Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: add support for Consumer's credentials #12

Closed
hbagdi opened this issue Apr 12, 2019 · 2 comments · Fixed by #48
Closed

Feature request: add support for Consumer's credentials #12

hbagdi opened this issue Apr 12, 2019 · 2 comments · Fixed by #48
Labels
feature New feature or request
Milestone

Comments

@hbagdi
Copy link
Member

hbagdi commented Apr 12, 2019

Following credential types can be created in Kong, that are associated with a consumer in Kong:

  • key-auth
  • hmac-auth
  • basic-auth
  • jwt
  • acl

Currently, decK cannot manage these plugin specific entities.

While key-auth, jwt and hmac-auth store credential in plain-text and return them, basic-auth plugin hashes the password. This results in a hash being returned on the Admin API. In such a situation, the credential cannot be compared for a diff and updated if it is out of sync. It is not clear the path that Kong will take in future and if other credentials and secrets will also be hashed or encrypted or both.

There are a couple of solutions possible:

  • Add support for the 3 credentials that are in plain-text today and then later if Kong hashes them, drop support for them.
  • Add support for all credentials, but then warn users that update operation is not supported, meaning deck will take care of creating a credential if one doesn't exist, but will not diff them to apply them again. There can be an annotation on a credential which can force a resync, meaning, the credential will be PUT. This will result in PUT request to credentials in every sync.

In either of the solution, hashed information can not be exported from Kong.

@arun-a-nayagam
Copy link

arun-a-nayagam commented Jul 16, 2019

I think you should follow what Kongfig does. I am guessing Kongfig doesn't support update of credentials.
Either way would you be able to give a timeline of when this will be available for public use?

@hbagdi
Copy link
Member Author

hbagdi commented Jul 16, 2019

Either way would you be able to give a timeline of when this will be available for public use?

Expect this to be out sometime in late August to mid-September along with a few other features cool features like easier integrations with Kong Enterprise, multiple file support, doc updates around features released in last couple releases.

@hbagdi hbagdi added this to the v0.5.0 milestone Jul 26, 2019
@hbagdi hbagdi added the feature New feature or request label Jul 31, 2019
@hbagdi hbagdi changed the title Feature requset: add support for Consumer's credentials Feature request: add support for Consumer's credentials Aug 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants