You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by amiryesh <gi...@git.apache.org> on 2017/02/26 21:57:38 UTC

[GitHub] incubator-trafficcontrol pull request #313: API GW (initial)

GitHub user amiryesh opened a pull request:

    https://github.com/apache/incubator-trafficcontrol/pull/313

    API GW (initial)

    Initial implementation of API GW,  and authentication service, based on https://github.com/rarenivar/project5799
    
    The auth service authenticates a user against `tm_user` table and set capabilities accordingly, on the response jwt. Note that capability tables are not yet ready in to db, therefor capabilities are set hard coded.  The hardcoded capabilities are `[read-ds, write-ds, read-cg]` (ds stands for delivery service, cg stands for cache group)
    
    The API GW (webfront) authorize a request according to the required capabilities for the API, as configured is `rules.json`. The required capabilities per each API will be read from to db when the tables are ready. 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/amiryesh/incubator-trafficcontrol api-gw

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-trafficcontrol/pull/313.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #313
    
----
commit c615fa42ff09d285a1995a196ba474dc7bf22a31
Author: Amir Yeshurun <am...@qwilt.com>
Date:   2017-02-26T20:51:53Z

    original webfront, auth services taken form https://github.com/rarenivar/project5799

commit ccab734f601b1670c3ddb9cf9c00f7bbc6485301
Author: Amir Yeshurun <am...@qwilt.com>
Date:   2017-02-26T21:29:40Z

    update auth service to authenticate user against tm_users. add user's capabilities to jwt claims. capabilities are currently hard coded because role tables are not ready yet. webfront authorize user according to capabilities. jwt signing secret is passed to both services on command line

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol issue #313: API GW (initial)

Posted by knutsel <gi...@git.apache.org>.

Github user knutsel commented on the issue:

    https://github.com/apache/incubator-trafficcontrol/pull/313
  
    1) should the key and pem files be in the repo?
    2) can you add apache 2.0 license to the source code files?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol pull request #313: API GW (initial)

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/incubator-trafficcontrol/pull/313


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol issue #313: API GW (initial)

Posted by amiryesh <gi...@git.apache.org>.

Github user amiryesh commented on the issue:

    https://github.com/apache/incubator-trafficcontrol/pull/313
  
    1. I'd keep the key and pem files in the repo just to have a quick start. they can even be used in testing environments. of course, they will not be used in a production env. what do you think?
    2. i'll add the licence


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---