-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
External Auth ~ish #92
Conversation
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com> Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
* Could get confusing with proxy_wasm `Actions` * Also with plugin configuration `Action` Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
* GrpcMessage type created Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
* Easier to test, mocking fn * Assigned fn on creation, default hostcall and mock on tests Signed-off-by: dd di cesare <didi@posteo.net>
* Bonus: Addressed review regarding testing and Fn types Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Co-authored-by: dd di cesare <didi@posteo.net> Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Refactor pluginconfig
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
Revert removal of allOf within conditions
* Operations store its status and result in RefCell for interior mut * OperationDispatcher keeps a Vec of Rc<Operation>, then indexes cloning the Rc instead of cloning the entire object. Signed-off-by: dd di cesare <didi@posteo.net>
Signed-off-by: dd di cesare <didi@posteo.net>
Refactoring operation dispatcher
Signed-off-by: dd di cesare <didi@posteo.net>
…-bis Simplifying Operation state transition and exec of req msg
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
13357796 | Triggered | Generic High Entropy Secret | 8dd4c97 | utils/deploy/authconfig.yaml | View secret |
13357796 | Triggered | Generic High Entropy Secret | 40ce002 | utils/deploy/authconfig.yaml | View secret |
13357796 | Triggered | Generic High Entropy Secret | 91da443 | utils/deploy/authconfig.yaml | View secret |
13357796 | Triggered | Generic High Entropy Secret | 88cb14b | utils/deploy/authconfig.yaml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Have you considered in squashing commits? Is it worth 72 commits? Up to you. |
Following is a sample configuration used by the shim. | ||
|
||
```yaml | ||
failureMode: deny | ||
rateLimitPolicies: | ||
extensions: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This example is outdated
Signed-off-by: dd di cesare <didi@posteo.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lgtm
This huge PR addresses part of #58 ... However, all the previous PRs pointing to this branch were thoroughly reviewed (?).
Even if we are only certifying that Rate Limiting works, it's prepared for Auth too. We will close the issue when we provide documentation and deliver it along proper integration tests
List of the main PRs:
Config example
Verification:
Use the new guide in the README to verify multi-action setup:
Port-forward envoy and watch the logs for all services:
Test the authenticated rate limiting:
Alice has 5 requests per 10 seconds:
Bob has 2 requests per 10 seconds: