --git a/clients/python/lakefs_client/configuration.py b/clients/python/lakefs_client/configuration.py index 5baed58b43c..44d99975349 100644 --- a/clients/python/lakefs_client/configuration.py +++ b/clients/python/lakefs_client/configuration.py @@ -414,7 +414,7 @@ def auth_settings(self): auth['cookie_auth'] = { 'type': 'api_key', 'in': 'cookie', - 'key': 'access_token', + 'key': 'internal_auth_session', 'value': self.get_api_key_with_prefix( 'cookie_auth', ), @@ -431,7 +431,7 @@ def auth_settings(self): auth['oidc_auth'] = { 'type': 'api_key', 'in': 'cookie', - 'key': 'auth_session', + 'key': 'oidc_auth_session', 'value': self.get_api_key_with_prefix( 'oidc_auth', ),