Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth Server is not present on "System Health" page #146

Closed
DonMartin76 opened this issue Dec 19, 2018 · 0 comments
Closed

Auth Server is not present on "System Health" page #146

DonMartin76 opened this issue Dec 19, 2018 · 0 comments
Labels
beta Issues in the beta version
Milestone
1.0.0-rc.1

Comments

@DonMartin76
Copy link
Member

Even if the Authorization Server is a mandatory and crucial part of a wicked deployment, it is not yet displayed as a component on the "System Health" page.
@DonMartin76 DonMartin76 added the beta Issues in the beta version label Dec 19, 2018
@DonMartin76 DonMartin76 added this to the 1.0.0 milestone Dec 19, 2018
@DonMartin76 DonMartin76 modified the milestones: 1.0.0, 1.0.0-rc.1 Feb 21, 2019
maksimlikharev pushed a commit to clarivate/wicked.api that referenced this issue Apr 15, 2019
sync 04/15/2019 (#21)
d1d5802 
* wip - preparation to run API via Kong

* Some minor adaptions, added registration pools (still not finished)

* Various changes to adapt for accessing via OAuth2.

* Monster check in: Refactor entire data access code into a DAO for JSON in preparation for the Postgres/Cassandra DAO; all unit tests pass again. Other adaptions for the portal using OAuth2, but not finished quite yet. Still missing: Moving authorization to scopes, taking out loading the user all the time, except where needed.

* Remove the outdated integration tests from this repository; they have been in a separate repo for a long time (wicked.portal-test).

* Finished first (almost) complete implementation of the Postgres DAO. All integration tests in wicked.portal-test actually pass now!

* Work in progress - minor fixes to user entities

* Bump version to 0.12.3

* Bump to 1.0.0 for this branch

* Ignore IntelliJ files for now

* Minor fixes of the approval feature which went bust during the merge

* Added missing implementation of delete webhook event

* Refactored core.sql ingest to add meta information by node code instead of SQL

* partner api flag (#11)

* introducing partner API flag filtering

* additional fix for partner api access check

* WIP - registrations API

* Bump to version 0.12.5

* Some rework on the webhooks - use Postgres notifications to speed up

* Some rework on webhook notifications - missing bits

* Updated dependencies

* VS Code launch configuration based on the wicked-sample-config

* Both JSON and Postgres environments

* Minor fix in error message

* Eliminate var --> const and let

* Fix faulty sync-to-async pattern; the callback must go OUTSIDE of the try-catch.

* Add a retry counter for connecting to Postgres

* Lint

* Also check for "Postgres starting up" error code, and retry subsequently

* Updated logging/debugging component to using winston (from portal-env)

* Draft implementation JSON DAO for Registrations

* Registration endpoints - JSON and generic implementation

* Refactor out 'var' from utils.js

* Added pools utilities and endpoints

* Validation logic for pool definitions

* Add scope verification for registration end points

* Draft implementation of the Grants entity (JSON DAO only until now)

* Minor fixes in the grants code (from tests)

* Suppress jshint warning for predicate

* Sanity check DAO implementation - parameter naming match

- Plus fixing some issues this showed...

* Postgres DAO for registrations

* Clean up comments

* Grants DAO implementation for Postgres

* Huge refactoring - enable OAuth2 scope checking over all end points

* Endpoint for creating machine users (backend admin users)

* Updated dependencies

* Added mandatory verification link to verification entity

* Sync defined auth methods for portal with the portal-api's apis.json

* Inject the authorize and token end points to the authMethod config if not present

* Also add email and customId to registration records

* Allow http:// for redirects if NODE_ENV contains 'local'

* Remove firstName and lastName from user --> registration

* Add a link to the "grants" endpoint

* Write offset/limit with API where necessary; update Swagger

- Add a "count" return value where arrays are returned
- Breaking API change - almost never are just arrays returned, but instead an object

* Add option no_cache to counting registrations; fixes a regression in the tests

* Filtering and ordering for the registrations endpoint

- This will also be applied to the applications endpoint

* Pagin/filtering/sorting endpoint for applications; some refactorings

* Minor refactoring - move getDynamicDir() to JSON utils (it belongs there).

* Refcatoring: Make DAO a class which can be instantiated multiple times if needed

* Refactoring - also PG now has a DAO class for encapsulation

* Some fixes for special queries (applications); filtering now working...
- also for "id" and "ownerEmail"/"ownerUserId"

* Migration of data to/from JSON and Postgres

- Minor refactorings to make migration easier
- Still hard coded source and target configuration for migration
- Docs and surrounding scripting still missing

* Changelog (#16)

* Added additional "application description" field

* Bug fix: Allow approvers to decline an approval request. Approver was getting "403" while declining an approval request

* bug fix

* Application description field changes

* Re-apply application description change

* Description field

* Review comments

* Re-apply changes after resolving merge conflicts

* Updated dependencies

* Postgres verification reconciliation implementation

* Principal election mechanism - only one instance should fire events

* Update dependencies

* Migration: When migrating legacy data, create registrations for wicked pool

- Minor refactorings regarding JSON metadata files
- Improve migrate CLI, can now write a sample config, plus takes config JSON file

* Swagger UI plugin upgrade

* Refactoring - move loading of auth servers to the utils.js file

* Add support for trusted subscriptions; addt'l approvals/:id endpoint

* Initialize initial users with lower case email addresses

* Update Swagger spec for upcoming changes

* Change behaviour due to changed specs of pools

* Refactoring of registrations/namespaces

- Add entity "namespaces"
- Allow multiple registrations per pool (one per namespace)

* Minor fixes to namespaces DAO for postgres

* Remove authServers from portal-api apis.json entry; not needed

* Improvements for Swagger UI; Implicit Grant and Auth Code work now

- For some reason, client_credentials flow does *not*

* Recreate swagger.json from YAML files at startup

* First adaptions to scopes for OAuth2 APIs

* Updated dependencies

* Handle Open API 3.0 specifications in swagger

* Add a built in echo server for testing purposes

* Refactored the swagger related helper methods to swagger-utils file to remove clutter from apis.js file

* Minor fixes to Swagger found during SDK creation

* Updated dependencies

* Document passhtrough* properties of APIs

* Migration: Add ID for approvals if not present.

* Permission fix in docker case

* Added debug message for already present file list

* Updated dependencies

* Remove group scope injection from the API, this is done in the Kong Adapter

* Echo Server: Support listening to a different port than 3009

- Needed for integration testing locally

* Canonicalize URLs for upstream URLs for APIs

* Some minor bugfixes

- Make sure ordering of webhook events remains the same
- Use users.loadUser when performing roles checking

* Retry connecting to PG in case of unexpected termination

* Restructure PG init and make it more robust (hopefully)

* Update to pg 7.4.3 (latest version)

* Take out explicit owner of things; use the logged in user

* Take out disturbing collate calls

* Add error checking after creating initial schema.

* Add support for creating users with pre-hashed passwords

* Support checking meteor style password hashes as well

* Updated dependencies

* Map prefix "internal" correctly when migrating

* Some additional information on the Echo API.

* Nicer description of the Portal API.

* Add support for patching user passwords with pre-hashed passwords

* Allow "passwords" >24 chars if already hashed

* Fix for rewriting meteor style passwords (sent answers twice).

* Add basic prometheus metrics

* Track open connect Ids

* Tweaking of Postgres to prevent deadlocks with full connection pools

* Change how authenticated user id is expected (using sub=<user id>).

* Lower number of connections to Postgres (Azure cannot take it)

* Enable custom database name for wicked database

Fixes Haufe-Lexware/wicked.haufe.io#118 (API part)

* Support for external API scopes

* Error handling and Postgres metrics for Prometheus

* Log errors if getting swagger from remote fails

* Make OpenAPI Authorization injection more robust

* Fixing some minor bugs with OpenAPI 3 support, make it more robust

- Additionally support multiple request URIs

* Support for templated CSS files

* Use pluggable and configurable password validation mechanism

* Support storing "must change password"

* Added some debug messages

* Be somewhat less restrictive regarding redirect URIs (allow custom scheme)

* Allow requiring a user group to access echo and portal-api APIs

* If Swagger didn't contain securityDefinitions, the swagger endpoint crashed

* Fixes Haufe-Lexware/wicked.haufe.io#121

- Regression from feature "custom wicked database"

* Enable the PgDao to be instanciated twice (for migrations).

* Remove health API, move portal-api to /wicked and echo to /wicked-echo

* Rule out invalid email addresses when creating a user

* Updated dependencies

* Missing feature: Drop database always dropped "wicked", not the specified one.

* Updated dependencies

* variable substitution for the migration (#17)

* Preparations for Haufe-Lexware/wicked.haufe.io#138

- Support for allowedScopesMode and allowedScopes on subscriptions
- Minor refactorings

* Approval ability to read applications/subscriptions (#18)

* variable substitution for the migration

* allow approver to read applications

* modifying subscriptions as well

* Forgotten bug fix check in

* Ability to paginated subscriptions for administrators and approvers

* Tab to space

* Remove old bash tests script

* Test to see whether commits are linked to my account again

* Remove package-lock.json

* Don't return a 500 for certain things in JSON mode, return 501 instead.

* Rename images (drop portal-).

* More adaptions to image renaming.

* Correct upstream project

* Simple script for development purposes

* Pass back the NODE_ENV in the globals.

* Clean up some superfluous logging to console

* Fixes Haufe-Lexware/wicked.haufe.io#146 (hopefully)

* Fix flaky integration tests (mostly on Jenkins)

- Don't send the result of the add subscription until also the approval has been persisted

* Support a more granular client type (not only confidential/public)

- API Implementation of Haufe-Lexware/wicked.haufe.io#159

* Enable /kill for admins; needed to reload the configuration

* Debug messages; restart_api scope added

* Persist current config hash in Metadata,
Check every 15 seconds for updated hashes (from secondary apis instances)

* If kongProxyUrl is set, use that instead of external URL

* Ignore build_date file

* Bump to version 1.0.0-rc.1

* Remove versioning from portal-env.tgz

* Enable local builds; use su-exec instead of gosu on Alpine

* Turn off docker build caching

* Bump to version 1.0.0-rc.2

* Try out SonarQube

* More sonar testing

* Added sonar project properties file

* Ignore SonarQube if not on branch "next"

* Tpyo

* Declarative Pipeline with docker agent

* I love Jenkins

* I crave fixing Jenkinsfile problems

* This looks wrong, Jenkins. Why do your docs suck so much?

* Let's persuade Jenkins to use root

* Fix SonarQube "bugs"

* Take out root:root; use the right user

* Hello Jenkins, my old friend.
I've come to fight with you again.

* One more try to convince Jenkins to do the right thing.

* Try out --group-add instead of -u

* WTF

* Don't run build script as root + fixing of temp files belonging to root

* Temporarily run as root to fix permissions...

* Final(?) version of build scripts

* ESLint round 1 - let/const/var

* ESLint pass 2: No single line for/if statements (force curly)

* ESLint part 2b, forgot some files (curly if)

* SonarQube BLOCKERS

* SonarQube fixes of Blocker/Critical topics

* Support in the API for multiple redirect_uris

- Part of Haufe-Lexware/wicked.haufe.io#178

* Filter out empty redirectUris from array

* Tyoe check redirectUri; fixes crash if passed in array

* Fixes Haufe-Lexware/wicked.haufe.io#186

* Bump to version 1.0.0-rc.3

* Bump to version 1.0.0-rc.4

* Update morgan to 1.9.1

* Fixes Haufe-Lexware/wicked.haufe.io#190

- Does not take the .git repo into account when hashing the static config

* Fixes Haufe-Lexware/wicked.haufe.io#191

* crlf fix

* Fixed issue Haufe-Lexware/wicked.haufe.io#177 (#21)

* Fixed issue Haufe-Lexware/wicked.haufe.io#177

* Fixed issue Haufe-Lexware/wicked.haufe.io#179

* Haufe-Lexware/wicked.haufe.io#176 (#20)

* Initial DB layer for Audit Report

* Initial commit for Audit Report

* Optional addition field for subscription API

* Using inner join to filter out internal api subscriptions

* Added status column

* Return userid of the owners

* Schema change

* Fix conflict issue

* Partial review comments implented

* More review comments implementation

* Only run the populate the api group in step number 3

* Swagger signatures for /subscriptions api

* Minor fixes and linting

* Update async and request

* Minor nit pick on a special error messafe

* Fixes Haufe-Lexware/wicked.haufe.io#190
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
beta Issues in the beta version
Projects
None yet
Milestone
1.0.0-rc.1
Development

No branches or pull requests
1 participant
@DonMartin76