Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenFGA authorization driver #12252

Merged
merged 28 commits into from
Oct 27, 2023
Merged

OpenFGA authorization driver #12252

merged 28 commits into from
Oct 27, 2023

Commits on Oct 27, 2023

  1. lxd/auth: Adds OpenFGA model. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    828412e View commit details
    Browse the repository at this point in the history

  2. Makefile: Adds make target for generating openfga model json. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    e972219 View commit details
    Browse the repository at this point in the history

  3. lxd/auth: Runs make-openfga. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    d759818 View commit details
    Browse the repository at this point in the history

  4. lxd/auth: Adds constants for relations. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    431755c View commit details
    Browse the repository at this point in the history

  5. lxd/auth: Adds Resources type and load option. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    cfe169f View commit details
    Browse the repository at this point in the history

  6. gomod: Adds openfga dependency. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    0d78582 View commit details
    Browse the repository at this point in the history

  7. lxd/auth: Adds OpenFGA authorization driver. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    fcf9018 View commit details
    Browse the repository at this point in the history

  8. lxd/cluster/config: Adds OpenFGA config keys. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    5790b5f View commit details
    Browse the repository at this point in the history

  9. lxd-metadata: Runs make update-metadata. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    4fe478b View commit details
    Browse the repository at this point in the history

  10. lxd/db: Exports StoragePoolVolumeTypeToName function. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    44f9cdc View commit details
    Browse the repository at this point in the history

  11. lxd: Adds method to daemon to load the OpenFGA authorizer. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    0f3088e View commit details
    Browse the repository at this point in the history

  12. lxd: Loads OpenFGA authorizer at startup if configured. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    89530bc View commit details
    Browse the repository at this point in the history

  13. lxd: Load OpenFGA authorizer on config change. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    f9f88ba View commit details
    Browse the repository at this point in the history

  14. test/lint: Adds linter for openfga model. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    5567831 View commit details
    Browse the repository at this point in the history

  15. test/includes: Adds util for getting certificate fingerprint. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    cb94dfd View commit details
    Browse the repository at this point in the history

  16. test/includes: Adds utils for running and interacting with an openfga… 

    … server.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    94311c5 View commit details
    Browse the repository at this point in the history

  17. test/includes: Use hostname for RBAC server endpoint. 

    This makes it available from other network namespaces when running
clustering tests.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    ec3afff View commit details
    Browse the repository at this point in the history

  18. test/suites: Adds OpenFGA test suite. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    e27f35c View commit details
    Browse the repository at this point in the history

  19. test/suites: Adds OpenFGA clustering test. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    3799f95 View commit details
    Browse the repository at this point in the history

  20. test: Runs OpenFGA tests in main. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    edd5831 View commit details
    Browse the repository at this point in the history

  21. workflows: Installs openfga server and CLI in github action. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    c2ac155 View commit details
    Browse the repository at this point in the history

  22. doc: Adds OpenFGA to wordlist. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    b911d44 View commit details
    Browse the repository at this point in the history

  23. doc: Adds openfga server configuration options. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    705d692 View commit details
    Browse the repository at this point in the history

  24. doc: Adds authorization explanation page. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    e4ad714 View commit details
    Browse the repository at this point in the history

  25. doc: Updates authentication page to separate authorization. 

    TLS authorization and RBAC have their own sections in the authorization
page now so these are removed. Additionally I have updated the OIDC and
Candid sections to notify users that they must configure authorization,
else their servers are not secure.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    c6694a2 View commit details
    Browse the repository at this point in the history

  26. doc: Update references to RBAC section. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    a3d58fc View commit details
    Browse the repository at this point in the history

  27. doc: Adds authorization page to security related links. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    cd88d9f View commit details
    Browse the repository at this point in the history

  28. doc: Adds authorization page to explanation section. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    3b45b5a View commit details
    Browse the repository at this point in the history