Add WithAuth middleware #1268

yiannistri · 2022-01-05T09:34:45Z

Part of: #1092

What changed?

Added feature flag to enable authentication flow
Added middleware that inspects cookie or auth header for an ID token
- Unauthenticated API requests will 401
- Unauthenticated web/html requests will redirect to OIDC issuer

Why?
The end goal is to execute calls to the Kubernetes API on behalf of the authenticated user.

How did you test it?
Unit tests and manually.

Release notes
Not yet, still behind a feature flag.

Documentation Changes
Not yet, still behind a feature flag.

Note that more changes (follow-up PRs) will be needed to actually use the identity of the authenticated user in subsequent calls to the Kubernetes API.

jpellizzari

Looks very elegant and well thought out 👍 .

I don't fully grasp all of the OIDC stuff, but this is implemented in a low-risk way. Nice work.

cmd/gitops/ui/run/cmd.go

pkg/server/auth/jwt.go

pkg/server/handler.go

bigkevmcd

Nothing major in here.

cmd/gitops/root/cmd.go

cmd/gitops/ui/run/cmd.go

pkg/server/auth/auth.go

pkg/server/auth/jwt.go

pkg/server/auth/auth.go

bigkevmcd

Thanks for the work to make this better!

yiannistri added the type/enhancement New feature or request label Jan 5, 2022

yiannistri force-pushed the add-auth-feature-flag branch 8 times, most recently from 0e97266 to 5dff28e Compare January 6, 2022 19:09

yiannistri marked this pull request as ready for review January 6, 2022 20:37

yiannistri requested a review from jpellizzari January 6, 2022 20:37

jpellizzari approved these changes Jan 6, 2022

View reviewed changes

cmd/gitops/ui/run/cmd.go Outdated Show resolved Hide resolved

pkg/server/auth/jwt.go Show resolved Hide resolved

pkg/server/handler.go Show resolved Hide resolved

yiannistri requested a review from bigkevmcd January 7, 2022 09:51

bigkevmcd requested changes Jan 7, 2022

View reviewed changes

Add WithAuth middleware

0c31633

yiannistri force-pushed the add-auth-feature-flag branch 3 times, most recently from 8c21cf3 to c6dd7a4 Compare January 8, 2022 14:33

yiannistri requested a review from bigkevmcd January 8, 2022 22:05

yiannistri force-pushed the add-auth-feature-flag branch 3 times, most recently from 8ed18fc to 25343ad Compare January 9, 2022 10:37

yiannistri added exclude from release notes and removed type/enhancement New feature or request labels Jan 9, 2022

yiannistri force-pushed the add-auth-feature-flag branch 5 times, most recently from 7525f8d to 60bf9cb Compare January 11, 2022 11:21

Code review changes

371f2bb

yiannistri force-pushed the add-auth-feature-flag branch from 60bf9cb to 371f2bb Compare January 11, 2022 11:24

bigkevmcd approved these changes Jan 11, 2022

View reviewed changes

yiannistri merged commit 0d2aa5e into main Jan 11, 2022

yiannistri deleted the add-auth-feature-flag branch January 11, 2022 13:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add WithAuth middleware #1268

Add WithAuth middleware #1268

yiannistri commented Jan 5, 2022 •

edited

jpellizzari left a comment

bigkevmcd left a comment

bigkevmcd left a comment

Add WithAuth middleware #1268

Add WithAuth middleware #1268

Conversation

yiannistri commented Jan 5, 2022 • edited

jpellizzari left a comment

Choose a reason for hiding this comment

bigkevmcd left a comment

Choose a reason for hiding this comment

bigkevmcd left a comment

Choose a reason for hiding this comment

yiannistri commented Jan 5, 2022 •

edited