summaryrefslogtreecommitdiff
path: root/pkg/authz
AgeCommit message (Collapse)Author
2025-08-14Fix the broken build by running pg as a separate container.mo khan
Improve shell scripts and remove /sparkles/restore endpoint - Add error handling and debugging to shell scripts with `set -e` and `DEBUG` flag - Ensure scripts run from project root with `cd "$(dirname "$0")/.."` - Remove `/sparkles/restore` endpoint from public routes and Envoy config - Add Postgres test container support for integration tests - Update CI configuration with newer Runway version and improved test setup - Simplify Makefile by removing redundant commands ------- :robot: Commit message generated by GitLab Duo
2025-07-25refactor: extract init to load ioc container with dependenciesmo khan
2025-07-24refactor: move function to spice.gomo khan
2025-07-23feat: authorize requests to create sparklesmo khan
2025-07-23refactor: inject permission service into sparkle controllermo khan
2025-07-23refactor: Update RequirePermission middleware to connect to spicedb ↵mo khan
CheckPermission API
2025-07-23refactor: move LoadSchema into authz packagemo khan
2025-07-22feat: connect to spicedbmo khan
2025-07-21chore: provide local check service as the defaultmo khan
2025-07-11refactor: use remote service when it is availablemo khan
2025-07-11feat: add a composite service to provide fallback mechanismsmo khan
2025-07-11test: add test for remote check service clientmo khan
2025-07-11chore: add test for remote check servicemo khan
2025-07-11refactor: rename CheckService to LocalCheckServicemo khan
2025-07-11chore: split the RemoteCheckService from the LocalCheckServicemo khan
2025-07-04feat: perform a remote PDP authz checkmo khan
2025-07-02fix: check if an authzd host is providedmo khan
2025-07-02chore: fix AUTHZD_HOST valuemo khan
2025-06-26feat: connect to the remove authorization daemonmo khan
2025-06-11fix: update authzd to allow access to css js assetsmo khan
2025-05-28test: remove logging from testmo khan
2025-05-28chore: remove logging of sensitive fieldsmo khan
2025-05-28refactor: always provide a user in the request contextmo khan
2025-05-28refactor: parse headers injected by envoymo khan
2025-05-26refactor: remove unused codemo khan
2025-05-24chore: log x-request-id in sparkle and authzdmo khan
2025-05-24refactor: do not make rpc call from authzdmo khan
2025-05-23feat: delegate call to remote rpc if permission is requiredmo khan
2025-05-23feat: delegate to the remote authzd to check if the permission is grantedmo khan
2025-05-23feat: parse the body of the id tokenmo khan
2025-05-23test: extract alias for HTTP Requestmo khan
2025-05-23test: allow authenticated user the ability to create a new sparklemo khan
2025-05-23test: update test to generate a valid id_tokenmo khan
2025-05-23feat: add external authorization service (authzd) with JWT authenticationmo khan
- Add new authzd gRPC service implementing Envoy's external authorization API - Integrate JWT authentication filter in Envoy configuration with claim extraction - Update middleware to support both cookie-based and header-based user authentication - Add comprehensive test coverage for authorization service and server - Configure proper service orchestration with authzd, sparkled, and Envoy - Update build system and Docker configuration for multi-service deployment - Add grpcurl tool for gRPC service debugging and testing This enables fine-grained authorization control through Envoy's ext_authz filter while maintaining backward compatibility with existing cookie-based authentication.
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 01:31:34 +0000