Comments (5)
The release, testing and promotion flow needs to be well thought through up front. We already have technical debt re: internal dependencies not being updated until the moment of release. In particular, does the authenticators depend on conjur for builds/CI, which conjur version is used, etc, and then what images/how do downstream projects that depend on conjur consume a conjur+authenticators image and where (and when) is that image created?
from conjur.
thanks for doing this @jonahx ! As we also want to go in the direction of pluggable authenticators, which should not be fully-coupled to Ruby, we need to verify that the proposed change does not take us further away for that. It doesn't need to get us closer but at least not to make it harder for us to do it.
from conjur.
Also - can you please elaborate in the doc how Conjur will consume the authenticators? how will it be done in each project (OSS, appliance, Conjur on RHEL, SaaS)?
from conjur.
Thanks for raising this @jonahx
I think this proposal can greatly improve our ability to develop authenticators - we could, for example, have a "conjur skeleton" to have a fast feedback loop with authn testing.
Another positive thing is that it can help us in the direction of having pluggable authenticators.
Regarding the createToken
method - our authn aren't really responsible for creating tokens. they just answer the question of is the identity is from a reliable party and if the method is allowed
. the token flow is the same for all authn so it can be abstracted from them IMHO. but I do agree that we will need to have some generic contract between the host (conjur) and the gem
Would be happy to see any initial design you might have
from conjur.
Closing this as I will be opening a new issue for discussion after some experimentation and POC work.
from conjur.
Related Issues (20)
- Overloaded policy_versions table cause out of memory error HOT 1
- IP ranges are not considered valid using new configuration system HOT 1
- 500 on login with empty username
- Links in 1.13.0 release HOT 2
- Use the same version of external postgres. conjur to report an error. HOT 3
- Discussion: Options for Authenticator Decoupling HOT 5
- A v1.13.1 release exists HOT 1
- Better handling of malformed Kubernetes service account token for Kubernetes authenticator
- Docker container fails to restart HOT 1
- Enable GCP authenticator is not supported in authenticator API HOT 1
- Policy Permit Privileges without brackets doesn't produce an error
- Admin password change results in server error
- Not an Issue - Conjur GUI HOT 1
- Dev environment supports hot reloading
- AWS Credential rotator fails silently with no logs HOT 2
- unable to access the UI in open source setup, HOT 1
- Count resources should return error if limit query param was provided HOT 2
- ConjurCLI fails to authenticate/verify conjur server with certificate issued via LetsEncrypt
- conjur server permanent restart
- Extracting `restricted_to` into a reference to an array of strings
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from conjur.