Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ft(rbac): Cyclops login page for authentication & Integration of Cerbos for Authorization #361

Open
wants to merge 51 commits into
base: main
Choose a base branch
from
Open

ft(rbac): Cyclops login page for authentication & Integration of Cerbos for Authorization #361

wants to merge 51 commits into from

Conversation

siddhantprateek
Copy link
Contributor

@siddhantprateek siddhantprateek commented Jun 23, 2024
edited
Loading

closes #48

Preview

cyclops-login.mp4

πŸ“‘ Description

  • Added Login Page
  • Added authentication context provider, for auth state management

βœ… Checks

  • I have updated the documentation as required
  • I have performed a self-review of my code

β„Ή Additional context

  • Integrated Cerbos for authorization.
  • Added a login controller and handler for username and password based login:
    • Returns a JWT access token, which the auth middleware uses to verify each endpoint.
  • Created Cerbos policies for each resource.
  • Added a Cerbos service to Docker Compose for local development.
  • For user and password verification it uses kubernetes secrets

currently the way of creating a user is

apiVersion: v1
kind: Secret
metadata:
  name: cyclops-user-1
  namespace: cyclops
  labels:
    app.kubernetes.io/part-of: cyclops
    app.kubernetes.io/type: user
    app.kubernetes.io/name: siddhant
data:
  password: c2lkZGhhbnQ=
  roles: dXNlcg==
  username: c2lkZGhhbnQ=
type: Opaque

the query will be based on the labels

  labels:
    app.kubernetes.io/part-of: cyclops
    app.kubernetes.io/type: user
    app.kubernetes.io/name: siddhant
  • app.kubernetes.io/name: siddhant same as the username

Further required enhancement

@siddhantprateek siddhantprateek requested a review from a team as a code owner June 23, 2024 10:32
@petar-cvit
Copy link
Collaborator

This looks awesome. Is there a reason you separated this PR from the other?

@siddhantprateek
Copy link
Contributor Author

I believe, I should close the other PR because I require rbac changes for the UI changes, and I also need to work on the latest branch instead of the rbac branch due to updates in the controller.

@petar-cvit
Copy link
Collaborator

Got it. Could you then close the other PR? Is this one ready for review

@siddhantprateek
Copy link
Contributor Author

You can review this i'll close that one, and update the Additional Context for this

@petar-cvit
Copy link
Collaborator

Thanks, will do!

@siddhantprateek siddhantprateek mentioned this pull request Jun 27, 2024
Closed
2 tasks
@siddhantprateek siddhantprateek changed the title ft(cyclops-ui): Cyclops login page for authentication ft(rbac): Cyclops login page for authentication & Integration of Cerbos for Authorization Jun 27, 2024
@siddhantprateek
Copy link
Contributor Author

Also before merging the changes, we need to have Further required enhancement part too, and a way to generate admin user

@petar-cvit
Copy link
Collaborator

Hey @siddhantprateek, I started reviewing the PR, but could you separate it into smaller PRs? It's going to be easier to review it and discuss the solution. Especially if we still have some parts of the solution we need to discuss

@siddhantprateek
Copy link
Contributor Author

siddhantprateek commented Aug 9, 2024
edited
Loading

Could we also have a logout button in the sidebar? Make sure to resolve conflicts and pick up the latest main branch

Thanks for the clarification! I often forget to ask where exactly to place the logout button. I’ll also make sure to resolve any conflicts.

Logout Button Preview:
image

@petar-cvit
Copy link
Collaborator

@siddhantprateek can we put the logout button in the top right on the navbar? Also, we could add the username and role currently used

petar-cvit
petar-cvit requested changes Aug 14, 2024
View reviewed changes
Copy link
Collaborator

@petar-cvit petar-cvit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@siddhantprateek I noticed that I have to relogin on page refresh. Can we fix that also?

cyclops-ctrl/internal/cerbos/db/users.go
Comment on lines +29 to +36
func NewUserConfig() (*UserConfig, error) {
config := ctrl.GetConfigOrDie()
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
return nil, err
}
return &UserConfig{clientset: clientset}, nil
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer to have a struct UserDB that would be initialized when the service starts and then create the clientset instead of constructing it each time we load a user config. You can also offload that to the K8s client since it already has a k8s clientset that can be queried for user secrets.

cyclops-ctrl/internal/cerbos/controller.go Outdated Show resolved Hide resolved
@siddhantprateek
Copy link
Contributor Author

siddhantprateek commented Oct 6, 2024
edited
Loading

image

user with role and logout dropdown preview

@petar-cvit petar-cvit mentioned this pull request Oct 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petar-cvit petar-cvit petar-cvit requested changes

Assignees

@siddhantprateek siddhantprateek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement RBAC
2 participants
@siddhantprateek @petar-cvit