Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: Implement identity deletion #14191

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Auth: Implement identity deletion #14191

wants to merge 15 commits into from
+6,652 −5,745

Conversation

markylaing
Copy link
Contributor

@markylaing markylaing commented Oct 2, 2024
edited
Loading

  • Separates identity endpoints by authentication method (instead of having the authentication method as a path argument) in preparation for fine-grained TLS identites.
  • Implements deletion of TLS and OIDC identities (for all current TLS identities, this will be rejected because they are not fine-grained).
  • Adds a access_management_tls API extension which will apply to all upcoming changes for TLS fine-grained auth.

Note: The licence check was failing in my local static analysis, not sure what's happening there.
Note 2: (I just needed to update it locally 👍).

Closes #13149

@markylaing markylaing self-assigned this Oct 2, 2024
@github-actions github-actions bot added Documentation Documentation needs updating API Changes to the REST API labels Oct 2, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 2, 2024

Heads up @mionaalex - the "Documentation" label was applied to this issue.

@markylaing markylaing marked this pull request as ready for review October 2, 2024 15:07
hamistao
hamistao requested changes Oct 3, 2024
View reviewed changes
Copy link
Contributor

@hamistao hamistao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this!
Looks good overall, just left some nits and questions.

doc/api-extensions.md Show resolved Hide resolved
doc/api-extensions.md Outdated Show resolved Hide resolved
lxd/identities.go Show resolved Hide resolved
lxd/lifecycle/identity.go Outdated Show resolved Hide resolved
lxd/identities.go Show resolved Hide resolved
lxc/auth.go Show resolved Hide resolved
test/suites/auth.sh Show resolved Hide resolved
lxd/api_1.0.go Show resolved Hide resolved
@markylaing
api: Add access_management_tls API extension.
26efadc 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
lxd: Separate identity handlers by authentication method.
19e808d 
This commit is in preparation for the addition of fine-grained TLS
identities. The endpoint for TLS identity creation will be `POST
/1.0/auth/identities/tls`. We want this to be separated from the OIDC
authentication method because the request body and API responses are
specific to TLS authentication.

Since the identity is saved in the request context by the access
handler, the main work here is updating the `getIdentities` handler to
accept an authentication method and return a handler for that method. If
no authentication method is given, the handler will return all
identities.

Signed-off-by: Mark Laing <[email protected]>
@markylaing
lxd/response: Add a NotImplemented swagger definition.
bba0c09 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
lxd: Add all API responses to swagger doc on identity update.
3a55888 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
shared/api: Add lifecycle event for identity deletion.
f6f130b 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
lxd/lifecycle: Add lifecycle event for identity deletion.
af79abc 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
lxd/lifecycle: Fix comment on identity actions.
32f0dee 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
lxd: Add DELETE handler for identities.
15fa197 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
lxd/auth/drivers: Allow identities to delete themselves.
484a306 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
doc: Run make update-api.
1573ff1 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
client: Add client methods to delete an identity.
a5b4455 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
lxc/auth: Add subcommand for identity deletion.
e8a1f1f 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
i18n: Update translation templates.
9a2e878 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
i18n: Update translations.
14b08ad 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
test/suites: Test identity deletion.
94ff84e 
Signed-off-by: Mark Laing <[email protected]>
hamistao
hamistao approved these changes Oct 3, 2024
View reviewed changes
Copy link
Contributor

@hamistao hamistao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hamistao hamistao hamistao approved these changes

@tomponline tomponline Awaiting requested review from tomponline

@simondeziel simondeziel Awaiting requested review from simondeziel

Assignees

@markylaing markylaing

Labels
API Changes to the REST API Documentation Documentation needs updating
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Auth: Remove OIDC identities
2 participants
@markylaing @hamistao