Bearer token #27
Merged
Bearer token #27
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gianlucam76
force-pushed
the
token
branch
2 times, most recently
from
839f491
to
138295f
Compare
Each API expects bearer token to be present in the authorization header in the form ``` Authorization: Bearer <token> ``` Each request will: 1. Get token from authorization header 2. Validate the token by querying the ServerVersion 3. Get user from token At this point behavior is different from query to query: 1. queries to fetch SveltosClusters or CAPI Clusters will first verify if user has permissions to list cluster instances in all namespaces. If so data cached by the manager is returned. If not, walk all existing clusters and for each cluster validate whether user is allowed to get it. Return only clusters the user has permissions for. 2. queries to get helm charts/resources/profiles for a given cluster will first verify whether the user has permission to get that specific cluster. Only if permissions are in place, result will be returned.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Each API expects bearer token to be present in the authorization header in the form
Each request will:
At this point behavior is different from query to query:
queries to fetch SveltosClusters or CAPI Clusters will first verify if user has permissions to list cluster instances in all namespaces. If so data cached by the manager is returned.
If not, walk all existing clusters and for each cluster validate whether user is allowed to get it. Return only clusters the user has permissions for.
queries to get helm charts/resources/profiles for a given cluster will first verify whether the user has permission to get that specific cluster. Only if permissions are in place, result will be returned.