Description

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist

• [ ] I have updated the documentation accordingly.
• [ ] I have read the CONTRIBUTING document.
• [ ] I have added tests to cover my changes if appropriate.
• [ ] All new and existing tests passed.

Description

The provided example commands at the end of examples/python/testapp/init.sh call the tokens mtok and jtok.

This conflicts with the naming convention in examples/python/testapp/README.md.

Motivation and Context

This change renames them TOKEN_M and TOKEN_J to make this more consistent and help avoid confusion.

How Has This Been Tested?

This is a non-breaking change and therefore is untested.

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Describe the bug

Platform: Mac OS

Failures:

  * /Users/sseeeff/workspace/code/go/src/github.com/PaloAltoNetworks/a3s/pkgs/gwutils/gwutils_test.go
  Line 71:
  Expected: 'tls: failed to parse certificate from server: x509: malformed certificate'
  Actual:   'tls: failed to parse certificate from server: asn1: structure error: tags don't match (16 vs {class:1 tag:7 length:97 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} certificate @2'
  (Should be equal)
  goroutine 34 [running]:
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/reporting/reports.go:143 +0x7b
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/reporting/reports.go:103 +0xbc
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/context.go:176 +0x233
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/doc.go:125 +0x71
  go.aporeto.io/a3s/pkgs/gwutils.TestMakeTLSPeerCertificateVerifier.func1.2()
  	/Users/sseeeff/workspace/code/go/src/github.com/PaloAltoNetworks/a3s/pkgs/gwutils/gwutils_test.go:71 +0x25a
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/discovery.go:80 +0x3e
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/context.go:261 +0x232
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/context.go:163 +0xa9
  github.com/jtolds/gls.(*ContextManager).SetValues.func1(0x0)
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/context.go:97 +0x5cb
  github.com/jtolds/gls.EnsureGoroutineId(0xc00033e180)
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/gid.go:19 +0x1b9
  github.com/jtolds/gls.(*ContextManager).SetValues(0xc00019ca80, 0xc00033e120, 0xc00034c000)
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/context.go:63 +0x285
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/context.go:162 +0x359
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/doc.go:77 +0xb1
  go.aporeto.io/a3s/pkgs/gwutils.TestMakeTLSPeerCertificateVerifier.func1()
  	/Users/sseeeff/workspace/code/go/src/github.com/PaloAltoNetworks/a3s/pkgs/gwutils/gwutils_test.go:68 +0x47b
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/discovery.go:80 +0x3e
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/context.go:261 +0x232
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/context.go:110 +0x1d8
  github.com/jtolds/gls.(*ContextManager).SetValues.func1(0x0)
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/context.go:97 +0x5cb
  github.com/jtolds/gls.EnsureGoroutineId.func1()
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/gid.go:24 +0x46
  github.com/jtolds/gls._m(0x0, 0xc0001aa120)
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/stack_tags.go:108 +0x43
  github.com/jtolds/gls.github_com_jtolds_gls_markS(0x0, 0xc0001aa120)
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/stack_tags.go:56 +0x45
  github.com/jtolds/gls.addStackTag(...)
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/stack_tags.go:49
  github.com/jtolds/gls.EnsureGoroutineId(0xc0001992f0)
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/gid.go:24 +0x176
  github.com/jtolds/gls.(*ContextManager).SetValues(0xc00019ca80, 0xc000199290, 0xc0001a0640)
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/jtolds/[email protected]+incompatible/context.go:63 +0x285
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/context.go:105 +0x465
  	/Users/sseeeff/workspace/code/go/pkg/mod/github.com/smartystreets/[email protected]/convey/doc.go:75 +0xe5
  go.aporeto.io/a3s/pkgs/gwutils.TestMakeTLSPeerCertificateVerifier(0xc000182480)
  	/Users/sseeeff/workspace/code/go/src/github.com/PaloAltoNetworks/a3s/pkgs/gwutils/gwutils_test.go:46 +0x105
  testing.tRunner(0xc000182480, 0x1a354c8)
  	/usr/local/go/src/testing/testing.go:1193 +0x203
  created by testing.(*T).Run
  	/usr/local/go/src/testing/testing.go:1238 +0x5d8



15 total assertions

--- FAIL: TestMakeTLSPeerCertificateVerifier (0.02s)

Possible solution

Check error as StartsWith "tls: failed to parse certificate from server: "

Missing deps in make docker:

cd cmd/a3s && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -trimpath
../../../../../../pkg/mod/github.com/prometheus/[email protected]/prometheus/desc.go:22:2: missing go.sum entry for module providing package github.com/cespare/xxhash/v2 (imported by github.com/prometheus/client_golang/prometheus); to add:
	go get github.com/prometheus/client_golang/[email protected]
../../../../../../pkg/mod/github.com/prometheus/[email protected]/prometheus/desc.go:24:2: missing go.sum entry for module providing package github.com/golang/protobuf/proto (imported by github.com/prometheus/client_golang/prometheus); to add:
	go get github.com/prometheus/client_golang/[email protected]
../../../../../../pkg/mod/github.com/prometheus/[email protected]/prometheus/value.go:24:2: missing go.sum entry for module providing package github.com/golang/protobuf/ptypes (imported by github.com/prometheus/client_golang/prometheus); to add:
	go get github.com/prometheus/client_golang/[email protected]
../../../../../../pkg/mod/github.com/prometheus/[email protected]/go/metrics.pb.go:9:2: missing go.sum entry for module providing package github.com/golang/protobuf/ptypes/timestamp (imported by github.com/prometheus/client_model/go); to add:
	go get github.com/prometheus/client_model/[email protected]
../../../../../../pkg/mod/github.com/coreos/go-oidc/[email protected]/oidc/oidc.go:19:2: missing go.sum entry for module providing package golang.org/x/oauth2 (imported by go.aporeto.io/a3s/internal/processors); to add:
	go get go.aporeto.io/a3s/internal/processors
make: *** [a3s_linux] Error 1

Missing deps in make cli:

sseeeff@sseeeff-mbp a3s (master) $ make cli
cd cmd/a3sctl && CGO_ENABLED=0 go install -ldflags="-w -s" -trimpath
../../pkgs/authlib/internal/providers/gcp.go:7:2: missing go.sum entry for module providing package cloud.google.com/go/compute/metadata (imported by go.aporeto.io/a3s/pkgs/authlib/internal/providers); to add:
	go get go.aporeto.io/a3s/pkgs/authlib/internal/providers
../../../../../../pkg/mod/github.com/hokaccha/[email protected]/prettyjson.go:12:2: missing go.sum entry for module providing package github.com/fatih/color (imported by github.com/hokaccha/go-prettyjson); to add:
	go get github.com/hokaccha/[email protected]
../../../../../../pkg/mod/github.com/olekukonko/[email protected]/util.go:15:2: missing go.sum entry for module providing package github.com/mattn/go-runewidth (imported by github.com/olekukonko/tablewriter); to add:
	go get github.com/olekukonko/[email protected]
make: *** [cli] Error 1

It should be possible to declare negative permissions like so

-resource:a1:id

This would allow some sort of blacklist model like

[
   "*:*",
   "-dog:get"
]

Effectively allowing everything but getting dog

Description

When leveraging a3s as an auth source, I noticed that claims coming from backend looked like this:

"claims": [
  "@auth:account=account-837b0b8d-6a14-4cb8-a11d-97a03fafe6c6",
  "@auth:[email protected]",
  "@auth:id=6357a6d0a76fe8b13709d736",
  "@auth:organization=account-837b0b8d-6a14-4cb8-a11d-97a03fafe6c6",
  "@auth:realm=vince",
  "@auth:subject=account-837b0b8d-6a14-4cb8-a11d-97a03fafe6c6"
]

This caused issue with the retrievemany filter for authorizations as there was no issuer provided. To get it to work, the logic is now to populate the issuer if one is found, else skip adding it.

Description

example/python/testapp/README.md was missing a required python dependency. It also assumed your system refers to python and pip 3 binaries as python and pip.

Motivation and Context

This change adds the missing python dependency pyopenssl and adds notes to reflect you may need to use pip3 and python3 to call the required commands.

How Has This Been Tested?

This is a non-breaking change and therefore it is untested

Types of changes

• Bug fix (non-breaking change which fixes an issue)

• New page /request.html for creating claim requesting entries. Each entry can generate a claim request QR which internally contains:

{
  claims: string[]
  issuers: string[]
  message: string
  meta: {
    version: string
  }
}

• In the original login page, a button Scan Request QR is added. It will scan the claim request QR generated by the requester. The requested claim prefixes will be used as the cloak parameter with any auth source to get the token, shown as a QR image.

Describe the bug

It uses a command called tg and generates errors like:

seeeff@seeeff-mbp a3s (master) $ dev/certs-init
dev/certs-init: line 11: tg: command not found
dev/certs-init: line 17: tg: command not found
cat: .data/certificates/ca-intermediate-cert.pem: No such file or directory
cat: .data/certificates/ca-root-cert.pem: No such file or directory
dev/certs-init: line 32: tg: command not found
dev/certs-init: line 44: tg: command not found
dev/certs-init: line 52: tg: command not found
dev/certs-init: line 61: tg: command not found
dev/certs-init: line 65: tg: command not found
seeeff@seeeff-mbp a3s (master) $

• Add select / deselect all for claims selection dialog
• Hide @source:* claims
• Use window.location.origin + window.location.pathname for OIDC redirect URL

This issue was opened by a bot called Community Health (PANW) because this repo has failed too many community health checks.

Repo maintainers: Please take the time to fix the issues in the table to reach the target score. These improvements will help others find your work and contribute to it. This issue will update as your score improves until it hits the target score.

Click More info for instructions to fix each item.

| Health Check | Pass | Score | More Info | | ------------ | ---- | ----- | --------- | | Contains a meaningful README.md file | :white_check_mark: | 20 / 20 | More info | SUPPORT.md file exists | :x: | 0 / 20 | More info | Repo has a description | :white_check_mark: | 15 / 15 | More info | Has a recognized open source license | :white_check_mark: | 15 / 15 | More info | Has a descriptive repo name | :x: | 0 / 15 | More info | Required topics attached to repo | :x: | 0 / 15 | More info | CONTRIBUTING.md file with contribution guidelines | :x: | 0 / 5 | More info | Has custom issue and pull request templates | :x: | 0 / 5 | More info

Current score: 50 Target threshold: 100 Total possible: 110

This issue was opened by a bot called Community Health (PANW) because this repo has failed too many community health checks.

Repo maintainers: Please take the time to fix the issues in the table to reach the target score. These improvements will help others find your work and contribute to it. This issue will update as your score improves until it hits the target score.

Click More info for instructions to fix each item.

| Health Check | Pass | Score | More Info | | ------------ | ---- | ----- | --------- | | Contains a meaningful README.md file | :white_check_mark: | 20 / 20 | More info | SUPPORT.md file exists | :white_check_mark: | 20 / 20 | More info | Repo has a description | :white_check_mark: | 15 / 15 | More info | Has a recognized open source license | :white_check_mark: | 15 / 15 | More info | Has a descriptive repo name | :x: | 0 / 15 | More info | Required topics attached to repo | :x: | 0 / 15 | More info | CONTRIBUTING.md file with contribution guidelines | :white_check_mark: | 5 / 5 | More info | Has custom issue and pull request templates | :x: | 0 / 5 | More info

Current score: 75 Target threshold: 100 Total possible: 110