๐Ÿ‘จโ€๐Ÿ’ป Lock It Down

Your Red Hat Developer Hub looks great…​ However, it is not a secure place to work. Security is important in any adventure, so it is time to secure our instance with real users and authorization policies to avoid security issues in the future. What do you want to conquer?

  • Authentication with GitHub

  • Authentication with GitLab

  • (You won’t break it) Enable authorization for your new users (RBAC)

This challenge focuses on adding essential authentication and authorization capabilities to your Red Hat Developer Hub deployment. By securing it with robust access control mechanisms, you’ll not only protect your users but also establish a foundation for maintaining trust and mitigating future security risks.

The challenge will be considered successful when:

  • The application is integrated with an external identity provider and successfully authenticates users from that provider.

  • Authorization policies are implemented, and different users have distinct access levels. For example, one user may be allowed to perform an action, while another is restricted.

By completing this challenge, you’ll enhance the security posture of Red Hat Developer Hub, gaining hands-on experience with integrating authentication and authorization mechanisms. These skills are essential for developing secure, user-friendly applications in today’s interconnected world.

Let’s lock it down and secure your Red Hat Developer Hub! ๐Ÿ”’

This challenge requires the successful completion of the previous challenge.

๐Ÿ”‘ Authentication with GitHub

Here you will integrate GitHub as Identity Provider of Red Hat Developer Hub allowing authenticate users (developers or platform engineers).

Use a public organization or your own user in GitHub as external Identity Provider.

To resolve this challenge you can start checking the following references:

๐Ÿงž๐Ÿ”‘ Authentication with GitHub Solution

Are you struggling about how to resolve it? Don’t worry you can check the solution here.

๐Ÿ”‘ Authentication with GitLab

Here you will integrate GitHub as Identity Provider of Red Hat Developer Hub allowing authenticate users (developers or platform engineers).

Use a public organization or your own user in GitLab as external Identity Provider. Otherwise, the cluster provides a local instance of GitLab available at:

echo https://gitlab.$basedomain

There are different users created (user1, user2, userX…​), using the same credentials (@abc1cde2).

To resolve this challenge you can start checking the following references:

๐Ÿงž๐Ÿ”‘ Authentication with GitLab Solution

Are you struggling about how to resolve it? Don’t worry you can check the solution here.

๐Ÿ›‚ You won’t break it

Building on the authentication setup, this activity introduces authorization policies to define and enforce what authenticated users are allowed to do. You’ll create rules within the application to grant or restrict access to specific features or actions, ensuring users have the correct permissions based on their roles.

To resolve this challenge you can start checking the following references:

๐Ÿงž๐Ÿ›‚ You won’t break it Solution

Are you struggling about how to resolve it? Don’t worry you can check the solution here.