Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

☂️ SSO / OIDC / Token Expiry #13120

Closed
65 of 70 tasks
philrenaud opened this issue May 25, 2022 · 0 comments
Closed
65 of 70 tasks

☂️ SSO / OIDC / Token Expiry #13120

philrenaud opened this issue May 25, 2022 · 0 comments
Assignees
@pkazmierczak @philrenaud @jrasell @ChaiWithJai @juliezzhou
Labels
stage/accepted Confirmed, and intend to work on. No timeline committment though. theme/auth type/enhancement

Comments

@philrenaud
Copy link
Contributor

philrenaud commented May 25, 2022
edited by pkazmierczak

ACL Token Expiration

The ability to set optional expiration times on ACL tokens. A prerequisite of Nomad SSO.

RFC

  • (L) Draft RFC
  • (S) Circulate within Nomad team
  • (S) Circulate within RFC mailing list

Implementation

  • (S) Update Server configuration with new options
  • (S) Modify ACL token API and CLI
  • (S) Modify ACL token state store schema
  • (S) Modify ACL token resolve RPC funcs
  • (M) Add new ACL token expiry garbage collector

Docs and Test

  • (S) Update server config website documentation
  • (S) Update API ACL token website documentation
  • (S) Update CLI ACL token website documentation
  • (S) Identify and update internal docs around ACL usage
  • (M) Add token expiry E2E tests
  • (L) New Learn guide

ACL Token Roles

The ability to group ACL policies within ACL roles. A prerequisite of Nomad SSO.

RFC

  • (L) Draft RFC
  • (S) Circulate within Nomad team
  • (S) Circulate within RFC mailing list

Implementation

  • (L) Implement ACL roles schema and store funcs
  • (M) Implement ACL roles structs and diff funcs
  • (L) implement ACL roles RPC endpoints
  • (L) implement ACL roles API endpoints
  • (M) implement ACL roles CLI
  • (S) Update ACL token create CLI
  • (L) Modify ACL token resolve functionality
  • (M) Modify replication functionality to include ACL roles

Docs and Test

  • (M) Add ACL role API website documentation
  • (M) Add ACL role CLI website documentation
  • (M) Identify and update ACL authentication website documentation
  • (L) Add ACL role E2E tests
  • (L) New Learn guide

ACL SSO (OIDC)

The SSO feature itself. There are still a number of unknown from my side as previous work focussed on expiry and roles.

RFC

  • (L) Draft RFC
  • (S) Circulate within Nomad team
  • (S) Circulate within RFC mailing list

Implementation

  • (L) Implement ACL auth method schema and store funcs
  • (L) Implement ACL auth method structs and diff funcs
  • (L) implement ACL auth method RPC endpoints
  • (L) implement ACL auth method API endpoints
  • (L) Implement login API
  • (L) Implement login RPC
  • (M) implement ACL auth method CLI
  • (L) Modify replication functionality to include ACL auth method
  • (L) Implement login CLI
  • (L) Add ACL auth-methods to event stream
  • (L) Implement ACL binding rule schema and store funcs
  • (L) Implement ACL binding rule structs and diff funcs
  • (L) implement ACL binding rule RPC endpoints
  • (L) implement ACL binding rule API endpoints
  • (L) Add ACL binding rules to event stream
  • (L) Add ACL binding rule CLI
  • (L) Add ACL binding rules evaluation and conversion

Docs and Test

  • (M) Add ACL auth method API website documentation
  • (M) Add ACL auth method CLI website documentation
  • (S) Add login CLI website documentation
  • (S) Add login API website documentation
  • (S) Add ACL binding rules CLI website documentation
  • (S) Add ACL binding rules API website documentation
  • (L) Add login E2E tests (if possible)
  • (L) New Learn guide
  • (S) Modify Nomad security model

UI
@philrenaud philrenaud added this to the 1.4.0 milestone May 25, 2022
@jrasell jrasell added stage/accepted Confirmed, and intend to work on. No timeline committment though. type/enhancement labels May 31, 2022
This was referenced Jul 11, 2022
Merged
Merged
Merged
Merged
@jrasell jrasell mentioned this issue Jul 19, 2022
Merged
jrasell added a commit that referenced this issue Aug 1, 2022
@jrasell
merge main into f-gh-13120 with ACL token expiry work.
3d9e50d
jrasell added a commit that referenced this issue Aug 2, 2022
@jrasell
Merge branch 'main' into f-gh-13120-sso-umbrella
892ab8a
This was referenced Aug 2, 2022
Merged
Merged
This was referenced Aug 11, 2022
Merged
Merged
@tgross tgross removed their assignment Aug 16, 2022
This was referenced Aug 18, 2022
Merged
Merged
Merged
Merged
jrasell added a commit that referenced this issue Aug 25, 2022
@jrasell
Merge branch 'main' into f-gh-13120-sso-umbrella-merged-main
3f3ee56
jrasell added a commit that referenced this issue Aug 25, 2022
@jrasell
Merge branch 'main' into f-gh-13120-sso-umbrella-merged-main
7b3bd10
This was referenced Aug 25, 2022
Merged
Merged
jrasell added a commit that referenced this issue Aug 30, 2022
@jrasell
Merge branch 'main' into f-gh-13120-sso-umbrella-merged-main
bf46203
pkazmierczak added a commit that referenced this issue Nov 28, 2022
@pkazmierczak
acl: sso auth methods cli commands (#15322)
2d83ce7 
This PR implements CLI commands to interact with SSO auth methods.

This PR is part of the SSO work captured under ☂️ ticket #13120.
@pkazmierczak pkazmierczak mentioned this issue Nov 28, 2022
Merged
pkazmierczak added a commit that referenced this issue Nov 29, 2022
@pkazmierczak
acl: sso auth methods RPC/API/CLI should return created or updated ob…
fe1ff60 
…jects (#15410)

Currently CRUD code that operates on SSO auth methods does not return created or updated object upon creation/update. This is bad UX and inconsistent behavior compared to other ACL objects like roles, policies or tokens.

This PR fixes it.

Relates to #13120
This was referenced Dec 6, 2022
Merged
Merged
Merged
Merged
Merged
Merged
This was referenced Dec 9, 2022
Merged
Merged
@pkazmierczak pkazmierczak mentioned this issue Dec 12, 2022
Merged
jrasell added a commit that referenced this issue Dec 14, 2022
@jrasell
Merge branch 'main' into jrasell/gh-13120-binding-rule-rpc-api
4bc823c
This was referenced Dec 14, 2022
Merged
Merged
Merged
This was referenced Dec 19, 2022
Merged
Merged
Merged
jrasell added a commit that referenced this issue Jan 11, 2023
@jrasell
Merge branch 'sso/gh-13120-oidc-login' into f-sso-binding-rules-evalu…
49bd568 
…ation-jrasell-additions
@jrasell jrasell mentioned this issue Jan 12, 2023
Merged
@github-actions github-actions bot mentioned this issue Jan 16, 2023
Merged
jrasell added a commit that referenced this issue Jan 18, 2023
@jrasell
Merge pull request #15764 from hashicorp/jrasell/gh-13120-oidc-login
ca753cf 
sso: add OIDC login RPC, HTTP, and CLI workflow
jrasell added a commit that referenced this issue Jan 18, 2023
@jrasell
Merge branch 'main' into sso/gh-13120-oidc-login
859cb6e
This was referenced Jan 18, 2023
Merged
Merged
jrasell added a commit that referenced this issue Jan 19, 2023
@jrasell
Merge pull request #15816 from hashicorp/sso/gh-13120-oidc-login
0745e25 
sso: login workflow implementation
This was referenced Jan 20, 2023
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pkazmierczak pkazmierczak

@philrenaud philrenaud

@jrasell jrasell

@ChaiWithJai ChaiWithJai

@juliezzhou juliezzhou

Labels
stage/accepted Confirmed, and intend to work on. No timeline committment though. theme/auth type/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@pkazmierczak @philrenaud @tgross @jrasell @ChaiWithJai @juliezzhou