Insights operator LDAP Auth
Overview
The whole system consists of several components: CLI client, LDAP Auth service, and the Insights operator instrumentation service:
Authorization part
Authorization sequence diagram for known user with proper token
Authorization sequence diagram in case of any error
Starting
By default application starting on port 8081
, but it can be changed in configuration file config.toml
.
go build # Build application
./insights-operator-ldapauth # Start application
Alternatively you can use GNU make to perform the same operation:
make run
Authentication
For authentication is used POST request to /api/v1/login
with credentials:
{
"login": "your-ldap-login",
"password": "your-ldap-password"
}
For now it connecting directly to RedHat LDAP, so for running this application correctly you should be connected to RedHat VPN. After you recieve token
, you can use it in requests as Bearer Token
.
RestAPI
Application has only one route is /api/v1/login
, requests to other routes will be proxied to insights-operator-controller
.
Code style and cyclomatic complexity checks
All code style checks, cyclomatic complexity measurement etc. can be started from command line by using:
make style
Configuration
Change the following lines in config.toml
:
[service]
ldap="ldap.corp.redhat.com"
address=":8081"
proxy="http://localhost:8080"
proxy_prefix="/api/v1/"
proxy_tls=true
tls_cert="certs/cert.pem"
tls_key="certs/key.pem"
ldap
is hostname of LDAP serveraddress
is address of ldapauth serverproxy
is address of controller serverproxy_prefix
is prefix of controller server which will be replaced instead of ldapauth prefixproxy_tls
is boolean flag that defines if proxy connection with controller should secured by mutual TLStls_cert
is path to certificate, can be used only ifproxy_tls == true
tls_key
is path to key of certificate, can be used only ifproxy_tls == true
Environment variables
Some settings can be setted with environment variables:
CONTROLLER_PREFIX
- specify URL path prefix (Default:/api/v1/
)INSIGHTS_CONTROLLER_CONFIG_FILE
- custom path to config file (default:./config.toml
)
CI
Travis CI is configured for this repository. Several tests and checks are started for all pull requests:
- Unit tests that use the standard tool
go test
go fmt
tool to check code formatting. That tool is run with-s
flag to perform following transformationsgo vet
to report likely mistakes in source code, for example suspicious constructs, such as Printf calls whose arguments do not align with the format string.golint
as a linter for all Go sources stored in this repositorygocyclo
to report all functions and methods with too high cyclomatic complexity. The cyclomatic complexity of a function is calculated according to the following rules: 1 is the base complexity of a function +1 for each 'if', 'for', 'case', '&&' or '||' Go Report Card warns on functions with cyclomatic complexity > 9
History of checks done by CI is available at RedHatInsights / insights-operator-ldapauth.
Contribution
Please look into document CONTRIBUTING.md that contains all information about how to contribute to this project.