Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add mtls authentication for client certificate auth #615

Merged
merged 1 commit into from
Sep 23, 2023
Merged

feat: Add mtls authentication for client certificate auth #615

merged 1 commit into from
Sep 23, 2023

Conversation

markhatch
Copy link
Contributor

@markhatch markhatch commented May 7, 2023
edited
Loading

  • Persist auth type in config file
  • Update jira init to configure mtls
  • Update README with instructions

Discussion: #603

$ jira init
? Installation type: Local
? Authentication type: mtls
? CA Certificate /home/mhatch/.certs/ca_list.pem
? MTLS Client Certificate /home/mhatch/.certs/mhatch.crt
? MTLS Client Key /home/mhatch/.certs/mhatch.key
? Link to Jira server: https://example.com/jira
? Login username: mhatch
? Default project: PROJECT
? Default board: PROJECT - Component work

@markhatch
Copy link
Contributor Author

markhatch commented May 7, 2023
edited
Loading

@ankitpokhrel Here is a first pass at mtls auth. Let me know what you think, can't figure out how to add you as a reviewer.

@markhatch markhatch changed the title Add mtls authentication for client certificate auth feat: Add mtls authentication for client certificate auth May 7, 2023
ankitpokhrel
ankitpokhrel reviewed Jun 4, 2023
View reviewed changes
Copy link
Owner

@ankitpokhrel ankitpokhrel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @markhatch,

Apologies for late response and thank you for working on this!

I added some comments. Most of them are nitpicks. Looks good otherwise! Great Work 🎉

internal/cmd/root/root.go Outdated Show resolved Hide resolved
api/client.go Outdated Show resolved Hide resolved
internal/config/generator.go Show resolved Hide resolved
pkg/jira/client.go Show resolved Hide resolved
internal/config/generator.go Show resolved Hide resolved
@markhatch
Copy link
Contributor Author

Think I've resolved most of the comments, let me know if it looks good!
Rebased to clean up the commits.

ankitpokhrel
ankitpokhrel reviewed Jul 16, 2023
View reviewed changes
Copy link
Owner

@ankitpokhrel ankitpokhrel left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @markhatch, apologies again for the late response.

This looks good overall, just added few comments. I will try to get this merged for the next release.

Thank you for working on this!

internal/config/generator.go
qs := &survey.Select{
Message: "Authentication type:",
Help: "basic (login) or mtls (client certs)?",
Options: []string{"basic", "mtls"},
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should here be bearer as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe that bearer is only used in for InstallationType cloud

pkg/jira/client.go Show resolved Hide resolved
ankitpokhrel
ankitpokhrel reviewed Jul 16, 2023
View reviewed changes
pkg/jira/client.go
@@ -226,7 +263,7 @@ func (c *Client) request(ctx context.Context, method, endpoint string, body []by

if c.authType == AuthTypeBearer {
req.Header.Add("Authorization", "Bearer "+c.token)
} else {
} else if c.authType == AuthTypeBasic {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current default auth type is basic (if nothing is set in config/env). Looks like this might break that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry been a while - but I believe this change was made so that the login/token are provided only if authType is AuthTypeBasic.

If authType is Bearer you add the authorization header.
If authType is Basic you add the login/token
If authType is mtls, you don't need to modify the request.

I don't believe the default auth type has changed, and will depend on how the user configured authType.

@markhatch
* Add mtls authentication for client certificate auth
9829124 
* Persist auth type in config file
* Update `jira init` to configure `mtls`
* Update README with instructions
ankitpokhrel
ankitpokhrel approved these changes Sep 23, 2023
View reviewed changes
Copy link
Owner

@ankitpokhrel ankitpokhrel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't able to test this fully but looks good overall. Thank you @markhatch

@ankitpokhrel ankitpokhrel merged commit 86bdded into ankitpokhrel:main Sep 23, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ankitpokhrel ankitpokhrel ankitpokhrel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markhatch @ankitpokhrel