Comments (8)
bricksii
commented on July 28, 2024
1
Hello all, I realize I'm necroing an old thread—would it be more appropriate to start another issue regarding expanding Upvote's ValidateClient() stub to more readily implement mTLS or would continuing this thread be preferred?
We want to generally recommend to our admins that they use client authentication with mTLS when using Santa/Upvote, but the need to implement a validation function makes that out of reach for many. It's unclear to me if the GAE project type remains a hurdle still, but properly directing any interest that might exist to do this work seems wise.
Thanks!
from upvote_py2.
thehesiod
commented on July 28, 2024
btw I'm going forward with a variation of http signatures: https://tools.ietf.org/html/draft-cavage-http-signatures-10, much like AWS API Auth
from upvote_py2.
thehesiod
commented on July 28, 2024
btw, from what I read client auth may be possible if this project moves to be a "flexible" GAE project
from upvote_py2.
msuozzo
commented on July 28, 2024
Sounds good! How are you planning on attaching the header to the client requests? Client-side proxy?
And yes mTLS is a possibility with flex but the migration is non-trivial (I believe datastore and memcache interfaces change substantially).
from upvote_py2.
thehesiod
commented on July 28, 2024
we're planning on modifying the santa binary since we want to change the branding anyways so users aren't presented with "santa" popups, and rather some form of corporate security :) That's an interesting idea though of the proxy, thanks!
I'll post a link here later with our changes to santa. I already have most of the changes done, unfortunately I've been battling the calendar API for a LONG time due to a variety of issues. If you happen to have any contacts with the calendar API team it would be appreciated!
from upvote_py2.
russellhancox
commented on July 28, 2024
nitpick: that would be Santa binaries, the pop-ups come from Santa.app, syncing is done by santactl.
Also, Santa has configuration options so you can customize some of the messaging. We had plans to make the entire UI customizable but the engineering effort involved coupled with the way the resulting UI worked (decidedly non-native and with subpar accessibility) resulted in us abandoning those plans.
from upvote_py2.
thehesiod
commented on July 28, 2024
yes ty! So changing santa app for UI and santactl for auth. We wanted to mostly change the titles of the dialogs. I'd imagine most of it could be done with some form of custom resource (its been awhile since I've done native OS-X, will report back).
from upvote_py2.
thehesiod
commented on July 28, 2024
ok I have initial code done:
santactl: farmersbusinessnetwork/santa@c13198e
upvote: farmersbusinessnetwork@1f90eeb
right now it's geared towards our company, however it can be generalized.
We'll test in our org it as soon as we get our kext cert approved by Apple. For now via debugger seems to work ok with our prod upvote server.
from upvote_py2.
Related Issues (20)
- bazel issue when deploying to app engine HOT 4
- unexpected keyword 'overwrite_appengine_config' error while deploying the app to app engine HOT 5
- missing package.json HOT 3
- Unable to deploy single service with latest release HOT 2
- transient errors HOT 7
- clean full sync error HOT 1
- UI: searching by host ID broken HOT 4
- logupload endpoint missing HOT 9
- bazel issue when trying to deploy to app engine HOT 9
- Error running bezel with the init script HOT 8
- Error Running init_project.sh HOT 1
- DeadlineExceededError
- Error in npm
- init script deploy error HOT 3
- no such package '@com_google_javascript_closure_compiler//'
- Is this project still alive? HOT 1
- change 'whitelist' to 'allowlist' HOT 5
- Transitive / Compiler Rule Support HOT 1
- 500 server error from /_ah/queue/deferred? HOT 1
- Actively Maintained or Abandoned? HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from upvote_py2.