Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(jans-cedarling): update AuthZ interface to use tokens for all JWTs sent as input #10521

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

rmarinn
Copy link
Contributor

@rmarinn rmarinn commented Dec 27, 2024

Prepare


Description

Target issue

target issue: #10437

closes #10437

Implementation Details

moves the tokens in the AuthZ interface into a tokens field:

input = { 
  "tokens": {
      "access_token": "encoded_token_str", 
      "id_token": "encoded_token_str", 
      "userinfo_token": "encoded_token_str", 
      "tx_token": "encoded_token_str" 
  },
  "resource": {"id": "12345", "type": "Ticket", "creator": "[email protected]", "organization": "gluu"},
  "action": "View",
  "context": {
    "ip_address": "54.9.21.201",
    "network_type": "VPN",
    "user_agent": "Chrome 125.0.6422.77 (Official Build) (arm64)",
    "time": "1719266610.98636",
  }
}

decision_result = authz(input)

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@rmarinn rmarinn added the comp-jans-cedarling Touching folder /jans-cedarling label Dec 27, 2024
@rmarinn rmarinn self-assigned this Dec 27, 2024
@mo-auto mo-auto added area-documentation Documentation needs to change as part of issue or PR comp-docs Touching folder /docs kind-enhancement Issue or PR is an enhancement to an existing functionality labels Dec 27, 2024
- fix the broken tests due to removing the creation of workload entity
  using the userinfo token

Signed-off-by: rmarinn <[email protected]>
nynymike
nynymike previously approved these changes Dec 27, 2024
olehbozhok
olehbozhok previously approved these changes Dec 27, 2024
Copy link
Contributor

@olehbozhok olehbozhok left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks OK to me. Does python bindings support loading Request from JSON?

Copy link
Contributor

@SafinWasi SafinWasi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR looks good to me but we need to fix the pyproject.toml file because builds are failing right now. We need to decide on whether we want to statically define version like so:

[project]
version = "0.0.0"

or have the wheel dynamically retrieve version from the cedarling crate:

dynamic = ["version"]

Both cannot coexist, which is why builds are failing. @moabu could you weigh in on which one we want for releases?

@rmarinn rmarinn dismissed stale reviews from olehbozhok and nynymike via 65988e8 December 28, 2024 10:03
SafinWasi
SafinWasi previously approved these changes Dec 30, 2024
Copy link
Contributor

@SafinWasi SafinWasi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@@ -113,12 +113,10 @@ authorization data with access token, action, resource, and context.

Attributes
----------
:param tokens: Python dictionary with additional context.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a python dictionary? From cedarling_python.pyi line 143 I see Tokens is a class.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a class. let me update the docs again

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be fixed now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-documentation Documentation needs to change as part of issue or PR comp-docs Touching folder /docs comp-jans-cedarling Touching folder /jans-cedarling kind-enhancement Issue or PR is an enhancement to an existing functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

refactor(jans-cedarling): Update Cedarling Authz interface to use tokens for all JWTs sent as input
5 participants