Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add a new basic type identity #563

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
Open

feat: add a new basic type identity #563

wants to merge 18 commits into from

Conversation

IronCore864
Copy link
Contributor

@IronCore864 IronCore864 commented Jan 23, 2025
edited
Loading

A new "basic" type of identity and "metrics" type of access are added for the upcoming metrics feature.

To expose the upcoming metrics feature over HTTP, we need a certain level of authentication to protect the endpoint. We decided to use HTTP basic authentication for this purpose. A new type of "basic" identity needs to be implemented for this to work, and the access level would be metrics. The basic identity looks like this:

identities:
  bob:
    access: metrics
    basic:
      password: hashed-password-with-salt

Where the password is generated by openssl passed -6. The hashed password will be stored in the state, and when the user accesses the metrics endpoint, they need to set the Authorization header accordingly. Pebble daemon will sha512 hash the password and compare it to the identity stored in the state.

For more details, see the spec here.

@IronCore864
poc: a metrics module for pebble
f76470c
@IronCore864
chore: undo unnecessary change
6d8ee59
@IronCore864
chore: undo unnecessary change
b4abc9a
@IronCore864
chore: undo unnecessary change
a274276
@IronCore864
chore: metrics identity basic auth poc
a2c07e6
@IronCore864
chore: a poc for metrics with labels
4ebb633
@IronCore864
poc: remove adding identities using env vars according to comment in …
7468b95 
…the spec
@IronCore864
chore: update tests for the metrics lib poc
790a8f9
@IronCore864
chore: refactor identities and access according to spec review
272005b
@IronCore864
feat: use sha512 to verify password
5be3e96
@IronCore864
feat: move the metrics api to /v1/metrics
a6c374d
@IronCore864
chore: remove Username from apiBasicIdentity
1bd54cb
@IronCore864
chore: revert changes on user state
98ea11e
@IronCore864
Merge branch 'master' into poc-custom-metrics-lib
68c18b7
@IronCore864
chore: fix failed identity tests
7fc255e
@IronCore864
test: unit tests for basic identity
31a0617
@IronCore864
feat: add basic identity
306f2d3
@IronCore864
chore: update comments
6c53491
@IronCore864 IronCore864 requested a review from benhoyt January 23, 2025 01:51
@IronCore864 IronCore864 marked this pull request as ready for review January 23, 2025 01:51
@benhoyt
Copy link
Contributor

benhoyt commented Jan 24, 2025

Let's please add a few more details about the feature to the PR description, and link to the spec (internal, I know).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benhoyt benhoyt Awaiting requested review from benhoyt

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@IronCore864 @benhoyt