Skip to content
This repository was archived by the owner on Oct 11, 2024. It is now read-only.

Also move authorization to the grpc interceptor #974

Merged
gdbelvin merged 14 commits into from
May 13, 2018
Merged

Also move authorization to the grpc interceptor #974

gdbelvin merged 14 commits into from
May 13, 2018

Conversation

@gdbelvin
Copy link
Contributor

@gdbelvin gdbelvin commented May 11, 2018

This PR completes the move from server based authentication and authorization to grpc interceptor based authorization and authentication.

This should make it much easier for specific deployments to swap in their own appropriate authentication and authorization functions.

Diffbase #973

gdbelvin added 7 commits May 10, 2018 10:47
@gdbelvin
Store ValidatedSecurity inside Context
f68f8e3
@gdbelvin
Merge core and impl authentication
04b0c5a 
Now that authentication is happening in a grpc interceptor, we don't
need any authentication code in core/.

We also get the added benefit of keeping the `validatedSecurityKey`
private to the authentication package.
@gdbelvin
Use grpc auth interceptor in cmd
0188b98
@gdbelvin
Use grpc auth interceptor in tests
636ecaf
@gdbelvin
Create a per-method authentication interceptor
5c4d35d
@gdbelvin
Apply polish
3333d3f
@gdbelvin
Polish with a finer grain
4b56339
@gdbelvin gdbelvin added this to the Productionize milestone May 11, 2018
@codecov-io
Copy link

codecov-io commented May 11, 2018
edited
Loading

Codecov Report

Merging #974 into master will increase coverage by 0.09%.
The diff coverage is 58.62%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #974      +/-   ##
==========================================
+ Coverage   49.68%   49.77%   +0.09%     
==========================================
  Files          29       29              
  Lines        2041     2043       +2     
==========================================
+ Hits         1014     1017       +3     
+ Misses        847      846       -1     
  Partials      180      180
Impacted Files Coverage Δ
core/keyserver/keyserver.go 35.63% <ø> (+0.74%) ⬆️
impl/authentication/context.go 100% <ø> (ø) ⬆️
impl/authorization/interceptor.go 0% <0%> (ø)
impl/integration/env.go 73.83% <100%> (+0.75%) ⬆️
impl/authorization/authorization.go 81.81% <83.33%> (-0.54%) ⬇️
core/client/client.go 28.07% <0%> (+0.58%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d1762ed...0f1794f. Read the comment docs.

Martin2112
Martin2112 approved these changes May 11, 2018
View reviewed changes
impl/authentication/context.go Outdated
type Authenticator interface {
// ValidateCreds authenticate the information present in ctx.
ValidateCreds(ctx context.Context) (*SecurityContext, error)
// FromContext returns a ValidatedSecurity from the current context.
Copy link
Contributor

@Martin2112 Martin2112 May 11, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doc wasn't updated for the rename (x2 mentions)

Copy link
Contributor Author

@gdbelvin gdbelvin May 11, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

@gdbelvin gdbelvin force-pushed the f/auth/authz branch 2 times, most recently from 88290c7 to 8dc2ba3 Compare May 11, 2018 19:45
@gdbelvin
Merge branch 'master' into f/auth/authz
69e787a 
* master:
  Move authentication to grpc interceptor (google#973)
  Add UnitTest for PaginateHistory (google#968)
  Remove unused `UserProfile` message (google#972)
  Update default paths (google#910)
@gdbelvin gdbelvin merged commit 95c3074 into google:master May 13, 2018
@gdbelvin gdbelvin deleted the f/auth/authz branch May 13, 2018 15:31
This was referenced May 14, 2018
Merged
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@Martin2112 Martin2112 Martin2112 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Productionize

Development

Successfully merging this pull request may close these issues.

3 participants

@gdbelvin @codecov-io @Martin2112