From 61c45e176504ee3ea3a5ae9036dd73be8b68d416 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Mon, 23 Sep 2024 14:54:22 +0200 Subject: [PATCH 1/7] add kerberos authentication provider --- .../src/commons/authentication/kerberos.rs | 12 ++++++++++++ .../src/commons/authentication/mod.rs | 13 ++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 crates/stackable-operator/src/commons/authentication/kerberos.rs diff --git a/crates/stackable-operator/src/commons/authentication/kerberos.rs b/crates/stackable-operator/src/commons/authentication/kerberos.rs new file mode 100644 index 000000000..412a9e8be --- /dev/null +++ b/crates/stackable-operator/src/commons/authentication/kerberos.rs @@ -0,0 +1,12 @@ +use schemars::JsonSchema; +use serde::{Deserialize, Serialize}; + +#[derive( + Clone, Debug, Deserialize, Eq, Hash, JsonSchema, Ord, PartialEq, PartialOrd, Serialize, +)] +#[serde(rename_all = "camelCase")] +pub struct AuthenticationProvider { + /// Mandatory secret class used for producing keytabs. + #[serde(default)] + pub kerberos_secret_class: String, +} diff --git a/crates/stackable-operator/src/commons/authentication/mod.rs b/crates/stackable-operator/src/commons/authentication/mod.rs index b5356b512..581e70613 100644 --- a/crates/stackable-operator/src/commons/authentication/mod.rs +++ b/crates/stackable-operator/src/commons/authentication/mod.rs @@ -6,6 +6,7 @@ use strum::Display; use crate::client::Client; +pub mod kerberos; pub mod ldap; pub mod oidc; pub mod static_; @@ -77,6 +78,9 @@ pub enum AuthenticationClassProvider { /// The [TLS provider](DOCS_BASE_URL_PLACEHOLDER/concepts/authentication#_tls). /// The TLS AuthenticationClass is used when users should authenticate themselves with a TLS certificate. Tls(tls::AuthenticationProvider), + + /// The Kerberos provider is used for Kerberos authentication and defines the secret used for generating keytabs. + Kerberos(kerberos::AuthenticationProvider), } impl AuthenticationClass { @@ -183,6 +187,13 @@ mod tests { let tls_provider = AuthenticationClassProvider::Tls(AuthenticationProvider { client_cert_secret_class: None, }); - assert_eq!("Tls", tls_provider.to_string()) + assert_eq!("Tls", tls_provider.to_string()); + + let kerberos_provider = AuthenticationClassProvider::Kerberos( + crate::commons::authentication::kerberos::AuthenticationProvider { + kerberos_secret_class: "kerberos".to_string(), + }, + ); + assert_eq!("Kerberos", kerberos_provider.to_string()); } } From 58f23cce22dbaa42677599b52d9fbb7691117ca2 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 27 Sep 2024 11:08:48 +0200 Subject: [PATCH 2/7] changelog --- crates/stackable-operator/CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crates/stackable-operator/CHANGELOG.md b/crates/stackable-operator/CHANGELOG.md index 6d7ebe9f4..df10d7e03 100644 --- a/crates/stackable-operator/CHANGELOG.md +++ b/crates/stackable-operator/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Added + +- Add Kerberos AuthenticationProvider ([#880]). + +[#880]: https://github.com/stackabletech/operator-rs/pull/880 + ## [0.77.1] - 2024-09-27 ### Fixed From f0c5fad47f173c3306fd7c2c517d63d5fb003eb1 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy <1712947+adwk67@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:36:07 +0200 Subject: [PATCH 3/7] Update crates/stackable-operator/src/commons/authentication/kerberos.rs Co-authored-by: Sebastian Bernauer --- .../stackable-operator/src/commons/authentication/kerberos.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/stackable-operator/src/commons/authentication/kerberos.rs b/crates/stackable-operator/src/commons/authentication/kerberos.rs index 412a9e8be..fd78eef7b 100644 --- a/crates/stackable-operator/src/commons/authentication/kerberos.rs +++ b/crates/stackable-operator/src/commons/authentication/kerberos.rs @@ -6,7 +6,7 @@ use serde::{Deserialize, Serialize}; )] #[serde(rename_all = "camelCase")] pub struct AuthenticationProvider { - /// Mandatory secret class used for producing keytabs. + /// Mandatory SecretClass used to obtain keytabs. #[serde(default)] pub kerberos_secret_class: String, } From 6b3abf96ac6433f4a0356f5414129b3647a690b0 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy <1712947+adwk67@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:36:32 +0200 Subject: [PATCH 4/7] Update crates/stackable-operator/src/commons/authentication/mod.rs Co-authored-by: Sebastian Bernauer --- crates/stackable-operator/src/commons/authentication/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/stackable-operator/src/commons/authentication/mod.rs b/crates/stackable-operator/src/commons/authentication/mod.rs index 581e70613..2ed33f656 100644 --- a/crates/stackable-operator/src/commons/authentication/mod.rs +++ b/crates/stackable-operator/src/commons/authentication/mod.rs @@ -79,7 +79,7 @@ pub enum AuthenticationClassProvider { /// The TLS AuthenticationClass is used when users should authenticate themselves with a TLS certificate. Tls(tls::AuthenticationProvider), - /// The Kerberos provider is used for Kerberos authentication and defines the secret used for generating keytabs. + /// The Kerberos AuthenticationClass is used when users should authenticate themselves via Kerberos. Kerberos(kerberos::AuthenticationProvider), } From 5c1ba677942d57223d001d26af1faef487bb72b5 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 27 Sep 2024 11:40:01 +0200 Subject: [PATCH 5/7] formatting --- crates/stackable-operator/src/commons/authentication/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/stackable-operator/src/commons/authentication/mod.rs b/crates/stackable-operator/src/commons/authentication/mod.rs index 2ed33f656..987bcd7db 100644 --- a/crates/stackable-operator/src/commons/authentication/mod.rs +++ b/crates/stackable-operator/src/commons/authentication/mod.rs @@ -79,7 +79,7 @@ pub enum AuthenticationClassProvider { /// The TLS AuthenticationClass is used when users should authenticate themselves with a TLS certificate. Tls(tls::AuthenticationProvider), - /// The Kerberos AuthenticationClass is used when users should authenticate themselves via Kerberos. + /// The Kerberos AuthenticationClass is used when users should authenticate themselves via Kerberos. Kerberos(kerberos::AuthenticationProvider), } From 03cd3f2f472bc98e3b7e1e7a7f11a0039d0265b5 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 27 Sep 2024 12:20:53 +0200 Subject: [PATCH 6/7] added docs link --- crates/stackable-operator/src/commons/authentication/mod.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/crates/stackable-operator/src/commons/authentication/mod.rs b/crates/stackable-operator/src/commons/authentication/mod.rs index 987bcd7db..bf5563b92 100644 --- a/crates/stackable-operator/src/commons/authentication/mod.rs +++ b/crates/stackable-operator/src/commons/authentication/mod.rs @@ -79,6 +79,7 @@ pub enum AuthenticationClassProvider { /// The TLS AuthenticationClass is used when users should authenticate themselves with a TLS certificate. Tls(tls::AuthenticationProvider), + /// The [Kerberos provider](DOCS_BASE_URL_PLACEHOLDER/concepts/authentication#_kerberos). /// The Kerberos AuthenticationClass is used when users should authenticate themselves via Kerberos. Kerberos(kerberos::AuthenticationProvider), } From 2e9f994da34c541a58496e00c68388e1afe1aa71 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy <1712947+adwk67@users.noreply.github.com> Date: Mon, 30 Sep 2024 09:16:41 +0200 Subject: [PATCH 7/7] Update crates/stackable-operator/src/commons/authentication/kerberos.rs Co-authored-by: Sebastian Bernauer --- crates/stackable-operator/src/commons/authentication/kerberos.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/crates/stackable-operator/src/commons/authentication/kerberos.rs b/crates/stackable-operator/src/commons/authentication/kerberos.rs index fd78eef7b..5b4ffe893 100644 --- a/crates/stackable-operator/src/commons/authentication/kerberos.rs +++ b/crates/stackable-operator/src/commons/authentication/kerberos.rs @@ -7,6 +7,5 @@ use serde::{Deserialize, Serialize}; #[serde(rename_all = "camelCase")] pub struct AuthenticationProvider { /// Mandatory SecretClass used to obtain keytabs. - #[serde(default)] pub kerberos_secret_class: String, }