Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Biscuit policies #105

Open
wants to merge 24 commits into
base: biscuit_integration
Choose a base branch
from
Open

Biscuit policies #105

wants to merge 24 commits into from

Conversation

daeMOn63
Copy link
Contributor

@daeMOn63 daeMOn63 commented Dec 16, 2020
edited
Loading

Provides support for biscuit policies when hubauth is working in biscuit mode.
This allows to defines policies, which are a name and an optionnal set of rules and caveats, and attach them on audiences, along with a list of groups they belong to.

When issuing a biscuit for a user, we retrieve his groups, then retrieve the policies on the current audience having those groups, and insert in his biscuit all the rules and caveats defined in the policies.

The audience CLI have been extended to allow policies CRUD (along with some other utilities, like printing a new policy template, or validating a policy file...)

A new policy package now exists, providing a policy parser and formatter.

daeMOn63 and others added 24 commits December 16, 2020 15:26
@daeMOn63
add biscuit wrappers and helpers to generate, sign and verify hubauth…
68ecabf 
… biscuits
@daeMOn63
add biscuit metadata and expiration date
4db21fa 
Verifiers must now provide the current time for verifying the biscuit,
and can extract user informations.

User's pubkeys are now provided in http param when exchanging code.
Removed block count from biscuit weakening the signature.
@daeMOn63
cleanup
fac0ee4
@daeMOn63
moved biscuit pkg to biscuit-go repo
b4faed8
@daeMOn63
audience policies migration step1
3bae14b 
Migration for audience.Policies field to audience.UserGroups.
The application still rely on audience.Policies field.
A new CLI command allows to update all audiences, copying Policies field
into UserGroups.

The next step will remove this command, and update the application to
rely on the new UserGroups field.
@daeMOn63
add biscuit wrappers and helpers to generate, sign and verify hubauth…
09d999f 
… biscuits
@daeMOn63
add biscuit metadata and expiration date
969a305 
Verifiers must now provide the current time for verifying the biscuit,
and can extract user informations.

User's pubkeys are now provided in http param when exchanging code.
Removed block count from biscuit weakening the signature.
@daeMOn63
cleanup
db630ec
@daeMOn63
moved biscuit pkg to biscuit-go repo
3067b97
@daeMOn63
lint fix
b491717
@daeMOn63
add policy parser and printer
12c39aa
@daeMOn63
use newest biscuit cookbook
6a70d95
@daeMOn63
add biscuit policy store
5a5dbce
@daeMOn63
add policy cli commands
76334e2
@daeMOn63
bump biscuit to tmp version
f0762f7
@daeMOn63
wip: wait for audience updates
4c2850e
@daeMOn63
datastore: add audience policy support
2038a0c
@daeMOn63
policy: add parser test for empty policies
2bfb08a
@daeMOn63
cli: add audiences policies commands
5f0c2ad
@daeMOn63
idp: add policy support to issued biscuits
7f0f2c2
@daeMOn63
fix bad rebase
c01bfcd
@daeMOn63
bump biscuit version, remove replace directive
af77044
@daeMOn63
remove spurious newline
4ebd620
@daeMOn63
fix cancelled context when building access token
e93c2d9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@daeMOn63