Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: instructions for Kuadrant users and enhancements #439

Merged
merged 6 commits into from
Oct 26, 2023
Merged

docs: instructions for Kuadrant users and enhancements #439

merged 6 commits into from
Oct 26, 2023

Conversation

guicassolato
Copy link
Collaborator

@guicassolato guicassolato commented Oct 24, 2023
edited
Loading

  • Add instructions for Kuadrant users to the user guides
    • Hello World
    • Authentication with Kubernetes tokens (TokenReview API)
    • Authentication with API keys
    • Authentication with X.509 certificates and mTLS
    • OpenID Connect Discovery and authentication with JWTs
    • OAuth 2.0 token introspection (RFC 7662)
    • Passing credentials (Authorization header, cookie headers and others)
    • HTTP "Basic" Authentication (RFC 7235)
    • Anonymous access
    • Token normalization
    • Edge Authentication Architecture (EAA)
    • Fetching auth metadata from external sources
    • OpenID Connect UserInfo
    • Resource-level authorization with User-Managed Access (UMA) resource registry
    • Simple pattern-matching authorization policies
    • OpenID Connect (OIDC) and Role-Based Access Control (RBAC) with Authorino and Keycloak
    • Open Policy Agent (OPA) Rego policies
    • Kubernetes RBAC for service authorization (SubjectAccessReview API)
    • Authorization with Keycloak Authorization Services
    • Integration with Authzed/SpiceDB
    • Injecting data in the request
    • Authenticated rate limiting (with Envoy Dynamic Metadata)
    • Redirecting to a login page
    • Mixing Envoy built-in filter for auth and Authorino
    • Using Authorino as ValidatingWebhook service
    • Caching
  • Add note about not available for Kuadrant users
    • Host override via context extension
    • Reducing the operational space: sharding, noise and multi-tenancy
  • Replace example host name talker-api-authorino.127.0.0.1.nip.io with talker-api.127.0.0.1.nip.io and other similar ones across the user guides
  • Fix broken links to local pages (due to using ./ anchor refs)

How the new user guides shall look like:

Screenshot 2023-10-24 at 22-07-02 authorino_docs_user-guides_api-key-authentication md at docs_kuadrant-users · Kuadrant_authorino

Why do we need this?

Overall, this will be useful for users of Kuadrant who consume the Authorino docs hosted at docs.kuadrant.io, especially now that the Authentication & Authorization user guides mix Kuadrant ones (AuthPolicy-centered) and Authorino ones (AuthConfig) all in the same bucket.

@gitguardian
Copy link

gitguardian bot commented Oct 24, 2023
edited
Loading

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id Secret Commit Filename
8184017 Keycloak Api Keys 010e1ec docs/user-guides/oauth2-token-introspection.md View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

@guicassolato guicassolato self-assigned this Oct 24, 2023
@guicassolato guicassolato added area/doc Improvements or additions to documentation kind/enhancement New feature or request participation/help needed Extra attention is needed size/medium size/small target/current labels Oct 24, 2023
@guicassolato guicassolato force-pushed the docs/kuadrant-users branch 6 times, most recently from 35dfec2 to 7b4450b Compare October 24, 2023 20:04
@guicassolato guicassolato marked this pull request as ready for review October 24, 2023 20:06
@guicassolato guicassolato requested a review from a team October 24, 2023 20:06
adam-cattermole
adam-cattermole previously approved these changes Oct 25, 2023
View reviewed changes
Copy link
Member

@adam-cattermole adam-cattermole left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really nice changes here, took a little while to go through all the docs updates. I've only verified a subset of the actual guides but given most of them only have the hostname changed happy to put my lgtm!

@guicassolato guicassolato force-pushed the docs/kuadrant-users branch 2 times, most recently from 07faf69 to 829cfb3 Compare October 25, 2023 13:18
@guicassolato
Copy link
Collaborator Author

guicassolato commented Oct 25, 2023
edited
Loading

Trying out all user guides, manually, one by one:

  • Hello World
  • Authentication with Kubernetes tokens (TokenReview API)
  • Authentication with API keys
  • Authentication with X.509 certificates and mTLS
  • OpenID Connect Discovery and authentication with JWTs
  • OAuth 2.0 token introspection (RFC 7662)
  • Passing credentials (Authorization header, cookie headers and others)
  • HTTP "Basic" Authentication (RFC 7235)
  • Anonymous access
  • Token normalization
  • Edge Authentication Architecture (EAA)
  • Fetching auth metadata from external sources
  • OpenID Connect UserInfo
  • Resource-level authorization with User-Managed Access (UMA) resource registry
  • Simple pattern-matching authorization policies
  • OpenID Connect (OIDC) and Role-Based Access Control (RBAC) with Authorino and Keycloak
  • Open Policy Agent (OPA) Rego policies
  • Kubernetes RBAC for service authorization (SubjectAccessReview API)
  • Authorization with Keycloak Authorization Services
  • Integration with Authzed/SpiceDB
  • Injecting data in the request
  • Authenticated rate limiting (with Envoy Dynamic Metadata)
  • Redirecting to a login page
  • Mixing Envoy built-in filter for auth and Authorino
  • Using Authorino as ValidatingWebhook service
  • Caching

@guicassolato guicassolato merged commit 422f175 into main Oct 26, 2023
9 checks passed
@guicassolato guicassolato deleted the docs/kuadrant-users branch October 26, 2023 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adam-cattermole adam-cattermole adam-cattermole left review comments

Assignees

@guicassolato guicassolato

Labels
area/doc Improvements or additions to documentation kind/enhancement New feature or request participation/help needed Extra attention is needed size/medium size/small
Projects
No open projects
Kuadrant Service Protection
Status: To test
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@guicassolato @adam-cattermole