Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: accept provisioner keys for provisioner auth#13972

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
f0ssel merged 10 commits intomainfromf0ssel/use-provisioner-key-auth
Jul 25, 2024

Conversation

f0ssel
Copy link
Contributor

@f0sself0ssel commentedJul 22, 2024
edited
Loading

What this changes:

  • Provisioner auth middleware now accepts a provisioner key via a header
    • API provides error if both the psk and provisioner key are specified
  • Provisioner rbac subject will now have org scoped permissions when authenticating with a provisioner key
    • Site org permissions are removed in this process
  • System restricted role now has provisioner key permissions

@f0sself0ssel mentioned this pull requestJul 22, 2024
17 tasks
@f0sself0sselforce-pushed thef0ssel/use-provisioner-key-auth branch froma53ffdb toe374c42CompareJuly 23, 2024 15:03
@f0sself0ssel marked this pull request as ready for reviewJuly 23, 2024 16:36
@f0sself0ssel requested a review fromEmyrkJuly 23, 2024 16:36
@f0sself0sselforce-pushed thef0ssel/use-provisioner-key-auth branch from948c470 to32ff000CompareJuly 23, 2024 18:14
Comment on lines +229 to +234
if req.ProvisionerKey != "" {
headers.Set(ProvisionerDaemonKey, req.ProvisionerKey)
}
if req.PreSharedKey != "" {
headers.Set(ProvisionerDaemonPSK, req.PreSharedKey)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Should these be mutually exclusive?

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I wanted it to fail at the API layer instead of silently taking one or the other. I could do a client error but thought it was cleaner to just have the server handle it.

@f0sself0ssel requested a review fromEmyrkJuly 24, 2024 16:28
@f0sself0ssel merged commitca83017 intomainJul 25, 2024
29 checks passed
@f0sself0ssel deleted the f0ssel/use-provisioner-key-auth branchJuly 25, 2024 14:22
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsJul 25, 2024
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@EmyrkEmyrkEmyrk approved these changes

Assignees

@f0sself0ssel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

2 participants
@f0ssel@Emyrk
[8]ページ先頭
©2009-2025 Movatter.jp