diff --git a/LICENSE b/LICENSE index 22314c79..790f298e 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2019 RRZE, University Erlangen-Nuremberg +Copyright (c) 2022 NHR@FAU, University Erlangen-Nuremberg Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/cmd/cc-backend/main.go b/cmd/cc-backend/main.go index 66267aec..19c9830f 100644 --- a/cmd/cc-backend/main.go +++ b/cmd/cc-backend/main.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package main import ( diff --git a/cmd/gen-keypair/gen-keypair.go b/cmd/gen-keypair/gen-keypair.go index 905817d5..f8c66feb 100644 --- a/cmd/gen-keypair/gen-keypair.go +++ b/cmd/gen-keypair/gen-keypair.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package main import ( diff --git a/docs/JWT-Handling.md b/docs/JWT-Handling.md new file mode 100644 index 00000000..bdb63674 --- /dev/null +++ b/docs/JWT-Handling.md @@ -0,0 +1,46 @@ +## Introduction + +ClusterCockpit uses JSON Web Tokens (JWT) for authorization of its APIs. +JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. +This information can be verified and trusted because it is digitally signed. +In ClusterCockpit JWTs are signed using a public/private key pair using ECDSA. +Because tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it. +Currently JWT tokens in ClusterCockpit not yet expire. + +## JWT Payload + +You may view the payload of a JWT token at [https://jwt.io/#debugger-io](https://jwt.io/#debugger-io). +Currently ClusterCockpit sets the following claims: +* `iat`: Issued at claim. The “iat” claim is used to identify the the time at which the JWT was issued. This claim can be used to determine the age of the JWT. +* `sub`: Subject claim. Identifies the subject of the JWT, in our case this is the username. +* `roles`: An array of strings specifying the roles set for the subject. + +## Workflow + +1. Create a new ECDSA Public/private keypair: +``` +$ go build ./tools/gen-keypair.go +$ ./gen-keypair +``` +2. Add keypair in your `.env` file. A template can be found in `./configs`. + +There are two usage scenarios: +* The APIs are used during a browser session. In this case on login a JWT token is issued on login, that is used by the web frontend to authorize against the GraphQL and REST APIs. +* The REST API is used outside a browser session, e.g. by scripts. In this case you have to issue a token manually. This possible from within the configuration view or on the command line. It is recommended to issue a JWT token in this case for a special user that only has the `api` role. By using different users for different purposes a fine grained access control and access revocation management is possible. + +The token is commonly specified in the Authorization HTTP header using the Bearer schema. + +## Setup user and JWT token for REST API authorization + +1. Create user: +``` +$ ./cc-backend --add-user :api: --no-server +``` +2. Issue token for user: +``` +$ ./cc-backend -jwt -no-server +``` +3. Use issued token token on client side: +``` +$ curl -X GET "" -H "accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer " +``` diff --git a/docs/Job-Archive.md b/docs/Job-Archive.md new file mode 100644 index 00000000..e69de29b diff --git a/internal/api/rest.go b/internal/api/rest.go index 342d8b8b..801cbc35 100644 --- a/internal/api/rest.go +++ b/internal/api/rest.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package api import ( diff --git a/internal/auth/auth.go b/internal/auth/auth.go index a18cd82c..3f2c3597 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package auth import ( diff --git a/internal/auth/jwt.go b/internal/auth/jwt.go index eff91539..03c2eb38 100644 --- a/internal/auth/jwt.go +++ b/internal/auth/jwt.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package auth import ( diff --git a/internal/auth/ldap.go b/internal/auth/ldap.go index b3976fd7..3dc11ce6 100644 --- a/internal/auth/ldap.go +++ b/internal/auth/ldap.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package auth import ( diff --git a/internal/auth/local.go b/internal/auth/local.go index 280b394f..1ebe7f65 100644 --- a/internal/auth/local.go +++ b/internal/auth/local.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package auth import ( diff --git a/internal/auth/users.go b/internal/auth/users.go index 611b0516..63f18c28 100644 --- a/internal/auth/users.go +++ b/internal/auth/users.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package auth import ( diff --git a/internal/config/config.go b/internal/config/config.go index 19d2ec62..629fedd7 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package config import ( diff --git a/internal/config/nodelist.go b/internal/config/nodelist.go index 715f55a2..762edc3c 100644 --- a/internal/config/nodelist.go +++ b/internal/config/nodelist.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package config import ( diff --git a/internal/config/nodelist_test.go b/internal/config/nodelist_test.go index b1f4a6f5..f6bfacee 100644 --- a/internal/config/nodelist_test.go +++ b/internal/config/nodelist_test.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package config import ( diff --git a/internal/graph/model/models.go b/internal/graph/model/models.go index 40eabc10..0e3e7116 100644 --- a/internal/graph/model/models.go +++ b/internal/graph/model/models.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package model import ( diff --git a/internal/graph/schema.resolvers.go b/internal/graph/schema.resolvers.go index d8e94b99..7fe30aa8 100644 --- a/internal/graph/schema.resolvers.go +++ b/internal/graph/schema.resolvers.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package graph // This file will be automatically regenerated based on the schema, any resolver implementations diff --git a/internal/graph/stats.go b/internal/graph/stats.go index c3d90c91..81b8894b 100644 --- a/internal/graph/stats.go +++ b/internal/graph/stats.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package graph import ( diff --git a/internal/metricdata/archive.go b/internal/metricdata/archive.go index 80b5298d..fcc2e675 100644 --- a/internal/metricdata/archive.go +++ b/internal/metricdata/archive.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package metricdata import ( diff --git a/internal/metricdata/cc-metric-store.go b/internal/metricdata/cc-metric-store.go index c8607ecc..c9dec8d8 100644 --- a/internal/metricdata/cc-metric-store.go +++ b/internal/metricdata/cc-metric-store.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package metricdata import ( diff --git a/internal/metricdata/influxdb-v2.go b/internal/metricdata/influxdb-v2.go index 6a47bbd6..28bb504a 100644 --- a/internal/metricdata/influxdb-v2.go +++ b/internal/metricdata/influxdb-v2.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package metricdata import ( diff --git a/internal/metricdata/metricdata.go b/internal/metricdata/metricdata.go index d23015f1..8d77f991 100644 --- a/internal/metricdata/metricdata.go +++ b/internal/metricdata/metricdata.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package metricdata import ( diff --git a/internal/metricdata/utils.go b/internal/metricdata/utils.go index a6c550b1..6961c33e 100644 --- a/internal/metricdata/utils.go +++ b/internal/metricdata/utils.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package metricdata import ( diff --git a/internal/repository/dbConnection.go b/internal/repository/dbConnection.go index 92ed703f..d1759f0f 100644 --- a/internal/repository/dbConnection.go +++ b/internal/repository/dbConnection.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package repository import ( diff --git a/internal/repository/import.go b/internal/repository/import.go index 69a5c4f4..54b275ab 100644 --- a/internal/repository/import.go +++ b/internal/repository/import.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package repository import ( diff --git a/internal/repository/init.go b/internal/repository/init.go index a6b84a4e..05d251d2 100644 --- a/internal/repository/init.go +++ b/internal/repository/init.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package repository import ( diff --git a/internal/repository/job.go b/internal/repository/job.go index fd75e37a..6417efd1 100644 --- a/internal/repository/job.go +++ b/internal/repository/job.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package repository import ( diff --git a/internal/repository/job_test.go b/internal/repository/job_test.go index 3f82d6b1..a1aa18c1 100644 --- a/internal/repository/job_test.go +++ b/internal/repository/job_test.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package repository import ( diff --git a/internal/repository/query.go b/internal/repository/query.go index ae5b60b9..beed7bc4 100644 --- a/internal/repository/query.go +++ b/internal/repository/query.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package repository import ( diff --git a/internal/repository/tags.go b/internal/repository/tags.go index 411a5fc1..8b0aacbf 100644 --- a/internal/repository/tags.go +++ b/internal/repository/tags.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package repository import ( diff --git a/internal/routerConfig/routes.go b/internal/routerConfig/routes.go index daba892d..ad3a103e 100644 --- a/internal/routerConfig/routes.go +++ b/internal/routerConfig/routes.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package routerConfig import ( diff --git a/internal/runtimeEnv/setup.go b/internal/runtimeEnv/setup.go index aa6aef3a..e0e5543a 100644 --- a/internal/runtimeEnv/setup.go +++ b/internal/runtimeEnv/setup.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package runtimeEnv import ( diff --git a/pkg/log/log.go b/pkg/log/log.go index b8a1c8c3..0fb8bf7b 100644 --- a/pkg/log/log.go +++ b/pkg/log/log.go @@ -1,8 +1,7 @@ -// Provides a simple way of logging with different levels. -// Time/Data are not logged on purpose because systemd adds -// them for us. -// -// Uses these prefixes: https://www.freedesktop.org/software/systemd/man/sd-daemon.html +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package log import ( @@ -12,6 +11,12 @@ import ( "os" ) +// Provides a simple way of logging with different levels. +// Time/Data are not logged on purpose because systemd adds +// them for us. +// +// Uses these prefixes: https://www.freedesktop.org/software/systemd/man/sd-daemon.html + var ( DebugWriter io.Writer = os.Stderr InfoWriter io.Writer = os.Stderr diff --git a/pkg/schema/float.go b/pkg/schema/float.go index a24a98b5..df084fa6 100644 --- a/pkg/schema/float.go +++ b/pkg/schema/float.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package schema import ( diff --git a/pkg/schema/job.go b/pkg/schema/job.go index e807cdbe..ccb01616 100644 --- a/pkg/schema/job.go +++ b/pkg/schema/job.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package schema import ( diff --git a/pkg/schema/metrics.go b/pkg/schema/metrics.go index 8a848ab2..171901cb 100644 --- a/pkg/schema/metrics.go +++ b/pkg/schema/metrics.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package schema import ( diff --git a/web/web.go b/web/web.go index c1542dca..9d0ea6d9 100644 --- a/web/web.go +++ b/web/web.go @@ -1,3 +1,7 @@ +// Copyright (C) 2022 NHR@FAU, University Erlangen-Nuremberg. +// All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. package web import (