* Regenerate stale idp swagger definitions
* Remove an unnecessary import
* Handle err case for role not found in db
* Fix user not being deleted in casbin on user remove from group
Changes in this PR include
- Authenticate gRPC requests
- Initial file structure for authentication and authorization service
- Use Auth middleware and interceptor service in usermgmt component
- Authenticate HTTP request based on Kratos API token
- Add Auth middleware to adminsrv component
- Name the Grpc metadata fields
- Maintain session data after authentication
- Removed http middleware as it is not necessary
- Exclude rpc methods from authentication
- Handle error in auth interceptor
- Revert to with cancel context
- Log authentication failed requests and New function in authv3
- Initiate authContext struct in authv3 package using new public
- function NewAuthContext.
* Update dependencies from authz
* authz: fix log import path
* Authz related creation steps
* Fix typo: Namesapce -> Namespace
* Add tests for role creation interaction with authz
* Switch to using names for policy and group creation in authz
* Group creation not udpates casbin db
* Fix reading db address from env
* Tiny typo fix in readme
* Simplify error handling in usermgmt server
* Rework test setup
* Fix all current tests
* Complete authz integration
* Drop unnecessary dependency on adminsrv in usermgmt
* Move oidc provider model
* Change apiVersion of Idp and Oidc provider to 'system.k8smgmt.io/v3'
* Change IdP Get, Udpate, Delete to name instead of an Id
* Change Oidc Provider Get, Update, Delete to name instead of an Id
* Deprecated AcsURL from Idp db table
AcsURL is generated dynamically per request. This change is made
particularly considering case where application host is changed after
adding IdP. Storing AcsURL in table will create hard coupling between
application host and Idp configuration. OIDC provider service is
following same approach for callback url.
* Idp: Load application HTTP Url in main.go
* OIDC Provider: Reuse Kratos Url from main.go
Initial SAML based authentication in usermgmt component
Signed-off-by: Akshay Gaikwad <akshay.gaikwad@rafay.co>
Update SAMLAuth middleware
- Get username from request body
- Validate for exiwstng session
- Redirect to IDP authentication when no valid session
Modification in SAML middlewares
- Reduce duplicate code by new function createSAMLMiddleware
Restructure saml package
- Moved SAML Middlewares to middleware.go
- Embed samlsp.Middleware into own struct
Use EntityDAO from common and mock Idp model for testing
Signed-off-by: Akshay Gaikwad <akshay.gaikwad@rafay.co>
Add IDP API definitions
Signed-off-by: Akshay Gaikwad <akshay.gaikwad@rafay.co>
Add interface for IdpService
Add id to UpdateIdp proto message
Add metadata_url to UpdateIdp message and limit to ListIdps rpc
Implement Idp Service methods
Update Idp model
Remove main.go and mocked idp model
Generate ACS URL and SAML SP cert
Change Id type in proto as well as in IDP model
Update IDP model struct tags
Set TimeFormat for IDP service
Update generateSpCert() and generateAcsURL()
Add idpServer which is wrapper around idpService
idpServer is a gRPC controller.
Add back-end validations for idp service
