[FEATURE] Add support for X509v3 extensions for authentication #5701
Conversation
Signed-off-by: Lamine Idjeraoui <[email protected]>
laminelam
requested review from
DarshitChanpura,
RyanL1997,
cwperks,
derek-ho,
nibix,
peternied,
reta,
shikharj05 and
willyborankin
as code owners
|
@laminelam FYI I synced your feature branch with main since there was a breaking change fix that needed to be merged tof fix the failing tests: #5698 |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #5701 +/- ##
==========================================
- Coverage 72.94% 72.91% -0.03%
==========================================
Files 420 420
Lines 26269 26351 +82
Branches 3974 3987 +13
==========================================
+ Hits 19162 19215 +53
- Misses 5187 5201 +14
- Partials 1920 1935 +15
🚀 New features to boost your workflow:
|
| return new AuthCredentials(username, roles).markComplete(); | ||
| } catch (InvalidNameException e) { | ||
| log.error("Client cert had no properly formed DN"); | ||
| log.debug("Client cert had no properly formed DN (was: {})", principal); |
There was a problem hiding this comment.
nit: this would be repetitive with logs at debug level. Considering only logging the DN with this log line. i.e. log.debug("DN (was: {})", principal);
There was a problem hiding this comment.
Thank you for this PR @laminelam ! The changes lgtm. I just had one minor comment. Please make sure to raise a PR to the documentation-website repo to document how the username and role attribute can be configured for client cert auth.
2 participants
Resolves #5643 & #4209
Testing
[Please provide details of testing done: unit testing, integration testing and manual testing]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.