cyclops icon indicating copy to clipboard operation
cyclops copied to clipboard
verified publisher icon cyclops-ui

ft(rbac): Cyclops login page for authentication & Integration of Cerbos for Authorization

Open siddhantprateek opened this issue 1 year ago • 10 comments

closes #48

Preview

https://github.com/cyclops-ui/cyclops/assets/43869046/f4344c17-d6af-4e12-86c5-548cadebc64f

📑 Description

  • Added Login Page
  • Added authentication context provider, for auth state management

✅ Checks

  • [ ] I have updated the documentation as required
  • [ ] I have performed a self-review of my code

ℹ Additional context

  • Integrated Cerbos for authorization.
  • Added a login controller and handler for username and password based login:
    • Returns a JWT access token, which the auth middleware uses to verify each endpoint.
  • Created Cerbos policies for each resource.
  • Added a Cerbos service to Docker Compose for local development.
  • For user and password verification it uses kubernetes secrets

currently the way of creating a user is

apiVersion: v1
kind: Secret
metadata:
  name: cyclops-user-1
  namespace: cyclops
  labels:
    app.kubernetes.io/part-of: cyclops
    app.kubernetes.io/type: user
    app.kubernetes.io/name: siddhant
data:
  password: c2lkZGhhbnQ=
  roles: dXNlcg==
  username: c2lkZGhhbnQ=
type: Opaque

the query will be based on the labels

  labels:
    app.kubernetes.io/part-of: cyclops
    app.kubernetes.io/type: user
    app.kubernetes.io/name: siddhant
  • app.kubernetes.io/name: siddhant same as the username

Further required enhancement

  • need to refer sample k8s cerbos setup https://github.com/cerbos/demo-rest/blob/main/deploy/k8s.yaml and add this to part of cyclops installation

siddhantprateek avatar Jun 23 '24 10:06 siddhantprateek

This looks awesome. Is there a reason you separated this PR from the other?

petar-cvit avatar Jun 27 '24 11:06 petar-cvit

I believe, I should close the other PR because I require rbac changes for the UI changes, and I also need to work on the latest branch instead of the rbac branch due to updates in the controller.

siddhantprateek avatar Jun 27 '24 11:06 siddhantprateek

Got it. Could you then close the other PR? Is this one ready for review

petar-cvit avatar Jun 27 '24 11:06 petar-cvit

You can review this i'll close that one, and update the Additional Context for this

siddhantprateek avatar Jun 27 '24 11:06 siddhantprateek

Thanks, will do!

petar-cvit avatar Jun 27 '24 11:06 petar-cvit

Also before merging the changes, we need to have Further required enhancement part too, and a way to generate admin user

siddhantprateek avatar Jun 27 '24 11:06 siddhantprateek

Hey @siddhantprateek, I started reviewing the PR, but could you separate it into smaller PRs? It's going to be easier to review it and discuss the solution. Especially if we still have some parts of the solution we need to discuss

petar-cvit avatar Jun 29 '24 19:06 petar-cvit

Could we also have a logout button in the sidebar? Make sure to resolve conflicts and pick up the latest main branch

Thanks for the clarification! I often forget to ask where exactly to place the logout button. I’ll also make sure to resolve any conflicts.

Logout Button Preview: image

siddhantprateek avatar Aug 09 '24 03:08 siddhantprateek

@siddhantprateek can we put the logout button in the top right on the navbar? Also, we could add the username and role currently used

petar-cvit avatar Aug 14 '24 17:08 petar-cvit

image

user with role and logout dropdown preview

siddhantprateek avatar Oct 06 '24 17:10 siddhantprateek