gsc-ops-api

GoSec_Cloud/gsc-ops-api

Fork 0

Commit Graph

Author	SHA1	Message	Date
Claude (gsc-ops-api init)	90f98671fc	feat(ldap): perform user/group writes via the FreeIPA API Raw LDAP adds/modifies bypassed FreeIPA's framework, so group/user creates failed with Object Class Violation (no gidNumber/uidNumber/ipaUniqueID) and deletes/mods needed ACIs the bind account couldn't exercise as a plain LDAP write. Route all MUTATIONS through the FreeIPA JSON-RPC API instead; reads stay on direct LDAP. - internal/client/freeipa.go: new JSON-RPC client (form login_password → ipa_session cookie, re-auth on 401, multi-server failover, TLS via the configured CA). Derives the API host + login uid from the LDAP config. - internal/service/ldap.go: CreateGroup/UpdateGroup/DeleteGroup/AddGroupMembers/ RemoveGroupMember → group_add/_mod/_del/_add_member/_remove_member; CreateUser/UpdateUser/DisableUser/ResetPassword → user_add/_mod/_disable (+_enable)/passwd. Services map → addattr(objectclass)/setattr. Writes error cleanly when the IPA client is unconfigured. - cmd/server/main.go: build the FreeIPA client from the LDAP config and inject it into the LDAP service. Verified live: group create (IPA-assigned gidNumber), get, add/remove member, delete all succeed; reads unchanged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-01 14:05:19 +02:00
Claude (gsc-ops-api init)	9fd11afa00	feat: dynamic, scoped API keys (+ restore cmd/server entrypoint) Validate X-API-Key against a DB-backed, self-managed key store in addition to the static Infisical keys, so new consumers (e.g. gsc_admin) no longer require a rebuild. Keys carry scopes (e.g. {ldap:read}); the required scope is derived per-request from path + method and enforced by ScopeEnforce. Static Infisical keys keep an implicit wildcard scope (no regression). - service/apikey.go: DB store (admin.api_keys, SHA-256 hashes only), 30s validation cache, generate/list/revoke. EnsureSchema is existence-first (to_regclass) so a least-privilege DB role starts cleanly when the table is provisioned out-of-band; startup is non-fatal if the store is absent. - handler/apikeys.go + routes: POST/GET/DELETE /api/v1/admin/api-keys. - middleware/apikey.go: APIKeyWithValidator + Principal + ScopeEnforce. - pkg/types/scopes.go: scope vocabulary + matching. - migrations/002_api_keys.sql. Also restore cmd/server/main.go, which the `.gitignore` `server` pattern was silently excluding (it matched cmd/server/); anchored that pattern and `gsc-ops-api` to the repo root so only the built binaries are ignored. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-01 11:13:33 +02:00

Author

SHA1

Message

Date

Claude (gsc-ops-api init)

90f98671fc

feat(ldap): perform user/group writes via the FreeIPA API

Raw LDAP adds/modifies bypassed FreeIPA's framework, so group/user creates
failed with Object Class Violation (no gidNumber/uidNumber/ipaUniqueID) and
deletes/mods needed ACIs the bind account couldn't exercise as a plain LDAP
write. Route all MUTATIONS through the FreeIPA JSON-RPC API instead; reads
stay on direct LDAP.

- internal/client/freeipa.go: new JSON-RPC client (form login_password →
  ipa_session cookie, re-auth on 401, multi-server failover, TLS via the
  configured CA). Derives the API host + login uid from the LDAP config.
- internal/service/ldap.go: CreateGroup/UpdateGroup/DeleteGroup/AddGroupMembers/
  RemoveGroupMember → group_add/_mod/_del/_add_member/_remove_member;
  CreateUser/UpdateUser/DisableUser/ResetPassword → user_add/_mod/_disable
  (+_enable)/passwd. Services map → addattr(objectclass)/setattr. Writes error
  cleanly when the IPA client is unconfigured.
- cmd/server/main.go: build the FreeIPA client from the LDAP config and inject
  it into the LDAP service.

Verified live: group create (IPA-assigned gidNumber), get, add/remove member,
delete all succeed; reads unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-01 14:05:19 +02:00

Claude (gsc-ops-api init)

9fd11afa00

feat: dynamic, scoped API keys (+ restore cmd/server entrypoint)

Validate X-API-Key against a DB-backed, self-managed key store in addition
to the static Infisical keys, so new consumers (e.g. gsc_admin) no longer
require a rebuild. Keys carry scopes (e.g. {ldap:read}); the required scope
is derived per-request from path + method and enforced by ScopeEnforce.
Static Infisical keys keep an implicit wildcard scope (no regression).

- service/apikey.go: DB store (admin.api_keys, SHA-256 hashes only), 30s
  validation cache, generate/list/revoke. EnsureSchema is existence-first
  (to_regclass) so a least-privilege DB role starts cleanly when the table
  is provisioned out-of-band; startup is non-fatal if the store is absent.
- handler/apikeys.go + routes: POST/GET/DELETE /api/v1/admin/api-keys.
- middleware/apikey.go: APIKeyWithValidator + Principal + ScopeEnforce.
- pkg/types/scopes.go: scope vocabulary + matching.
- migrations/002_api_keys.sql.

Also restore cmd/server/main.go, which the `.gitignore` `server` pattern
was silently excluding (it matched cmd/server/); anchored that pattern and
`gsc-ops-api` to the repo root so only the built binaries are ignored.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-01 11:13:33 +02:00

2 Commits