{"id":20048779,"url":"https://github.com/libopenstorage/openstorage-sdk-auth","last_synced_at":"2025-05-05T10:31:41.204Z","repository":{"id":46504658,"uuid":"151305792","full_name":"libopenstorage/openstorage-sdk-auth","owner":"libopenstorage","description":"Generate tokens to authorize and authenticate accounts with OpenStorage SDK","archived":false,"fork":false,"pushed_at":"2021-10-06T20:46:23.000Z","size":163,"stargazers_count":1,"open_issues_count":1,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-08T21:36:08.537Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/libopenstorage.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-02T18:46:48.000Z","updated_at":"2020-07-30T19:56:32.000Z","dependencies_parsed_at":"2022-09-23T02:22:03.064Z","dependency_job_id":null,"html_url":"https://github.com/libopenstorage/openstorage-sdk-auth","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libopenstorage%2Fopenstorage-sdk-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libopenstorage%2Fopenstorage-sdk-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libopenstorage%2Fopenstorage-sdk-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libopenstorage%2Fopenstorage-sdk-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/libopenstorage","download_url":"https://codeload.github.com/libopenstorage/openstorage-sdk-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252480514,"owners_count":21754785,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T11:46:08.628Z","updated_at":"2025-05-05T10:31:40.440Z","avatar_url":"https://github.com/libopenstorage.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/libopenstorage/openstorage-sdk-auth.svg?branch=master)](https://travis-ci.org/libopenstorage/openstorage-sdk-auth)\n# OpenStorage SDK Auth\n\nThis repo houses the libraries and CLI to create Auth tokens for OpenStorage SDK.\n\nFor more information, please see [OpenStorage SDK](https://libopenstorage.github.io)\n\n## Overview\nThis repo provides the command line program `openstorage-sdk-auth` and Golang package\nlibraries for users and developers to create auth tokens for OpenStorage SDK.\n\n## Installation\n\nA container will be available, but in the meantime you can do the following:\n\n```\ngo install github.com/libopenstorage/openstorage-sdk-auth/cmd/openstorage-sdk-auth\n```\n\n## Usage\n\nTo use, you will need to first decide which key type to use to sign the tokens. Although\nshared secrets are simple, we recommend using RSA256. In the `tools/` directory you will\nfind a simple script to generate private and public PEM files.\n\nYou will then need to create a claims file using the specification highlighted in this\ndocument. Here is an example of a claims file which defines the email, name, and authorization\nof the account:\n\n```yaml\nname: Luis Pabon\nsub: id/luis@portworx.com\nemail: luis@portworx.com\nroles: [\"system.user\"]\ngroups: [\"px-engineering\", \"kubernetes-csi\"]\n```\n\nThe yaml has the following structure:\n* _email_ string: Email of the account accessing the SDK\n* _sub_ string: Unique id of user. Could be the email or a UUID. If this is\n  missing, the program will create an ID for the user based on the name and\n  email.\n* _name_ string: Name of the account accessing the SDK\n* _roles_ string list: Roles of the account. This role must already be defined by the\nOpenStorage SDK server. The server has the following default roles:\n    * system.admin: Access to all APIs\n    * system.view: Access to read only APIs only\n    * system.user: Access to volume lifecycle APIs only\n* _groups_ string list: Groups which the user is part of. Setting the value of `\"*\"` for the\n  group will enable the user of the token to access ALL resources.\n\nYou can then generate a token using `openstorage-sdk-auth`. In the example below, we generate\na token with an expiration time of 30 days. We use the sample unsecure RSA pem files part\nof this repo to sign the token.\n\n```\nopenstorage-sdk-auth \\\n  --auth-config=cmd/openstorage-sdk-auth/sample.yml \\\n  --rsa-private-keyfile=tools/rsa_sample_unsecure_private.pem \\\n  --token-duration=30d \\\n  --output=private.token\n```\n\n### Custom Roles\nThe OpenStorage SDK server allows custom roles. Please see\n[OpenStorageRole](https://libopenstorage.github.io/w/master.generated-api.html#serviceopenstorageapiopenstoragerole)\nfor more information. Once you create a role, you can add it to the token under `roles`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibopenstorage%2Fopenstorage-sdk-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flibopenstorage%2Fopenstorage-sdk-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibopenstorage%2Fopenstorage-sdk-auth/lists"}