Giter Club home page Giter Club logo

asm-user-auth's Introduction

ASM User Auth

This repository contains the ASM User Auth deployment for Anthos service mesh.

Release Notes

  • release-1.2

    • v1.2.0

      • Updated user-auth-config for new binary configuration.
      • Added attributeMapping field in UserAuthConfig for custom claims mapping from the original IDToken.

  • release-1.1

    • v1.1.0

      • Upgraded kpt to v1.0.
      • Added the proxy field in the UserAuthConfig for http proxy support.
      • Fixed a bug of the certificateAuthorityData field in the UserAuthConfig not working correctly.

  • release-1.0

    • v1.0.1

      • Added the proxy field in the UserAuthConfig for http proxy support.
      • Fixed a bug of the certificateAuthorityData field in the UserAuthConfig not working correctly.

    • v1.0.0

      • GA Launch.
      • Store client credentials in K8s secret.

  • release-0.1

    • Preview Launch.

User Guide

asm-user-auth's People

Contributors

aryan16 avatar liwenhao0810 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

incfly isabella232 global-localhost global19 ilgatnau jbrook

asm-user-auth's Issues

ASM end-user auth kpt instructions not working as expected

kpt pkg get https://github.com/GoogleCloudPlatform/[email protected] .

Package "asm-user-auth":
Fetching https://github.com/GoogleCloudPlatform/[email protected]
From https://github.com/GoogleCloudPlatform/asm-user-auth

  • branch release-1.0 -> FETCH_HEAD
  • [new branch] release-1.0 -> origin/release-1.0
    Adding package "".
    Error: Kptfile at "/tmp/kpt-get-059979794/pkg" has an old version ("v1alpha1") of the Kptfile schema.
    Please update the package to the latest format by following https://kpt.dev/installation/migration

Deprecated command cause error?

Hi folks!

A little help here pls?

I1028 13:25:23.831084       1 init_google.cc:841] Command line arguments:
I1028 13:25:23.831086       1 init_google.cc:843] argv[0]: '/usr/bin/ais_preview'
I1028 13:25:23.831096       1 init_google.cc:843] argv[1]: '--uid='
I1028 13:25:23.831099       1 init_google.cc:843] argv[2]: '--gid='
I1028 13:25:23.831102       1 init_google.cc:843] argv[3]: '--logtostderr'
I1028 13:25:23.831105       1 init_google.cc:843] argv[4]: '--config=/etc/config/config.yaml'
I1028 13:25:23.831515       1 prodhostname_userspace_monitor_impl.cc:191] Not running under a Borglet, disabling ProdHostname userspace monitoring.
I1028 13:25:23.831696       1 logger.cc:296] Enabling threaded logging for severity WARNING
I1028 13:25:23.831941       1 mlock.cc:216] mlock()-ed 0 bytes for BuildID, using 0 syscalls.
E1028 13:25:23.833441       1 ais_preview.cc:31] AIS failed to start: Unable to parse AES symmetric key: Invalid key data for "kid", key-0

The command used:

$ openssl enc -aes-256-cbc -k secret -P -md sha1 -pbkdf2 -iter 100000 -salt

Is this documentation deprecated?

https://cloud.google.com/service-mesh/docs/unified-install/options/end-user-auth

Additional configuration in the configmaps

Hi Team,

I am trying to understand how to add additional OIDC parameters like below...

OIDCSSLValidateServer Off
OIDCPassIDTokenAs serialized
OIDCRemoteUserClaim email
OIDCAuthNHeader ct-remote-user
OIDCSessionInactivityTimeout 1800
OIDCSessionMaxDuration 36000

RequestHeader set x-forwarded-for "%{HOST}e"
RequestHeader set x-forwarded-proto "https"
RequestHeader set x-forwarded-host "%{HOST}e"
RequestHeader set Authorization "Bearer %{access_token}e"
RequestHeader set X-Requested-With %{REQUEST_URI}s early


# Strip the port from the Location response, assuming the Openshift Route will always have the default port for the schema.
# This is only required because the X-Forwarded-Proto header is missing from the AVI request
Header edit Location "^http(s?):\/\/(.+):[\d]+\/(.*)$" "http://$[HOST]/$3"

<Location / >
   AuthType openid-connect
   Require valid-user
   ProxyPass http://test/
   ProxyPassReverse http://test/
   ProxyPassReverseCookiePath /test-path /test-path
</Location>

Custom Attribute mapping doesnt work for Nested Claims in ID Token.

If i have the ID token in the following format - i am not able to access the resource_access field.
{
"resource_access": {
"my_resource": {
"roles": [
"my_roles"
]
}
}

Here is my configuration for custom claim mapping :

spec:
authentication:
oidc:
attributeMapping:
resource_access: "assertion.resource_access"

Here is the error i am getting in the log :
Unable to process the request: The CEL expression for 'resource_access' did not return a string data type.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.