Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX-2180 Credentials #2182

Merged
merged 4 commits into from
Jan 9, 2024
Merged

FIX-2180 Credentials #2182

merged 4 commits into from
Jan 9, 2024

Conversation

eliasbruvik
Copy link
Contributor

@eliasbruvik eliasbruvik commented Dec 15, 2023
edited
Loading

Fixes

This pull request fixes #2180

Description

Added support for using shared credentials across multiple witsml servers when using oAuth with azure.

  • Added a Credential Ids input when editing a server. Only people with the admin role will be able to edit this when oAuth is enabled.
  • Added CredentialIds to the server objects. This is stored along with the rest of the server object in the database.
  • Added CredentialId to ServerCredentials. This will be populated with from the name of the keyvault secret. For example sharedCredentials from the secret with name witsmlcreds--sharedCredentials--Host
  • When looking for system credentials for a server, if CredentialIds is specified, it will match the credentialIds to find the credentials. If it is not specified, it will use the Uri. This way you don't have to make any changes in the application or the keyvault after this PR has been merged.
  • Everything keeps the same format in the keyvault, so old versions of witsml explorer will not be affected.

Testing these changes can be a bit difficult unless you are using oAuth with system-user secrets in Azure. I have tested it as thorough as possible (with oAuth), but I only had one system user to test it on.

NOTE: If you "degrade" from these changes to one without CredentialIds, the CredentialIds field might have to be removed from the database.

If you are reviewing this PR, please use some time to think about if I have managed to keep the credentials secure. You still need to have the admin role to change CredentialIds, and you still need to have a role that overlaps with the server roles in order to actually use the credentials.

Type of change

  • Bugfix
  • New feature (non-breaking change which adds functionality)
  • Enhancement of existing functionality
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Impacted Areas in Application

  • Frontend
  • API
  • WITSML
  • Other (please describe)

Checklist:

Communication

  • I have made corresponding changes to the documentation
  • PR affects application security

Code quality

  • I have self-reviewed my code
  • No new warnings are generated

Test coverage

  • New code is covered by passing tests

Further comments

@eliasbruvik eliasbruvik changed the title Fix 2180 credentials FIX-2180 Credentials Dec 15, 2023
janmarius
janmarius approved these changes Jan 9, 2024
View reviewed changes
Copy link
Contributor

@janmarius janmarius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewer checklist

  • Read issue and PR
  • Pulled branch and manually tested
  • Verify that PR resolves issue
  • Reviewed the code

@eliasbruvik eliasbruvik merged commit 96fce70 into equinor:main Jan 9, 2024
4 checks passed
@eliasbruvik eliasbruvik deleted the FIX-2180-credentials branch January 9, 2024 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@janmarius janmarius janmarius approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support shared credentials across multiple servers in Azure keyvault
2 participants
@eliasbruvik @janmarius