Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use ASAB auth and tenant services #440

Open
wants to merge 91 commits into
base: main
Choose a base branch
from
Open

Use ASAB auth and tenant services #440

wants to merge 91 commits into from
+1,242 −1,192

Conversation

byewokko
Copy link
Collaborator

@byewokko byewokko commented Feb 12, 2025
edited
Loading

Summary

  • Introduces custom TenantProvider for ASAB TenantService.
  • Introduces custom AuthProvider for ASAB AuthService.
  • Introduces custom Authorization for ASAB AuthService which also includes verified Seacat Session object.
  • Removes SessionContext, replace with asab.contextvars.Authz.
  • Introduces system_authz context manager for providing authorization in service-internal context (provisioning, maintenance...).
  • RbacService:
    • uses access control functions from asab.web.auth.authorization.
    • tenant softchecks are not supported.
    • tenant access is done using a proper method, dummy resource "tenant:access" is not supported.

TODO

  • When request is authenticated using ASAB internal auth, there is no Seacat Auth session associated with it.
    • Prepare system session
    • Inject it into the context???

@byewokko byewokko added the enhancement New feature or request label Feb 12, 2025
@byewokko byewokko self-assigned this Feb 12, 2025
byewokko
byewokko commented Mar 4, 2025
View reviewed changes
Dockerfile
@@ -45,7 +45,7 @@ RUN apk add --no-cache \
pyyaml \
pymongo \
sentry-sdk \
git+https://github.com/TeskaLabs/asab.git
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove this before merging

byewokko
byewokko commented Mar 4, 2025
View reviewed changes
.github/workflows/ci.yml
@@ -60,7 +60,7 @@ jobs:
pip install bcrypt
pip install argon2
pip install jwcrypto
pip install git+https://github.com/TeskaLabs/asab.git#egg=asab[encryption]
pip install "asab[encryption] @ git+https://github.com/TeskaLabs/asab.git@feature/auth-providers"
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove dev branch before merging

ateska
ateska requested changes Mar 11, 2025
View reviewed changes
seacatauth/auth_provider.py Outdated


@contextlib.contextmanager
def system_authz(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Proposed name: local_authz

seacatauth/authz/rbac/service.py


# TODO: Deprecated. Replace with ASAB auth functions entirely.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Propose a date of when this code is to be removed ... or consider Deprecation at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ateska ateska ateska requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@byewokko byewokko

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@byewokko @ateska