Insights operator LDAP Auth

• Overview
  • Authorization part
  • Authorization sequence diagram for known user with proper token
  • Authorization sequence diagram in case of any error
• Starting
• Authentication
• RestAPI
• BDD tests
• Code style and cyclomatic complexity checks
• Configuration
  • Environment variables
• CI
• Contribution
• Package manifest

Overview

The whole system consists of several components: CLI client, LDAP Auth service, and the Insights operator instrumentation service:

Authorization part

Authorization sequence diagram for known user with proper token

Authorization sequence diagram in case of any error

Starting

By default application starting on port 8081, but it can be changed in configuration file config.toml.

go build # Build application
./insights-operator-ldapauth # Start application

Alternatively you can use GNU make to perform the same operation:

make run

Authentication

For authentication is used POST request to /api/v1/login with credentials:

{
	"login": "your-ldap-login",
	"password": "your-ldap-password"
}

For now it connecting directly to RedHat LDAP, so for running this application correctly you should be connected to RedHat VPN. After you recieve token, you can use it in requests as Bearer Token.

RestAPI

Application has only one route is /api/v1/login, requests to other routes will be proxied to insights-operator-controller.

BDD tests

Behaviour tests for this service are included in Insights Behavioral Spec repository. In order to run these tests, the following steps need to be made:

1. clone the Insights Behavioral Spec repository
2. go into the cloned subdirectory insights-behavioral-spec
3. run the aggregator_tests.sh from this subdirectory

Code style and cyclomatic complexity checks

All code style checks, cyclomatic complexity measurement etc. can be started from command line by using:

make style

Configuration

Change the following lines in config.toml:

[service]
ldap="ldap.corp.redhat.com"
address=":8081"
proxy="http://localhost:8080"
proxy_prefix="/api/v1/"
proxy_tls=true
tls_cert="certs/cert.pem"
tls_key="certs/key.pem"

• ldap is hostname of LDAP server
• address is address of ldapauth server
• proxy is address of controller server
• proxy_prefix is prefix of controller server which will be replaced instead of ldapauth prefix
• proxy_tls is boolean flag that defines if proxy connection with controller should secured by mutual TLS
• tls_cert is path to certificate, can be used only if proxy_tls == true
• tls_key is path to key of certificate, can be used only if proxy_tls == true

Environment variables

Some settings can be setted with environment variables:

• CONTROLLER_PREFIX - specify URL path prefix (Default: /api/v1/)
• INSIGHTS_CONTROLLER_CONFIG_FILE - custom path to config file (default: ./config.toml)

CI

Travis CI is configured for this repository. Several tests and checks are started for all pull requests:

• Unit tests that use the standard tool go test
• go fmt tool to check code formatting. That tool is run with -s flag to perform following transformations
• go vet to report likely mistakes in source code, for example suspicious constructs, such as Printf calls whose arguments do not align with the format string.
• golint as a linter for all Go sources stored in this repository
• gocyclo to report all functions and methods with too high cyclomatic complexity. The cyclomatic complexity of a function is calculated according to the following rules: 1 is the base complexity of a function +1 for each 'if', 'for', 'case', '&&' or '||' Go Report Card warns on functions with cyclomatic complexity > 9

History of checks done by CI is available at RedHatInsights / insights-operator-ldapauth.

Contribution

Please look into document CONTRIBUTING.md that contains all information about how to contribute to this project.

Please look also at Definition of Done document with further information.

Package manifest

Package manifest is available at docs/manifest.txt.