Skip to content
Snippets Groups Projects
Commit 76a4008d authored by Mohammad Torkashvand's avatar Mohammad Torkashvand
Browse files

add todo for inventory-provider and client-credential flow

parent ba98cc43
No related branches found
No related tags found
1 merge request!215Feature/nat 468 refactor auth
Hide whitespace changes
Inline Side-by-side
gso/__init__.py
+ 5
0
View file @ 76a4008d
...@@ -9,6 +9,9 @@ from orchestrator.graphql import SCALAR_OVERRIDES ...@@ -9,6 +9,9 @@ from orchestrator.graphql import SCALAR_OVERRIDES
import gso.products import gso.products
import gso.workflows # noqa: F401 import gso.workflows # noqa: F401
from gso.api import router as api_router from gso.api import router as api_router
from gso.auth.oidc import oidc_instance
from gso.auth.opa import opa_instance
from gso.middlewares import ModifyProcessEndpointResponse
from gso.graphql_api.types import GSO_SCALAR_OVERRIDES from gso.graphql_api.types import GSO_SCALAR_OVERRIDES
SCALAR_OVERRIDES.update(GSO_SCALAR_OVERRIDES) SCALAR_OVERRIDES.update(GSO_SCALAR_OVERRIDES)
...@@ -17,6 +20,8 @@ SCALAR_OVERRIDES.update(GSO_SCALAR_OVERRIDES) ...@@ -17,6 +20,8 @@ SCALAR_OVERRIDES.update(GSO_SCALAR_OVERRIDES)
def init_gso_app() -> OrchestratorCore: def init_gso_app() -> OrchestratorCore:
"""Initialise the :term:`GSO` app.""" """Initialise the :term:`GSO` app."""
app = OrchestratorCore(base_settings=app_settings) app = OrchestratorCore(base_settings=app_settings)
app.register_authentication(oidc_instance)
app.register_authorization(opa_instance)
app.register_graphql() app.register_graphql()
app.include_router(api_router, prefix="/api") app.include_router(api_router, prefix="/api")
return app return app
......
gso/api/v1/processes.py
+ 2
3
View file @ 76a4008d
...@@ -6,11 +6,10 @@ from uuid import UUID ...@@ -6,11 +6,10 @@ from uuid import UUID
from fastapi import APIRouter, Depends, HTTPException, status from fastapi import APIRouter, Depends, HTTPException, status
from orchestrator.db import ProcessStepTable from orchestrator.db import ProcessStepTable
from orchestrator.schemas.base import OrchestratorBaseModel from orchestrator.schemas.base import OrchestratorBaseModel
from orchestrator.security import get_authorization from orchestrator.security import authorize
authorization = get_authorization()
router = APIRouter(prefix="/processes", tags=["Processes"], dependencies=[Depends(authorization.authorize)]) router = APIRouter(prefix="/processes", tags=["Processes"], dependencies=[Depends(authorize)])
class CallBackResultsBaseModel(OrchestratorBaseModel): class CallBackResultsBaseModel(OrchestratorBaseModel):
......
gso/auth/opa.py
+ 2
5
View file @ 76a4008d
...@@ -21,11 +21,6 @@ class OPAAuthorization(OPAAuthorization): ...@@ -21,11 +21,6 @@ class OPAAuthorization(OPAAuthorization):
cls._instance = super(OPAAuthorization, cls).__new__(cls) cls._instance = super(OPAAuthorization, cls).__new__(cls)
return cls._instance return cls._instance
async def authorize(
self, request: Request, user_info: OIDCUserModel = Depends(oidc_instance.authenticate)
) -> bool | None:
return await super().authorize(request, user_info)
async def get_decision(self, async_request: AsyncClient, opa_input: dict) -> OPAResult: async def get_decision(self, async_request: AsyncClient, opa_input: dict) -> OPAResult:
logger.debug("Posting input json to Policy agent", opa_url=self.opa_url, input=opa_input) logger.debug("Posting input json to Policy agent", opa_url=self.opa_url, input=opa_input)
try: try:
...@@ -42,3 +37,5 @@ class OPAAuthorization(OPAAuthorization): ...@@ -42,3 +37,5 @@ class OPAAuthorization(OPAAuthorization):
opa_instance = OPAAuthorization( opa_instance = OPAAuthorization(
opa_url=oauth2lib_settings.OPA_URL, opa_url=oauth2lib_settings.OPA_URL,
) )
# TODO - Think about Inventoryo-provider since it is not defined in the code but is used in the old branch
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment