Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

👻 add hack to generate jwt token. #534

Merged
merged 12 commits into from
Oct 24, 2023
Merged

👻 add hack to generate jwt token. #534

merged 12 commits into from
Oct 24, 2023

Conversation

jortel
Copy link
Contributor

@jortel jortel commented Oct 19, 2023
edited
Loading

Add hack script to generate jwt tokens for builtin auth. Likley used by actors such as the operator for migration related to upgrade.

Related:

  • auth.Validator signature changed to return error. This is more flexible and failures can be propagated.
  • auth.Builtin.Authenticate() returns NotAuthenticated when should have returned NotValid for clearity.
  • auth.NotValid includes Reason.

jortel added 2 commits October 19, 2023 12:10
@jortel
👻 add hack to generate jwt tokens for builtin auth.
7357d1b 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
@jortel
comment
fbe0e2b 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
mansam
mansam approved these changes Oct 19, 2023
View reviewed changes
Copy link
Collaborator

@mansam mansam left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice! works great!

> ./jwt.sh foobar
eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6Iio6KiIsInVzZXIiOiJvcGVyYXRvciJ9.b1oNNnRiqPDD7vQ7ySABnZhb88TTHxQShhUDSY7CEG-DrWg4cy738BU5FsdEuJVnvlOZ3o-VZ5QYqs-PXe5_VQ

image

jortel added 5 commits October 19, 2023 14:04
@jortel
checkpoint
87ecf82 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
@jortel
checkpoint
b25d556 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
@jortel
checkpoint
28551c3 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
@jortel
checkpoint
c8efa79 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
@jortel
checkpoint
bbc53a5 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
aufi
aufi approved these changes Oct 20, 2023
View reviewed changes
Copy link
Member

@aufi aufi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

jortel added 3 commits October 23, 2023 13:16
@jortel
checkpoint
84adf82 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
@jortel
checkpoint
994f88f 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
@jortel
checkpoint
e717685 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
jortel
jortel commented Oct 23, 2023
View reviewed changes
auth/builtin.go
@@ -71,9 +74,15 @@ type Builtin struct {
//
// Authenticate the token
func (r *Builtin) Authenticate(request *Request) (jwToken *jwt.Token, err error) {
token := request.Token
token := strings.Replace(request.Token, "Bearer", "", 1)
token = strings.Fields(token)[0]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hint: support proper header value: Authorization: <type> <token>.

jortel added 2 commits October 23, 2023 13:34
@jortel
checkpoint
5b386fe 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
@jortel
checkpoint
bb77b4b 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
jortel
jortel commented Oct 23, 2023
View reviewed changes
auth/builtin.go
@@ -93,32 +102,52 @@ func (r *Builtin) Authenticate(request *Request) (jwToken *jwt.Token, err error)
}
claims, cast := jwToken.Claims.(jwt.MapClaims)
if !cast {
err = liberr.Wrap(&NotAuthenticated{Token: token})
err = liberr.Wrap(
&NotValid{
Copy link
Contributor Author

@jortel jortel Oct 23, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hint: This (and below) is a token validation error, not authentication.

jortel
jortel commented Oct 23, 2023
View reviewed changes
auth/provider.go
}

func (e *NotAuthenticated) Is(err error) (matched bool) {
_, matched = err.(*NotAuthenticated)
notAuth := &NotAuthenticated{}
matched = errors.As(err, &notAuth)
Copy link
Contributor Author

@jortel jortel Oct 23, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hint: Using As() is more robust in case of wrapped errors.

mansam
mansam approved these changes Oct 24, 2023
View reviewed changes
Copy link
Collaborator

@mansam mansam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

task/auth.go
@@ -22,26 +24,34 @@ type Validator struct {
// - The token references a task.
// - The task is valid and running.
// - The task pod valid and pending|running.
func (r *Validator) Valid(token *jwt.Token, db *gorm.DB) (valid bool) {
var err error
func (r *Validator) Valid(token *jwt.Token, db *gorm.DB) (err error) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really like this refactor.

@jortel jortel merged commit 47623f1 into konveyor:main Oct 24, 2023
aufi pushed a commit to aufi/tackle2-hub that referenced this pull request Oct 30, 2023
@jortel @aufi
👻 add hack to generate jwt token. (konveyor#534)
5f5b669 
Add hack script to generate jwt tokens for _builtin_ auth. Likley used
by actors such as the operator for migration related to upgrade.

Related:
- auth.Validator signature changed to return error. This is more
flexible and _failures_ can be propagated.
- auth.Builtin.Authenticate() returns NotAuthenticated when should have
returned NotValid for clearity.
- auth.NotValid includes `Reason`.

---------

Signed-off-by: Jeff Ortel <jortel@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aufi aufi aufi approved these changes

@mansam mansam mansam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jortel @aufi @mansam