Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BED-4766: API Endpoint to List OIDC Providers #896

Merged
merged 31 commits into from
Oct 15, 2024
Merged

BED-4766: API Endpoint to List OIDC Providers #896

merged 31 commits into from
Oct 15, 2024

Conversation

iustinum
Copy link
Contributor

@iustinum iustinum commented Oct 4, 2024

Description

This pull request introduces a unified SSO endpoint that provides detailed information on both OIDC and SAML providers. The goal is to offer a consolidated and accurate list of available authentication methods, ensuring that users are directed to the appropriate provider for successful authentication.

Motivation and Context

This PR addresses the requirements outlined in ticket BED-4766.

Previously, SSO providers were listed using the GET /api/v2/saml/sso endpoint, which only supported SAML providers. With the addition of OIDC as an alternative authentication method to comply with FedRamp requirements, there is a need for a single, unified endpoint. This new endpoint will display information about both SAML and OIDC providers as a more flexible and agnostic approach. The unified endpoint will replace the existing SAML-only endpoint to ensure all authentication options are covered.

How Has This Been Tested?

Unit Tests: Via auth/sso_test to verify endpoint behavior.
Integration Tests: Via database/sso_providers_test to verify interaction with the database.

Screenshots (optional):

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist:

mvlipka and others added 20 commits September 30, 2024 14:10
@mvlipka
BED-4851 Updated CreateOIDCProvider endpoint and relevant database in…
97eb109 
…teractions to match new design
@mvlipka
BED-4851 updates to conform to new design
e7111dd
@mvlipka
BED-4851 cleanup import
2a22dc6
@mvlipka
BED-4851 added integration test for TestBloodhoundDB_CreateSSOProvide…
5028c18 
…rWithTransaction
@mvlipka
BED-4851 removed name from oidc_providers
686a359
@mvlipka
BED-4851 updated tests with removed name field
6a67c61
@mvlipka
BED-4851 idempotent saml_providers constraint
4c818e7
@mvlipka
BED-4851 moved responsibility of slug creation to the db layer. Prope…
0723780 
…rly backfill saml_providers with the new sso_providers key. Added new enum type for sso_provider types
@mvlipka
Merge main
022d2a6
@mvlipka
generate
6877860
@mvlipka
removed test I was playing with and accidentally committed, oops. Add…
704c330 
…ed a mapping from AuthProvider to the new SSOProviderType enum
@mvlipka
fix returning error from CreateSSOPRovider
e55f5e0
@mvlipka
added test for invalid SessionAuthProvider
1cf416d
@mvlipka
fixed test, better naming on sso provider types
0be0354
@iustinum
list without sortinga and filtering complete
d1e0ce3
@mvlipka
removed no longer used SetupTransaction
5b4edcc
@iustinum
unit and integration test passed
fbdae9b
@iustinum
adjust list endpoint after removing name in oidc provider
b0e7b4f
@iustinum
merge branch bed-4766-v2
aa64447
@iustinum
cleanup for pr
5d5c5b5
@iustinum iustinum added the api A pull request containing changes affecting the API code. label Oct 4, 2024
@iustinum iustinum self-assigned this Oct 4, 2024
This was referenced Oct 4, 2024
Merged
Merged
Open
@juggernot325 juggernot325 added the blocked This pull request cannot be completed and should not be merged label Oct 7, 2024
@iustinum iustinum requested a review from ddlees October 7, 2024 20:12
mistahj67
mistahj67 reviewed Oct 8, 2024
View reviewed changes
Copy link
Contributor

@mistahj67 mistahj67 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can point the base to @mvlipka 's create PR and it might help reviewing this without his changes as well? And then we just make sure we don't merge until his is merged. Looking good so far!

cmd/api/src/api/v2/auth/sso.go Outdated Show resolved Hide resolved
ddlees
ddlees previously requested changes Oct 9, 2024
View reviewed changes
cmd/api/src/database/sso_providers.go Show resolved Hide resolved
@iustinum iustinum added the work in progress This pull request is a work in progress and should not be merged label Oct 9, 2024
@iustinum iustinum removed the blocked This pull request cannot be completed and should not be merged label Oct 11, 2024
mistahj67
mistahj67 requested changes Oct 11, 2024
View reviewed changes
Copy link
Contributor

@mistahj67 mistahj67 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only blocked because the permission requirement needs to be removed. Otherwise this is looking great! I concede, the gorm joins feature is schnazzy just don't let @superlinkx know I said that out loud.

Also did you run prep-for-codereview 👀

cmd/api/src/api/registration/v2.go Outdated Show resolved Hide resolved
cmd/api/src/api/v2/auth/sso.go Show resolved Hide resolved
cmd/api/src/api/v2/auth/sso.go Show resolved Hide resolved
cmd/api/src/api/v2/auth/sso.go Outdated Show resolved Hide resolved
cmd/api/src/database/sso_providers.go Show resolved Hide resolved
cmd/api/src/api/v2/auth/sso_test.go Show resolved Hide resolved
iustinum and others added 2 commits October 11, 2024 15:16
@iustinum @mistahj67
Remove authmanageproviders permission from API route
1d024ab 
Co-authored-by: mistahj67 <26472282+mistahj67@users.noreply.github.com>
@iustinum
addresses nits
9b86535
mistahj67
mistahj67 approved these changes Oct 15, 2024
View reviewed changes
Copy link
Contributor

@mistahj67 mistahj67 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally, everything is working solid! 🚀

cmd/api/src/api/v2/analysisrequest.go Outdated Show resolved Hide resolved
cmd/api/src/api/v2/auth/sso.go Outdated Show resolved Hide resolved
cmd/api/src/api/v2/auth/sso.go Outdated Show resolved Hide resolved
cmd/api/src/api/v2/auth/sso.go Outdated Show resolved Hide resolved
iustinum and others added 4 commits October 15, 2024 13:51
@iustinum @mistahj67
Update cmd/api/src/api/v2/analysisrequest.go
1ce012a 
Co-authored-by: mistahj67 <26472282+mistahj67@users.noreply.github.com>
@iustinum @mistahj67
Update cmd/api/src/api/v2/auth/sso.go
17bef89 
Co-authored-by: mistahj67 <26472282+mistahj67@users.noreply.github.com>
@iustinum @mistahj67
Update cmd/api/src/api/v2/auth/sso.go
2aa3e41 
Co-authored-by: mistahj67 <26472282+mistahj67@users.noreply.github.com>
@iustinum @mistahj67
Update cmd/api/src/api/v2/auth/sso.go
befd85a 
Co-authored-by: mistahj67 <26472282+mistahj67@users.noreply.github.com>
@iustinum iustinum enabled auto-merge (squash) October 15, 2024 20:54
@iustinum iustinum removed the work in progress This pull request is a work in progress and should not be merged label Oct 15, 2024
@iustinum iustinum merged commit 403c45c into main Oct 15, 2024
4 checks passed
@iustinum iustinum deleted the BED-4766-V2 branch October 15, 2024 21:07
@github-actions github-actions bot locked and limited conversation to collaborators Oct 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mistahj67 mistahj67 mistahj67 approved these changes

@ddlees ddlees Awaiting requested review from ddlees

Assignees

@iustinum iustinum

Labels
api A pull request containing changes affecting the API code.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@iustinum @ddlees @mistahj67 @juggernot325 @mvlipka