Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ft(rbac): Cyclops login page for authentication & Integration of Cerbos for Authorization #361

Open
wants to merge 51 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
51 commits
Select commit Hold shift + click to select a range
bcb5393
ft(ui): login component need enhancement
siddhantprateek Jun 22, 2024
449260b
ft(ctrl): cerbos resource policies
siddhantprateek Jun 22, 2024
3ef0321
ft(ctrl): login controller
siddhantprateek Jun 22, 2024
9c7a611
ft(ctrl): cerbos resource authorization checks added
siddhantprateek Jun 22, 2024
78087e2
ft(ctrl): cerbos integration added
siddhantprateek Jun 22, 2024
8bcd5d5
added cerbos container for local development
siddhantprateek Jun 22, 2024
0d65d4c
updated dependencies
siddhantprateek Jun 22, 2024
48c6786
Merge branch 'rbac' into main-v2
siddhantprateek Jun 23, 2024
70dcf42
ft(ui): login pages added
siddhantprateek Jun 23, 2024
7c35131
ft(ui): login cleanup
siddhantprateek Jun 23, 2024
7a34d66
ft(ui): auth context provider added
siddhantprateek Jun 23, 2024
64a648e
ft(ui): removed login path constant
siddhantprateek Jun 23, 2024
0f086be
disable authorization feature added
siddhantprateek Jul 15, 2024
32f5558
removed unwanted module imports
siddhantprateek Jul 15, 2024
128c375
consistent env var for authorization
siddhantprateek Jul 23, 2024
0cec1f3
fixed the login error handling
siddhantprateek Jul 23, 2024
0a3231b
cyclops installation - testing rbac image and added cerbos to deploym…
siddhantprateek Jul 26, 2024
6c011a0
disable authorization on both ctrl and ui
siddhantprateek Jul 26, 2024
4568571
disable config in install config and added cerbos to depl
siddhantprateek Jul 26, 2024
c1e2044
checkPermission disable for template added - remove unreliability
siddhantprateek Jul 27, 2024
d999b46
updated cyclops installation
siddhantprateek Jul 27, 2024
d3bc18d
removed authorization variable from runtime
siddhantprateek Jul 27, 2024
e8fec4b
logging to check permission
siddhantprateek Jul 27, 2024
a6be27f
stable docker image and installation config
siddhantprateek Jul 27, 2024
b66b311
removed dedicated service for cerbos pod
siddhantprateek Jul 27, 2024
f5ca6f4
Merge branch 'main' into main-v2
siddhantprateek Jul 29, 2024
acdf917
Added logout button
siddhantprateek Aug 11, 2024
12fa5e8
converted resources and actions to enum
siddhantprateek Aug 11, 2024
8a34d0f
replaced with runtime env configuration
siddhantprateek Aug 11, 2024
490d4e1
Merge branch 'main' into main-v2
siddhantprateek Aug 11, 2024
a3b0bcb
updated go dependencies
siddhantprateek Aug 11, 2024
4ec2f4d
login page revamp
petar-cvit Aug 14, 2024
99e6280
update login logo
petar-cvit Aug 14, 2024
ee54ef7
replace href with navigate
petar-cvit Aug 14, 2024
3cb8f96
no repeat background
petar-cvit Aug 14, 2024
0ce6b17
remove redis from docker compose
petar-cvit Aug 14, 2024
3eb3798
Merge branch 'cyclops-ui:main' into main-v2
siddhantprateek Aug 24, 2024
24a53c6
error message
siddhantprateek Aug 24, 2024
3afdc00
logout button
siddhantprateek Aug 24, 2024
d88a9ed
fixed the relogin state issue
siddhantprateek Sep 1, 2024
bd39fab
Merge branch 'main' into main-v2
siddhantprateek Sep 18, 2024
b3f3a37
Merge branch 'cyclops-ui:main' into main-v2
siddhantprateek Sep 19, 2024
1e267c1
Merge branch 'main' into main-v2
siddhantprateek Oct 6, 2024
2a1ce3e
cerbos conflict fixes with latest changes
siddhantprateek Oct 6, 2024
6d8d4ab
fixed installation merge conflict
siddhantprateek Oct 6, 2024
13fef52
added get role endpoint
siddhantprateek Oct 6, 2024
d91d108
user login and logout feature to header added
siddhantprateek Oct 6, 2024
d645988
removed comments and console logs
siddhantprateek Oct 6, 2024
e47974d
updated error msgs
siddhantprateek Oct 6, 2024
a38b6fb
relogin ui fix
siddhantprateek Oct 7, 2024
a3318d3
Module history conflict replaced with href
siddhantprateek Oct 7, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions cyclops-ctrl/.dockerignore
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
bin
.env
4 changes: 3 additions & 1 deletion cyclops-ctrl/.env
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
DISABLE_TELEMETRY=true
PORT=8888
WATCH_NAMESPACE=cyclops
CERBOS_URL='localhost:3593'
CYCLOPS_AUTHORIZATION='enabled'
CYCLOPS_VERSION=v0.0.0
WATCH_NAMESPACE=cyclops
14 changes: 13 additions & 1 deletion cyclops-ctrl/cmd/main/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook"

"github.com/cyclops-ui/cyclops/cyclops-ctrl/internal/auth"
"github.com/cyclops-ui/cyclops/cyclops-ctrl/internal/cerbos"

"github.com/cyclops-ui/cyclops/cyclops-ctrl/internal/handler"
"github.com/cyclops-ui/cyclops/cyclops-ctrl/internal/modulecontroller"
"github.com/cyclops-ui/cyclops/cyclops-ctrl/internal/prometheus"
Expand Down Expand Up @@ -81,6 +83,16 @@ func main() {
cache.NewInMemoryTemplatesCache(),
)

var cerbosAddr string
flag.StringVar(&cerbosAddr, "cerbos", os.Getenv("CERBOS_URL"), "Address of the Cerbos server")
flag.Parse()

cerbosClient, err := cerbos.New(cerbosAddr)
if err != nil {
setupLog.Info("unable to connect to cerbos server")
}
setupLog.Info("connected to cerbos server")

monitor, err := prometheus.NewMonitor(setupLog)
if err != nil {
setupLog.Error(err, "failed to set up prom monitor")
Expand All @@ -90,7 +102,7 @@ func main() {

prometheus.StartCacheMetricsUpdater(&monitor, templatesRepo.ReturnCache(), 10*time.Second, setupLog)

handler, err := handler.New(templatesRepo, k8sClient, renderer, telemetryClient, monitor)
handler, err := handler.New(templatesRepo, k8sClient, renderer, cerbosClient, telemetryClient, monitor)
if err != nil {
panic(err)
}
Expand Down
16 changes: 11 additions & 5 deletions cyclops-ctrl/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,13 @@
version: "3.0"
version: "3.8"

services:
redis:
container_name: redis
image: redis
cerbos:
container_name: cerbos
image: ghcr.io/cerbos/cerbos:latest
ports:
- 6379:6379
- "3592:3592"
- "3593:3593"
volumes:
- ./internal/cerbos/config:/config
- ./internal/cerbos/policies:/policies
command: server --config=/config/conf.yaml
49 changes: 37 additions & 12 deletions cyclops-ctrl/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,13 @@ toolchain go1.22.5

require (
github.com/Masterminds/semver/v3 v3.2.1
github.com/cerbos/cerbos-sdk-go v0.2.8
github.com/dgraph-io/ristretto v0.1.1
github.com/gin-gonic/gin v1.9.1
github.com/go-git/go-billy/v5 v5.5.0
github.com/go-git/go-git/v5 v5.11.0
github.com/go-logr/logr v1.4.1
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/google/uuid v1.6.0
github.com/joho/godotenv v1.5.1
github.com/json-iterator/go v1.1.12
Expand All @@ -27,9 +29,11 @@ require (
k8s.io/apimachinery v0.30.1
k8s.io/client-go v0.30.1
sigs.k8s.io/controller-runtime v0.18.4
sigs.k8s.io/yaml v1.4.0
)

require (
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240508200655-46a4cf4ba109.1 // indirect
dario.cat/mergo v1.0.0 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/BurntSushi/toml v1.3.2 // indirect
Expand All @@ -38,15 +42,19 @@ require (
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/Microsoft/hcsshim v0.11.4 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bufbuild/protovalidate-go v0.6.2 // indirect
github.com/bytedance/sonic v1.9.1 // indirect
github.com/cerbos/cerbos/api/genpb v0.36.1-0.20240612095234-af7a526c03b6 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/containerd/containerd v1.7.12 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/cli v25.0.1+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
Expand All @@ -61,6 +69,7 @@ require (
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.2 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
Expand All @@ -75,27 +84,38 @@ require (
github.com/gobwas/glob v0.2.3 // indirect
github.com/goccy/go-json v0.10.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/glog v1.1.0 // indirect
github.com/golang/glog v1.2.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/cel-go v0.20.1 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
github.com/huandu/xstrings v1.4.0 // indirect
github.com/imdario/mergo v0.3.13 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jdxcode/netrc v1.0.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/compress v1.16.0 // indirect
github.com/klauspost/cpuid/v2 v2.2.4 // indirect
github.com/leodido/go-urn v1.2.4 // indirect
github.com/lestrrat-go/blackmagic v1.0.2 // indirect
github.com/lestrrat-go/httpcc v1.0.1 // indirect
github.com/lestrrat-go/httprc v1.0.5 // indirect
github.com/lestrrat-go/iter v1.0.2 // indirect
github.com/lestrrat-go/jwx/v2 v2.0.21 // indirect
github.com/lestrrat-go/option v1.0.1 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
Expand All @@ -104,15 +124,21 @@ require (
github.com/opencontainers/image-spec v1.1.0-rc6 // indirect
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/planetscale/vtprotobuf v0.6.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/rs/xid v1.5.0 // indirect
github.com/segmentio/asm v1.2.0 // indirect
github.com/sergi/go-diff v1.1.0 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/skeema/knownhosts v1.2.1 // indirect
github.com/spf13/cast v1.5.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stoewer/go-strcase v1.3.0 // indirect
github.com/stretchr/testify v1.9.0 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.2.11 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
Expand All @@ -127,21 +153,21 @@ require (
go.uber.org/zap v1.26.0 // indirect
golang.org/x/arch v0.3.0 // indirect
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
golang.org/x/mod v0.15.0 // indirect
golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 // indirect
golang.org/x/mod v0.16.0 // indirect
golang.org/x/net v0.23.0 // indirect
golang.org/x/oauth2 v0.12.0 // indirect
golang.org/x/oauth2 v0.20.0 // indirect
golang.org/x/sync v0.6.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/term v0.18.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/text v0.15.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.18.0 // indirect
golang.org/x/tools v0.19.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
google.golang.org/grpc v1.58.3 // indirect
google.golang.org/protobuf v1.33.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect
google.golang.org/grpc v1.64.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gotest.tools/v3 v3.5.1 // indirect
Expand All @@ -151,5 +177,4 @@ require (
oras.land/oras-go v1.2.5 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
Loading
Loading