github/paralus
1
0
Fork 0
mirror of https://github.com/paralus/paralus.git synced 2026-05-07 08:56:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
364 Commits 39 Branches 21 Tags
19e5dffb60bc0470ef241eb62e4544feb8a79ad2
Commit Graph

105 Commits

Author SHA1 Message Date
niravparikh05
ad193fbf98 removed desc from user traits 2022-05-27 15:15:58 +05:30
Abin Simon
14750dc41a Merge pull request #149 from RafayLabs/even-more-fixes 
Fix errors, unique filter, oidc
 2022-05-27 13:57:50 +05:30
Abin Simon
c2c503a1aa Add proper unique constraint to project 2022-05-27 13:51:28 +05:30
Abin Simon
18269e0728 Update how unique is handled in provider 2022-05-27 13:51:28 +05:30
Abin Simon
f1e2e02891 Fix few more random issues in oidc provider 2022-05-27 13:51:28 +05:30
Abin Simon
8054b75c88 Lowercase error messages 2022-05-27 13:51:28 +05:30
Nirav Parikh
c3320a8234 Merge pull request #145 from RafayLabs/ns-dev 
Namespace related development changes
 2022-05-27 12:30:42 +05:30
niravparikh05
0210f0f2d3 renamed column namespace_id to namespace 2022-05-27 12:23:22 +05:30
niravparikh05
0ae35d2024 added changes for namespaced dynamic roles and created at metadata field 2022-05-24 15:48:56 +05:30
Abin Simon
aa4bea1654 Fix tests for user delete 2022-05-24 12:37:50 +05:30
Abin Simon
446ae18798 Don't let users delete their own accounts 2022-05-24 12:27:41 +05:30
Abin Simon
c576932eda Create /user/:username/forgotpassword endpoint 2022-05-24 12:08:37 +05:30
niravparikh05
3d8c834189 fixing test cases for namespaces 2022-05-23 14:56:04 +05:30
niravparikh05
8ab85e57c9 changes to support namespaces 2022-05-23 12:42:51 +05:30
Abin Simon
bdc1052662 Cleanup some TODO items 2022-05-20 11:27:29 +05:30
Abin Simon
4d9d8dc4cf Fix user test with compound filtering 2022-05-20 10:53:21 +05:30
Abin Simon
aabf2e600e Fix group filter for users 
The following could be used as an optimisation when we are filtering
just by user, but decided to omit as of now.

```
usrs, err = dao.ListFilteredUsersWithGroup(ctx, s.db,
    []uuid.UUID{}, groupId, queryOptions.Q, queryOptions.Type,
    queryOptions.OrderBy, queryOptions.Order,
    int(queryOptions.Limit), int(queryOptions.Offset))
```
 2022-05-20 10:29:35 +05:30
Abin Simon
68bd13b891 Use projcts instead of projectids for search 2022-05-20 10:29:34 +05:30
Abin Simon
2cdb45e6e9 Update audit logs to use project name instead of id 2022-05-20 10:29:34 +05:30
Abin Simon
dd3a1fd4b1 Fix tests for user list fetch 2022-05-19 14:58:49 +05:30
Nirav Parikh
0d828f1272 Merge pull request #134 from RafayLabs/idp-groups-and-updating-same 
Add IdP groups in Identities table
 2022-05-17 19:09:43 +05:30
Akshay Gaikwad
d26dfa5e55 Fix: go formatting 2022-05-17 13:20:10 +05:30
Akshay Gaikwad
2e4d802995 Fix: Type assertion error on IdPGroups 2022-05-17 13:16:59 +05:30
Abin Simon
5c68a33537 Prevent combining idp and managed groups 2022-05-13 16:24:58 +05:30
Abin Simon
f3de101f94 Update User spec to include IDPGroups 2022-05-13 13:37:07 +05:30
Akshay Gaikwad
f604768865 [OIdC Provider] Return client secret on GET requests 
- Returns client secret on GET request, so that when UI made
modification to OIdC provider, it should be able to send back the
client secret to PUT request.
- Fix issuer url validation when udpate.
 2022-05-12 19:15:10 +05:30
Akshay Gaikwad
a0424f4000 Modify groupaccount table instead of just policy rules 2022-05-12 18:11:10 +05:30
Akshay Gaikwad
5e7fc110b2 Add IdP groups in Identities table 
The idp_groups is list of groups IdP user belongs to that is returning
in the OIdC providers token response. The flow of Idp Group mapping is
as follows:
    OIdC Provider (OP) return custom claim with groups in a token when
    authentication event
        |
    The value of custom claim is mapped to `idp_groups` of identity
    traint using JsonNet mapper.
        |
    On inserting/updating/deleting `identities` table, Postgresql
    sends a pg_notification with
    `PG_OPERATION,IDENTITY_ID,IDENTITY_TRAIN` as a payload.
       |
    The `pkg/service/user.UserService.UpdateIdpUserGroupPolicy` update
    the casbin policies for each notification based on payload received.
 2022-05-12 12:32:30 +05:30
Akshay Gaikwad
243c7645b5 Remove file:// from OIDC urls validation 2022-05-12 11:10:56 +05:30
Akshay Gaikwad
a308b59b07 OIdC Provider: Replace new client secret on Update provider request 2022-05-06 13:00:46 +05:30
Akshay Gaikwad
1f1d04ac29 OIdC Provider: Validate Urls 
The mapperUrl, issuerUrl, authUrl and tokenUrl supports file://,
http(s):// and base64:// urls.
 2022-05-06 12:31:19 +05:30
Akshay Gaikwad
38a2dd50cd OIdC Provider: Deny duplicate Issuer Url 
Duplicate email from different provider applications with same issuer
url cause problems.
 2022-05-06 12:09:59 +05:30
Akshay Gaikwad
eb0b7d3ef2 Provision to create new oidc provider with same name that of deleted 
When we soft delete oidc provider entry which we are doing for delete
provider API endpoint, we cannot create new oidc provider entry with a
same name due to unique constraint violation on name. Applying unique
constraint to name,trash will allow to create new oidc provider entry
with a same name, but fail on deleting that entry because it violates
unique constraint. Hence this commit adds unique constraint
to (id,name) combined.
 2022-05-06 11:31:48 +05:30
niravparikh05
27b2b2f8d9 fixes to callback url and associate default org admin group to role 2022-05-03 13:08:23 +05:30
Nirav Parikh
31a89543b0 Merge pull request #125 from RafayLabs/no-restart 
Fix casbin caching issues
 2022-04-29 18:35:46 +05:30
Abin Simon
f9ec22a0ba Invalidate casbin cache after every update 2022-04-29 15:10:36 +05:30
niravparikh05
e9b9b2b7f4 fixes for oidc config and groups list 2022-04-27 21:39:24 +05:30
niravparikh05
101c005312 fixes for permissions and user group assoc 2022-04-26 19:56:36 +05:30
Abin Simon
2dfbc42717 Drop org and partner restriction in relay audit lookup 2022-04-26 15:29:37 +05:30
Abin Simon
686955a4b4 Fix audit log format 2022-04-26 10:26:15 +05:30
niravparikh05
9e8d767a9e fixes in middleware to set db and few other fixes 2022-04-22 12:13:23 +05:30
Nirav Parikh
a9cd4e842e multiple kratos clients for session validation and identity creation (#114) 
* multiple kratos clients for session validation and identity creation

* fixed review comments

* switching few logs to debug
 2022-04-21 11:52:20 +05:30
niravparikh05
8883703328 changes to expose system and user grpc clients for prompt 2022-04-15 15:05:17 +05:30
niravparikh05
c99c1c5a7e reverting changes for isGlobal in role resource 2022-04-14 18:36:55 +05:30
Nirav Parikh
a9e72810a5 Merge pull request #104 from RafayLabs/issue_fixes 
issue fixes for cluster delete and adding bootstrap addr to agent config
 2022-04-14 17:08:22 +05:30
niravparikh05
4b6cc8f8fe changes to support cluster proxy config 2022-04-14 17:01:05 +05:30
Abin Simon
309b1a4bda Add warning about DEV mode when calling userinfo 2022-04-14 16:55:48 +05:30
Abin Simon
5d5b097770 Remove is_global column from resourcerole table 2022-04-14 16:55:48 +05:30
Abin Simon
3f43536ad0 Don't panic if user is not available 2022-04-14 16:25:14 +05:30
Abin Simon
5537cf0608 Don't allow users to delete builtin roles 2022-04-14 16:24:44 +05:30