Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

STS integration, JWT auth and Stateless MCS #70

Merged
merged 1 commit into from Apr 23, 2020
Merged

STS integration, JWT auth and Stateless MCS #70

merged 1 commit into from Apr 23, 2020

Conversation

Alevsk
Copy link
Contributor

@Alevsk Alevsk commented Apr 17, 2020
edited

This commit changes the authentication mechanism between mcs and minio to an sts
(security token service) schema using the user provided credentials, previously
mcs was using master credentials. With that said in order for you to
login to MCS as an admin your user must exists first on minio and have enough
privileges to do administrative operations.

./mc admin user add myminio alevsk alevsk12345

cat admin.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "admin:*",
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}

./mc admin policy add myminio admin admin.json

./mc admin policy set myminio admin user=alevsk

@Alevsk Alevsk added the WIP This PR is WIP and cannot be merged yet label Apr 17, 2020
@Alevsk Alevsk self-assigned this Apr 17, 2020
@Alevsk Alevsk force-pushed the sts-auth branch 3 times, most recently from d186f63 to f288c34 Compare April 19, 2020 03:15
@Alevsk Alevsk changed the title [WIP] STS integration STS integration, JWT auth and Stateless MCS Apr 19, 2020
@Alevsk Alevsk force-pushed the sts-auth branch 2 times, most recently from 3c86d7b to 008699c Compare April 19, 2020 03:19
@Alevsk Alevsk removed the WIP This PR is WIP and cannot be merged yet label Apr 19, 2020
dvaldivia
dvaldivia reviewed Apr 20, 2020
View reviewed changes
pkg/auth/jwt/config.go Outdated Show resolved Hide resolved
restapi/admin_arns.go Show resolved Hide resolved
cesnietor
cesnietor previously requested changes Apr 20, 2020
View reviewed changes
restapi/user_login.go Outdated Show resolved Hide resolved
restapi/user_login.go Outdated Show resolved Hide resolved
restapi/user_logout.go Show resolved Hide resolved
restapi/client.go Show resolved Hide resolved
restapi/consts.go Outdated Show resolved Hide resolved
pkg/auth/jwt/parser.go Show resolved Hide resolved
@cesnietor cesnietor mentioned this pull request Apr 20, 2020
Merged
harshavardhana
harshavardhana requested changes Apr 20, 2020
View reviewed changes
restapi/client.go Show resolved Hide resolved
@Alevsk Alevsk force-pushed the sts-auth branch 2 times, most recently from 0dfe73c to 8714579 Compare April 20, 2020 23:17
@Alevsk Alevsk requested a review from aead April 20, 2020 23:36
@Alevsk Alevsk force-pushed the sts-auth branch 2 times, most recently from 81308e5 to 4d189f8 Compare April 21, 2020 23:54
@Alevsk
Copy link
Contributor Author

Alevsk commented Apr 21, 2020

@aead can you review the pkg/auth/jwt.go that contains the encrypt/decrypt functions for the jwt claims? thanks

harshavardhana
harshavardhana requested changes Apr 22, 2020
View reviewed changes
pkg/auth/jwt.go Outdated Show resolved Hide resolved
dvaldivia
dvaldivia previously approved these changes Apr 22, 2020
View reviewed changes
@Alevsk Alevsk requested a review from dvaldivia April 22, 2020 23:42
dvaldivia
dvaldivia previously approved these changes Apr 23, 2020
View reviewed changes
cesnietor
cesnietor reviewed Apr 23, 2020
View reviewed changes
pkg/auth/jwt.go Outdated Show resolved Hide resolved
harshavardhana
harshavardhana previously approved these changes Apr 23, 2020
View reviewed changes
@Alevsk
STS integration, JWT auth and Stateless MCS
fa98768 
This commit changes the authentication mechanism between mcs and minio to an sts
(security token service) schema using the user provided credentials, previously
mcs was using master credentials. With that said in order for you to
login to MCS as an admin your user must exists first on minio and have enough
privileges to do administrative operations.

```
./mc admin user add myminio alevsk alevsk12345
```

```
cat admin.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "admin:*",
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}

./mc admin policy add myminio admin admin.json
```

```
./mc admin policy set myminio admin user=alevsk
```
@Alevsk Alevsk dismissed stale reviews from harshavardhana and dvaldivia via fa98768 April 23, 2020 04:51
bexsoft
bexsoft approved these changes Apr 23, 2020
View reviewed changes
Copy link
Collaborator

@bexsoft bexsoft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Alevsk Alevsk dismissed cesnietor’s stale review April 23, 2020 06:43

all changes merged

@Alevsk Alevsk merged commit 0f52136 into minio:master Apr 23, 2020
@Alevsk Alevsk deleted the sts-auth branch April 23, 2020 06:43
@Alevsk Alevsk mentioned this pull request Apr 23, 2020
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dvaldivia dvaldivia dvaldivia approved these changes

@bexsoft bexsoft bexsoft approved these changes

@aead aead Awaiting requested review from aead

@cesnietor cesnietor Awaiting requested review from cesnietor

@harshavardhana harshavardhana Awaiting requested review from harshavardhana

Assignees

@Alevsk Alevsk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Alevsk @harshavardhana @cesnietor @dvaldivia @bexsoft