AMCERTS-155 - Add auth to certs#156
Conversation
da233fd to
e98f65b
Compare
| } | ||
|
|
||
| cert, err := svc.IssueFromCSR(ctx, req.entityID, req.ttl, certs.CSR{CSR: []byte(req.CSR)}) | ||
| session, ok := ctx.Value(api.SessionKey).(authn.Session) |
There was a problem hiding this comment.
let's have a new issue form csr issuefromcsrInternal and have the auth be from a token defined in env, this is to be used in agent
| return fileDownloadRes{}, err | ||
| } | ||
| cert, ca, err := svc.RetrieveCert(ctx, req.token, req.id) | ||
|
|
There was a problem hiding this comment.
download cert was using the internly generated token from requestdownloadtoken, so this should not be the case
| return nil, err | ||
| } | ||
|
|
||
| session, ok := ctx.Value(api.SessionKey).(authn.Session) |
There was a problem hiding this comment.
ocsp endpoint is supposed to be unsecured so remove auth
There was a problem hiding this comment.
csr should not require domainID in the url @nyagamunene
| } | ||
|
|
||
| cert, err := svc.GetChainCA(ctx, req.token) | ||
| session, ok := ctx.Value(api.SessionKey).(authn.Session) |
There was a problem hiding this comment.
same for download ca, we generate a token in getDownloadCAToken endpoint, so this is supposed to be the only auth not mg token
c7096d7 to
80ca179
Compare
| location ~ ^/(pats) { | ||
| include snippets/proxy-headers.conf; | ||
| add_header Access-Control-Expose-Headers Location; | ||
| proxy_pass http://auth:${SMQ_AUTH_HTTP_PORT}; |
There was a problem hiding this comment.
these are supermq files, why do we need them here?
| definition user {} | ||
|
|
||
|
|
||
| definition role { |
There was a problem hiding this comment.
same here, we don't need to copy supermq docker. just document how it can be used with supermq, or update supermq docker to include it
There was a problem hiding this comment.
We are handling auth just like we do in billing. So should we completely remove supermq and just have the env variables in certs env file. supermq-auth and certs are communicating via gRPC will it not cause issues?
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
cad1686 to
10e7570
Compare
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
What type of PR is this?
What does this do?
Which issue(s) does this PR fix/relate to?
Have you included tests for your changes?
Did you document any new/modified features?
Notes