Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ft(cyclops-ctrl): cerbos integration for RBAC #359

Closed
wants to merge 29 commits into from
Closed

ft(cyclops-ctrl): cerbos integration for RBAC #359

wants to merge 29 commits into from

Conversation

siddhantprateek
Copy link
Contributor

closes #48

📑 Description

  • Integrated Cerbos for authorization.
  • Added a login controller and handler for username and password based login:
    • Returns a JWT access token, which the auth middleware uses to verify each endpoint.
  • Created Cerbos policies for each resource.
  • Added a Cerbos service to Docker Compose for local development.
  • For user and password verification it uses kubernetes secrets

currently the way of creating a user is

apiVersion: v1
kind: Secret
metadata:
  name: cyclops-user-1
  namespace: cyclops
  labels:
    app.kubernetes.io/part-of: cyclops
    app.kubernetes.io/type: user
    app.kubernetes.io/name: siddhant
data:
  password: c2lkZGhhbnQ=
  roles: dXNlcg==
  username: c2lkZGhhbnQ=
type: Opaque

the query will be based on the labels

  labels:
    app.kubernetes.io/part-of: cyclops
    app.kubernetes.io/type: user
    app.kubernetes.io/name: siddhant
  • app.kubernetes.io/name: siddhant same as the username

Further required enhancement

✅ Checks

  • I have updated the documentation as required
  • I have performed a self-review of my code

ℹ Additional context

siddhantprateek and others added 29 commits June 16, 2024 18:57
@siddhantprateek
ft(ctrl): cerbos policies
048b8fe
@siddhantprateek
ft(ctrl): cerbos conf
44b2c65
@siddhantprateek
ft(ctrl): cerbos integration for modules
0d27f59
@siddhantprateek
ft(ctrl): cerbos integration for templates
860b287
@siddhantprateek
ft(ctrl): cerbos connection and middleware
fc15296
@siddhantprateek
ft(ctrl): cerbos compose service
5b4efcc
@siddhantprateek
ft(ctrl): defined user and resources
e8407e4
@siddhantprateek
ft(ctrl): updated the dependencies
97614f0
@thebigbone @petar-cvit
🚇 add serve command (#329)
0c213d5 
* add serve command

* use k8s api for port forwarding

* typo

* local port flag

* define clientset globally

* use kubeconfig and first pod from the list

* minor fix

* imports

* formatting

* update cyctl/cmd/serve.go

Co-authored-by: Petar Cvitanović <[email protected]>

* update cyctl/cmd/serve.go

Co-authored-by: Petar Cvitanović <[email protected]>

---------

Co-authored-by: Petar Cvitanović <[email protected]>
@petar-cvit
🌱 update contribution docs
2fa9f2a
@Sheikh-Abubaker
✅ support for Template Status Check (#334)
5d3b4e1 
* Add support for Templates Status Check

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Update TemplateStore.tsx

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Update TemplateStore.tsx

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Revert "Update TemplateStore.tsx"

This reverts commit 37ee0cf.

* Revert "Update TemplateStore.tsx"

This reverts commit 67342ca.

* Resolve conflicts after revert

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Update TemplateStore.tsx

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Update TemplateStore.tsx

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Update TemplateStore.tsx

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Add Validate as the column name

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Fix indentation

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Fix indentation

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Update TemplateStore.tsx and styles.module.css

Signed-off-by: Sheikh-Abubaker <[email protected]>

* Fix indentaion in TemplateStore.tsx

Signed-off-by: Sheikh-Abubaker <[email protected]>

---------

Signed-off-by: Sheikh-Abubaker <[email protected]>
@patelajay745
⏰ implemented resource details for cronjob (#346)
1d5eae0 
* fixed isuue-340 : implemented resource deatils for cronjob

* fixed isuue-340 : updated job/pods
@github-actions
⚙️ update cyclops to v0.7.1
73d6330
@petar-cvit
🦫 run goreleaser
cff7331
@patelajay745
🔨 implement resource details for Jobs (#349)
4db0b3f
@KaradzaJuraj
✉️ newsletter
76f45c4
@KaradzaJuraj
✉️ newsletter
3bb117d 
✉️ newsletter
@thebigbone
🐥 initialize cyclops resources with init command (#343)
f0df5db 
* initialize cyclops resources with init command

* minor changes

* revert back to patch

* error logging
@dependabot
🤖 bump ws from 7.5.9 to 7.5.10 in /cyclops-ui (#347)
03c237b 
Bumps [ws](https://github.com/websockets/ws) from 7.5.9 to 7.5.10.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.9...7.5.10)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
🤖 bump braces from 3.0.2 to 3.0.3 in /cyclops-ui (#331)
318bb39 
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@KaradzaJuraj
✉️ subscribe button flex wrap (#353)
db36004 
* ✉️ subscribe button flex wrap

* getting verified

* ✉️ subscribe button flex wrap
@dependabot
🤖 bump ws from 6.2.2 to 6.2.3 in /web (#354)
822e6d3 
Bumps [ws](https://github.com/websockets/ws) from 6.2.2 to 6.2.3.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@6.2.2...6.2.3)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@KaradzaJuraj
📝 Why CLIs are STILL important (#355)
5afba7a
@KaradzaJuraj
🖇️ update blog list on landing page (#356)
7eca1b4
@siddhantprateek
ft(cyclos-ctrl): cerbos login handler and middleware
5ab33c5
@siddhantprateek
ft(cerbos): user secret retrival from cyclops namespace
dab1488
@siddhantprateek
updated dependencies
3ead6b0
@siddhantprateek
added CERBOS_URL to .env and use environ var for cerbos connection
9f5f551
@siddhantprateek
Merge branch 'cyclops-ui:main' into cerbos
e01871d
@siddhantprateek siddhantprateek requested a review from a team as a code owner June 22, 2024 12:00
@siddhantprateek
Copy link
Contributor Author

closing this PR, created from wrong base branch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@siddhantprateek @thebigbone @petar-cvit @Sheikh-Abubaker @patelajay745 @KaradzaJuraj