mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-09-13 13:22:01 +00:00
TRA-4075 integrate kratos user management (#583)
* WIP * WIP * WIP * WIP * Update App.tsx and Header.tsx * Update createResources.go, provider.go, and 2 more files... * WIP * fix eof newlines * Fix ts imports, add readiness probe to kratos to prevent mizu being used while kratos isnt ready * cleaned code * fix install create namespace * Update package-lock.json * Update provider.go * Update provider.go * Update provider.go * Update install_controller.go * Update kratos.yml * Update start.sh * Update provider.go * Update provider.go * Update main.go, socket_routes.go, and 8 more files... * Update App.tsx * Update installRunner.go * Update App.tsx
This commit is contained in:
RamiBerm
GitHub
18
agent/pkg/providers/install_provider.go
Normal file
18
agent/pkg/providers/install_provider.go
Normal file
@@ -0,0 +1,18 @@
|
||||
package providers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"mizuserver/pkg/config"
|
||||
)
|
||||
|
||||
func IsInstallNeeded() (bool, error) {
|
||||
if !config.Config.StandaloneMode { // install not needed in ephermeral mizu
|
||||
return false, nil
|
||||
}
|
||||
|
||||
if anyUserExists, err := AnyUserExists(context.Background()); err != nil {
|
||||
return false, err
|
||||
} else {
|
||||
return !anyUserExists, nil
|
||||
}
|
||||
}
|
||||
162
agent/pkg/providers/user_provider.go
Normal file
162
agent/pkg/providers/user_provider.go
Normal file
@@ -0,0 +1,162 @@
|
||||
package providers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/http/cookiejar"
|
||||
|
||||
ory "github.com/ory/kratos-client-go"
|
||||
"github.com/up9inc/mizu/shared/logger"
|
||||
)
|
||||
|
||||
var client = getKratosClient("http://127.0.0.1:4433", "http://127.0.0.1:4434")
|
||||
|
||||
// returns session token if successful
|
||||
func RegisterUser(username string, password string, ctx context.Context) (token *string, identityId string, err error, formErrorMessages map[string][]ory.UiText) {
|
||||
flow, _, err := client.V0alpha2Api.InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx).Execute()
|
||||
if err != nil {
|
||||
return nil, "", err, nil
|
||||
}
|
||||
|
||||
result, _, err := client.V0alpha2Api.SubmitSelfServiceRegistrationFlow(ctx).Flow(flow.Id).SubmitSelfServiceRegistrationFlowBody(
|
||||
ory.SubmitSelfServiceRegistrationFlowWithPasswordMethodBodyAsSubmitSelfServiceRegistrationFlowBody(&ory.SubmitSelfServiceRegistrationFlowWithPasswordMethodBody{
|
||||
Method: "password",
|
||||
Password: password,
|
||||
Traits: map[string]interface{}{"username": username},
|
||||
}),
|
||||
).Execute()
|
||||
|
||||
if err != nil {
|
||||
parsedKratosError, parsingErr := parseKratosRegistrationFormError(err)
|
||||
if parsingErr != nil {
|
||||
logger.Log.Debugf("error parsing kratos error: %v", parsingErr)
|
||||
return nil, "", err, nil
|
||||
} else {
|
||||
return nil, "", err, parsedKratosError
|
||||
}
|
||||
}
|
||||
|
||||
return result.SessionToken, result.Identity.Id, nil, nil
|
||||
}
|
||||
|
||||
func PerformLogin(username string, password string, ctx context.Context) (*string, error) {
|
||||
flow, _, err := client.V0alpha2Api.InitializeSelfServiceLoginFlowWithoutBrowser(ctx).Execute()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
result, _, err := client.V0alpha2Api.SubmitSelfServiceLoginFlow(ctx).Flow(flow.Id).SubmitSelfServiceLoginFlowBody(
|
||||
ory.SubmitSelfServiceLoginFlowWithPasswordMethodBodyAsSubmitSelfServiceLoginFlowBody(&ory.SubmitSelfServiceLoginFlowWithPasswordMethodBody{
|
||||
Method: "password",
|
||||
Password: password,
|
||||
PasswordIdentifier: username,
|
||||
}),
|
||||
).Execute()
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if result == nil {
|
||||
return nil, errors.New("unknown error occured during login")
|
||||
}
|
||||
|
||||
return result.SessionToken, nil
|
||||
}
|
||||
|
||||
func VerifyToken(token string, ctx context.Context) (bool, error) {
|
||||
flow, _, err := client.V0alpha2Api.ToSession(ctx).XSessionToken(token).Execute()
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
if flow == nil {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func DeleteUser(identityId string, ctx context.Context) error {
|
||||
result, err := client.V0alpha2Api.AdminDeleteIdentity(ctx, identityId).Execute()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if result == nil {
|
||||
return errors.New("unknown error occured during user deletion")
|
||||
}
|
||||
|
||||
if result.StatusCode < 200 || result.StatusCode > 299 {
|
||||
return errors.New(fmt.Sprintf("user deletion returned bad status %d", result.StatusCode))
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func AnyUserExists(ctx context.Context) (bool, error) {
|
||||
request := client.V0alpha2Api.AdminListIdentities(ctx)
|
||||
request.PerPage(1)
|
||||
|
||||
if result, _, err := request.Execute(); err != nil {
|
||||
return false, err
|
||||
} else {
|
||||
return len(result) > 0, nil
|
||||
}
|
||||
}
|
||||
|
||||
func Logout(token string, ctx context.Context) error {
|
||||
logoutRequest := client.V0alpha2Api.SubmitSelfServiceLogoutFlowWithoutBrowser(ctx)
|
||||
logoutRequest.SubmitSelfServiceLogoutFlowWithoutBrowserBody(ory.SubmitSelfServiceLogoutFlowWithoutBrowserBody{
|
||||
SessionToken: token,
|
||||
})
|
||||
if response, err := logoutRequest.Execute(); err != nil {
|
||||
return err
|
||||
} else if response == nil || response.StatusCode < 200 || response.StatusCode > 299 {
|
||||
return errors.New("unknown error occured during logout")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func getKratosClient(url string, adminUrl string) *ory.APIClient {
|
||||
conf := ory.NewConfiguration()
|
||||
conf.Servers = ory.ServerConfigurations{{URL: url}}
|
||||
|
||||
// this ensures kratos client uses the admin url for admin actions (any new admin action we use will have to be added here)
|
||||
conf.OperationServers = map[string]ory.ServerConfigurations{
|
||||
"V0alpha2ApiService.AdminDeleteIdentity": {{URL: adminUrl}},
|
||||
"V0alpha2ApiService.AdminListIdentities": {{URL: adminUrl}},
|
||||
}
|
||||
|
||||
cj, _ := cookiejar.New(nil)
|
||||
conf.HTTPClient = &http.Client{Jar: cj}
|
||||
return ory.NewAPIClient(conf)
|
||||
}
|
||||
|
||||
// returns map of form value key to error message
|
||||
func parseKratosRegistrationFormError(err error) (map[string][]ory.UiText, error) {
|
||||
var openApiError *ory.GenericOpenAPIError
|
||||
if errors.As(err, &openApiError) {
|
||||
var registrationFlowModel *ory.SelfServiceRegistrationFlow
|
||||
if jsonErr := json.Unmarshal(openApiError.Body(), ®istrationFlowModel); jsonErr != nil {
|
||||
return nil, jsonErr
|
||||
} else {
|
||||
formMessages := registrationFlowModel.Ui.Nodes
|
||||
parsedMessages := make(map[string][]ory.UiText)
|
||||
|
||||
for _, message := range formMessages {
|
||||
if len(message.Messages) > 0 {
|
||||
if _, ok := parsedMessages[message.Group]; !ok {
|
||||
parsedMessages[message.Group] = make([]ory.UiText, 0)
|
||||
}
|
||||
parsedMessages[message.Group] = append(parsedMessages[message.Group], message.Messages...)
|
||||
}
|
||||
}
|
||||
return parsedMessages, nil
|
||||
}
|
||||
} else {
|
||||
return nil, errors.New("error is not a generic openapi error")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user