Add authorization scriptlet #1412
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Some context is needed for a few changes. |
bensmrs
force-pushed
the
main
branch
2 times, most recently
from
16c113b to
54f1402
Compare
bensmrs
commented
Nov 22, 2024
bensmrs
force-pushed
the
main
branch
2 times, most recently
from
3eabfb1 to
f5360a8
Compare
|
I don’t really get why the code checks are failing, the errors are not something my knowledge of Go allows me to decipher :) |
stgraber
force-pushed
the
main
branch
2 times, most recently
from
be212ca to
3a60a1e
Compare
|
Alright, got all the tests to behave. Now I can actually review this PR :) |
|
Nice! |
stgraber
reviewed
Nov 26, 2024
|
Looks pretty good to me! What we still need to add to this are two commits:
|
|
With this change I'm getting pretty tempted to rename |
|
Hi! Does it help if I rebase the PR? |
|
Yeah, that'd be quite useful, thanks! |
|
There you go. I started freaking out when I saw changes to the OpenFGA driver, but it wasn’t that dramatic in the end. |
stgraber
reviewed
Dec 5, 2024
stgraber
reviewed
Dec 5, 2024
stgraber
reviewed
Dec 5, 2024
|
Looking good. On the Instead we should expose a script which just includes:
And have the username and protocol be pre-expanded as is done in |
stgraber
reviewed
Dec 6, 2024
stgraber
reviewed
Dec 6, 2024
|
Looks good, just a capitalization nit left ;) It's nice that the test uses OIDC, makes it easier to try multiple users. |
bensmrs
force-pushed
the
main
branch
2 times, most recently
from
6dfcd68 to
0f79ccf
Compare
It was actually a mix of “I don’t want to generate certificates and pass them cleanly to Incus” and ”Oh! The tests make it sooo easy to use OIDC”, combined to “I prefer to use explicit user names in the tests”. |
|
Hey! all these rebases are starting to become quite boring :D |
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
Signed-off-by: Benjamin Somers <benjamin.somers@imt-atlantique.fr>
stgraber
approved these changes
Dec 8, 2024
|
Thanks for the great work! |
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Dec 13, 2024
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [lxc/incus](https://github.com/lxc/incus) | minor | `v6.7.0` -> `v6.8.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>lxc/incus (lxc/incus)</summary> ### [`v6.8.0`](https://github.com/lxc/incus/releases/tag/v6.8.0): Incus 6.8 [Compare Source](lxc/incus@v6.7.0...v6.8.0) #### What's Changed - exec: Consume websocket pings for stderr by [@​stefanor](https://github.com/stefanor) in lxc/incus#1380 - incus-simplestreams: Add prune command by [@​presztak](https://github.com/presztak) in lxc/incus#1381 - internal/instance: Fix validation of volatile.cpu.nodes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1394 - Add a function to clone map and use it where appropriate by [@​montag451](https://github.com/montag451) in lxc/incus#1397 - cgo/process_utils: fix 32bit builds by [@​brauner](https://github.com/brauner) in lxc/incus#1398 - Start using goimports by [@​stgraber](https://github.com/stgraber) in lxc/incus#1399 - instance/config: Mark user keys as live updatable by [@​stgraber](https://github.com/stgraber) in lxc/incus#1404 - incus/internal/server/instance/drivers/: Fix incorrect Vars file mapping in edk2 driver by [@​cmspam](https://github.com/cmspam) in lxc/incus#1406 - zfs: load keys for encrypted datasets during pool import by [@​cyphar](https://github.com/cyphar) in lxc/incus#1384 - incusd/instance: Lock image access by [@​stgraber](https://github.com/stgraber) in lxc/incus#1408 - incus/image: Make use of server-side alias handling by [@​stgraber](https://github.com/stgraber) in lxc/incus#1409 - incusd/cluster: Validate cluster HTTPS address on join too by [@​stgraber](https://github.com/stgraber) in lxc/incus#1411 - Remove metadata info from space usage calculation by [@​presztak](https://github.com/presztak) in lxc/incus#1417 - Add ability to set the initial owner of a custom volume by [@​presztak](https://github.com/presztak) in lxc/incus#1415 - Allow local live-migration between storage pools by [@​presztak](https://github.com/presztak) in lxc/incus#1410 - incus: Add aliases completion by [@​montag451](https://github.com/montag451) in lxc/incus#1385 - golangci: Add local prefixes for goimports by [@​breml](https://github.com/breml) in lxc/incus#1401 - client: invalidate simple streams cache by [@​breml](https://github.com/breml) in lxc/incus#1424 - incusd/instances_post: Fix cluster internal migrations by [@​stgraber](https://github.com/stgraber) in lxc/incus#1427 - Fix DHCP client keeping container up by [@​stgraber](https://github.com/stgraber) in lxc/incus#1430 - Add support for VGA console screenshots by [@​breml](https://github.com/breml) in lxc/incus#1431 - Add --reuse to incus image import by [@​presztak](https://github.com/presztak) in lxc/incus#1428 - Fix random ETag values due to map ordering by [@​stgraber](https://github.com/stgraber) in lxc/incus#1432 - incusd/task: Fix wait group logic (more entries than running tasks) by [@​stgraber](https://github.com/stgraber) in lxc/incus#1433 - Allow setting aliases during raw image upload by [@​stgraber](https://github.com/stgraber) in lxc/incus#1434 - Fixes an issue when copying a custom volume using the `--refresh` flag by [@​presztak](https://github.com/presztak) in lxc/incus#1437 - Openfga improvements by [@​stgraber](https://github.com/stgraber) in lxc/incus#1435 - doc/instance/properties: Add missing instance properties by [@​stgraber](https://github.com/stgraber) in lxc/incus#1439 - incusd/daemon_storage: Ensure corect symlinks for images/backups by [@​stgraber](https://github.com/stgraber) in lxc/incus#1441 - incusd/storage/lvm: Handle newer LVM by [@​stgraber](https://github.com/stgraber) in lxc/incus#1442 - Tweak rendering of manpage in doc by [@​stgraber](https://github.com/stgraber) in lxc/incus#1443 - incusd/storage/lvm: Require 512-bytes physical block size for VM images by [@​stgraber](https://github.com/stgraber) in lxc/incus#1444 - incusd: Fill ExpiryDate and remove LastUsedDate in volumeSnapshotToProtobuf by [@​presztak](https://github.com/presztak) in lxc/incus#1448 - incusd/device/tpm: Wait for swtpm to be ready by [@​stgraber](https://github.com/stgraber) in lxc/incus#1447 - incus: Improve completion for `file push` and `file pull` by [@​montag451](https://github.com/montag451) in lxc/incus#1445 - incusd/auth/tls: Restrict config access to non-admin by [@​stgraber](https://github.com/stgraber) in lxc/incus#1451 - incusd/storage: Handle default disk size in GetInstanceUsage by [@​stgraber](https://github.com/stgraber) in lxc/incus#1452 - incus: Improve completion for some file sub-commmands by [@​montag451](https://github.com/montag451) in lxc/incus#1453 - incus: Fix completion for `profile copy` by [@​montag451](https://github.com/montag451) in lxc/incus#1454 - incus: Add completion for `image alias` subcommands by [@​montag451](https://github.com/montag451) in lxc/incus#1457 - doc/installing: Update Fedora instructions by [@​stgraber](https://github.com/stgraber) in lxc/incus#1456 - Fix gap in validation of pre-existing certificates when switching to PKI mode by [@​stgraber](https://github.com/stgraber) in lxc/incus#1458 - doc/network_forwards: Split configuration into own table by [@​stgraber](https://github.com/stgraber) in lxc/incus#1460 - chore: Happy path on the left, early return by [@​breml](https://github.com/breml) in lxc/incus#1461 - incus: Fix completion for `image alias create` by [@​montag451](https://github.com/montag451) in lxc/incus#1459 - incus/top: Ignore CPU idle time by [@​stgraber](https://github.com/stgraber) in lxc/incus#1462 - incus: Display the alias expansion when execution of an alias fails by [@​montag451](https://github.com/montag451) in lxc/incus#1464 - lint: disallow restricted licenses in go-licenses by [@​breml](https://github.com/breml) in lxc/incus#1466 - chore: code structure, Go identifier shaddowing by [@​breml](https://github.com/breml) in lxc/incus#1465 - incus: Fix alias arguments handling by [@​montag451](https://github.com/montag451) in lxc/incus#1463 - incus/file/push Use SFTP client instead of file API by [@​HassanAlsamahi](https://github.com/HassanAlsamahi) in lxc/incus#1468 - Fix TPM fd leaks and OpenFGA patching issue by [@​stgraber](https://github.com/stgraber) in lxc/incus#1469 - Clarify device override syntax by [@​stgraber](https://github.com/stgraber) in lxc/incus#1471 - incusd/auth/openfga: refresh model before applying patches by [@​stgraber](https://github.com/stgraber) in lxc/incus#1472 - Add authorization scriptlet by [@​bensmrs](https://github.com/bensmrs) in lxc/incus#1412 - doc: add openSUSE installation instructions by [@​cyphar](https://github.com/cyphar) in lxc/incus#1475 - OCI image debugging improvements by [@​danbiagini](https://github.com/danbiagini) in lxc/incus#1478 - Add function checks to scriptlet validation by [@​bensmrs](https://github.com/bensmrs) in lxc/incus#1484 - incus/project: Fix handling of default (unset) project in `get-current` by [@​irhndt](https://github.com/irhndt) in lxc/incus#1476 - Translations update from Hosted Weblate by [@​weblate](https://github.com/weblate) in lxc/incus#1492 - Add `--force` flag to the console command by [@​presztak](https://github.com/presztak) in lxc/incus#1491 - Accept io.Writer in RenderTable by [@​breml](https://github.com/breml) in lxc/incus#1490 - doc/network_bridge: Fix missing escaping around variable by [@​irhndt](https://github.com/irhndt) in lxc/incus#1493 - incusd/cluster: Skip project restrictions during join by [@​stgraber](https://github.com/stgraber) in lxc/incus#1497 - incusd/instance/lxc: Skip instances without idmap allocation yet by [@​stgraber](https://github.com/stgraber) in lxc/incus#1495 - incusd/storage/drivers/common: Truncate/Discard ahead of sparse write by [@​stgraber](https://github.com/stgraber) in lxc/incus#1496 - Add AskPassword/AskPasswordOnce to Asker by [@​breml](https://github.com/breml) in lxc/incus#1499 - Add additional check to Cancel method for ConsoleShow operation by [@​presztak](https://github.com/presztak) in lxc/incus#1500 - Improve console disconnections by [@​stgraber](https://github.com/stgraber) in lxc/incus#1501 - Fix duplicate OVN load-balancer entries by [@​stgraber](https://github.com/stgraber) in lxc/incus#1502 - Improve SFTP performance by [@​stgraber](https://github.com/stgraber) in lxc/incus#1503 - incusd/instance_post: Expand profiles in scriptlet context by [@​stgraber](https://github.com/stgraber) in lxc/incus#1504 #### New Contributors - [@​stefanor](https://github.com/stefanor) made their first contribution in lxc/incus#1380 - [@​brauner](https://github.com/brauner) made their first contribution in lxc/incus#1398 - [@​cyphar](https://github.com/cyphar) made their first contribution in lxc/incus#1384 - [@​breml](https://github.com/breml) made their first contribution in lxc/incus#1401 - [@​danbiagini](https://github.com/danbiagini) made their first contribution in lxc/incus#1478 - [@​irhndt](https://github.com/irhndt) made their first contribution in lxc/incus#1476 **Full Changelog**: lxc/incus@v6.7.0...v6.8.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS42Mi42IiwidXBkYXRlZEluVmVyIjoiMzkuNjIuNiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: #188