Add AWS remote auth login (#7578)

treeverse · Apr 10, 2024 · 1e6647b · 1e6647b
1 parent 99a60cd
commit 1e6647b
Show file tree

Hide file tree

Showing 83 changed files with 4,358 additions and 61 deletions.
diff --git a/api/authentication.yml b/api/authentication.yml
@@ -72,12 +72,24 @@ components:
         type: string
 
   responses:
+    BadRequest:
+      description: Bad Request
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/Error"
     Unauthorized:
       description: Unauthorized
       content:
         application/json:
           schema:
             $ref: "#/components/schemas/Error"
+    Forbidden:
+      description: Forbidden
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/Error"
     ServerError:
       description: Internal Server Error
       content:
@@ -280,6 +292,9 @@ components:
         external_user_identifier:
           type: string
           description: external_user_identifier is the user DN in LDAP set if user exists with that username and has this password.
+    IdentityRequest:
+      type: object
+
     StsAuthRequest:
       type: object
       required:
@@ -303,6 +318,15 @@ components:
           additionalProperties:
             type: string
           description: the claims of the token returned from the provider
+
+    ExternalPrincipal:
+      type: object
+      required:
+        - id
+      properties:
+        id:
+          type: string
+
 paths:
   /ldap/login:
     post:
@@ -328,6 +352,40 @@ paths:
           $ref: "#/components/responses/Unauthorized"
         default:
           $ref: "#/components/responses/ServerError"
+
+  /auth/external/principal/login:
+    post:
+      tags:
+        - auth
+        - external
+      operationId: externalPrincipalLogin
+      summary: perform a login using an external authenticator
+      security: [ ]
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/IdentityRequest"
+      responses:
+        200:
+          description: successful external login
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ExternalPrincipal"
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthorized"
+        403:
+            $ref: "#/components/responses/Forbidden"
+        404:
+          $ref: "#/components/responses/NotFound"
+        420:
+          description: too many requests
+        default:
+          $ref: "#/components/responses/ServerError"
+
   /sts/login:
     post:
       tags:

diff --git a/api/swagger.yml b/api/swagger.yml
@@ -38,6 +38,7 @@ components:
       type: apiKey
       in: cookie
       name: saml_auth_session
+
   parameters:
     PaginationPrefix:
       in: query
@@ -1049,6 +1050,17 @@ components:
           type: string
         secret_access_key:
           type: string
+
+    ExternalLoginInformation:
+      type: object
+      required:
+        - identityRequest
+      properties:
+        token_expiration_duration:
+          type: integer
+        identityRequest:
+          type: object
+
     StsAuthRequest:
       type: object
       required:
@@ -1066,8 +1078,8 @@ components:
           type: integer
           format: int64
           description: |
-            The time-to-live for the generated token in seconds.  The maximum
-            value is 3600 seconds (1 hour) max is 12 hours.
+            The time-to-live for the generated token in seconds.  The default
+            value is 3600 seconds (1 hour) maximum time allowed is 12 hours.
     AuthenticationToken:
       type: object
       required:
@@ -1820,6 +1832,41 @@ paths:
           description: too many requests
         default:
           $ref: "#/components/responses/ServerError"
+
+  /auth/external/principal/login:
+    post:
+      tags:
+        - external
+        - experimental
+        - auth
+      operationId: externalPrincipalLogin
+      summary: perform a login using an external authenticator
+      security: []
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/ExternalLoginInformation"
+      responses:
+        200:
+          description: successful external login
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/AuthenticationToken"
+        400:
+          $ref: "#/components/responses/BadRequest"
+        401:
+          $ref: "#/components/responses/Unauthorized"
+        403:
+          $ref: "#/components/responses/Forbidden"
+        404:
+          $ref: "#/components/responses/NotFound"
+        420:
+          description: too many requests
+        default:
+          $ref: "#/components/responses/ServerError"
+
   /sts/login:
     post:
       tags:
@@ -1842,10 +1889,11 @@ paths:
                 $ref: "#/components/schemas/AuthenticationToken"
         401:
           $ref: "#/components/responses/Unauthorized"
+        420:
+          description: too many requests
         default:
           $ref: "#/components/responses/ServerError"
 
-
   /auth/capabilities:
     get:
       tags:

diff --git a/clients/java-legacy/.openapi-generator/FILES b/clients/java-legacy/.openapi-generator/FILES
diff --git a/clients/java-legacy/README.md b/clients/java-legacy/README.md
diff --git a/clients/java-legacy/api/openapi.yaml b/clients/java-legacy/api/openapi.yaml