* Add DB_ADDR to env vars list
* Add Dockerfile and docker-compose
* Remove go.mod from _kratos dir and clean go.mod of root dir
* Run Kratos docker-compose quickstart from root dir
* Add gomigrate to docker-compose
* Bump docker-composen version to 3.7
* Add Kratos services in the single docker compose file
Removed Kratos quickstart files and merge all setup required for
rcloud-base in the kratos-compose.yml file located in the root of the
repo.
* Add elasticsearch in docker-compose
* Allow es to not be available in when in dev mode
* Change default ES endpoint
Co-authored-by: Abin Simon <abin.simon@rafay.co>
* Expose NewSessionContext function
When auth middleware or interceptor is being mocked by other service
then they can take help of `session.NewSessionContext` to store mocked
session data to request context.
* Initialize _log in auth at creating
* Allow excluding URLs in Auth middleware
* restructure rcloud-base as a single base controller
* updated master.rest
* moved sentry from internal to pkg as it is used by relay
* removing unused rpc and it's dependencies
* Fix usermgmt tests
* Don't redefine variables in rest file
Co-authored-by: Abin Simon <abin.simon@rafay.co>
* Regenerate stale idp swagger definitions
* Remove an unnecessary import
* Handle err case for role not found in db
* Fix user not being deleted in casbin on user remove from group
Changes in this PR include
- Authenticate gRPC requests
- Initial file structure for authentication and authorization service
- Use Auth middleware and interceptor service in usermgmt component
- Authenticate HTTP request based on Kratos API token
- Add Auth middleware to adminsrv component
- Name the Grpc metadata fields
- Maintain session data after authentication
- Removed http middleware as it is not necessary
- Exclude rpc methods from authentication
- Handle error in auth interceptor
- Revert to with cancel context
- Log authentication failed requests and New function in authv3
- Initiate authContext struct in authv3 package using new public
- function NewAuthContext.
* Update dependencies from authz
* authz: fix log import path
* Authz related creation steps
* Fix typo: Namesapce -> Namespace
* Add tests for role creation interaction with authz
* Switch to using names for policy and group creation in authz
* Group creation not udpates casbin db
* Fix reading db address from env
* Tiny typo fix in readme
* Simplify error handling in usermgmt server
* Rework test setup
* Fix all current tests
* Complete authz integration
* Drop unnecessary dependency on adminsrv in usermgmt
* Move oidc provider model
* Change apiVersion of Idp and Oidc provider to 'system.k8smgmt.io/v3'
* Change IdP Get, Udpate, Delete to name instead of an Id
* Change Oidc Provider Get, Update, Delete to name instead of an Id
* Deprecated AcsURL from Idp db table
AcsURL is generated dynamically per request. This change is made
particularly considering case where application host is changed after
adding IdP. Storing AcsURL in table will create hard coupling between
application host and Idp configuration. OIDC provider service is
following same approach for callback url.
* Idp: Load application HTTP Url in main.go
* OIDC Provider: Reuse Kratos Url from main.go
