Add authorisation on Fetch and Push endpoints #36
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tomcoldrick-ct
force-pushed
the
coldtom/authorizer
branch
from
1c7ab6b
to
0a32ef8
Compare
tomcoldrick-ct
force-pushed
the
coldtom/authorizer
branch
2 times, most recently
from
8f3b71d
to
61e6972
Compare
|
Hey @EdSchouten ; would it be possible to get a review of this? |
EdSchouten
approved these changes
Mar 31, 2024
|
@tomcoldrick-ct if you could fix this up with the latest changes in master, I'd be happy to get it merged |
tomcoldrick-ct
force-pushed
the
coldtom/authorizer
branch
from
61e6972
to
1d2a081
Compare
Currently we support the authentication policies from bb-storage by way of using the common gRPC server, but we don't allow for granular authorisation on our endpoints! This adds the ability to configure authorizers (as in other Buildbarn components) to the two endpoints we expose. These are added at the top-level of configuration to simplify use, even though one could technically expose this as a configuration option to decorate fetchers and asset stores. In particular, a single global fetch authorizer is much simpler than having to configure a policy for remote fetching and fetching from assets that were explicitly Push'd.
tomcoldrick-ct
force-pushed
the
coldtom/authorizer
branch
from
1d2a081
to
544ae68
Compare
|
@tomcoldrick-ct Thank you very much! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently we support the authentication policies from bb-storage by way of using
the common gRPC server, but we don't allow for granular authorisation on our
endpoints! This adds the ability to configure authorizers (as in other
Buildbarn components) to the two endpoints we expose.
These are added at the top-level of configuration to simplify use, even though
one could technically expose this as a configuration option to decorate fetchers
and asset stores. In particular, a single global fetch authorizer is much
simpler than having to configure a policy for remote fetching and fetching from
assets that were explicitly Push'd.