There is a security vulnerability in SSH key-generation using GitKraken < v8.0.1. If you used this tool to create SSH keys, please update GitKraken and regenerate. If you need help with this, contact forum-support@opengroup.org

Commit e15fe799 authored by kiranveerapaneni's avatar kiranveerapaneni
Browse files

Updaing readme doc with Istio Auth filter

parent 5ac2e4e2
Pipeline #8832 passed with stages
in 12 minutes and 17 seconds
......@@ -43,7 +43,6 @@ az keyvault secret show --vault-name $KEY_VAULT_NAME --name $KEY_VAULT_SECRET_NA
| `service_domain_name` | ex `contoso.com` | The name of the domain for which the service will run | no | -- |
| `aad_client_id` | `********` | AAD client application ID | yes | output of infrastructure deployment |
| `azure.activedirectory.AppIdUri` | `api://${azure.activedirectory.client-id}` | URI for AAD Application | no | -- |
| `azure.activedirectory.session-stateless` | `true` | Flag run in stateless mode (needed by AAD dependency) | no | -- |
| `cosmosdb_database` | ex `foo-db` | The name of the CosmosDB database | no | output of infrastructure deployment |
| `KEYVAULT_URI` | ex `https://foo-keyvault.vault.azure.net/` | URI of KeyVault that holds application secrets | no | output of infrastructure deployment |
| `appinsights_key` | `********` | API Key for App Insights | yes | output of infrastructure deployment |
......@@ -51,8 +50,24 @@ az keyvault secret show --vault-name $KEY_VAULT_NAME --name $KEY_VAULT_SECRET_NA
| `AZURE_CLIENT_ID` | `********` | Identity to run the service locally. This enables access to Azure resources. You only need this if running locally | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-username` |
| `AZURE_TENANT_ID` | `********` | AD tenant to authenticate users from | yes | -- |
| `AZURE_CLIENT_SECRET` | `********` | Secret for `$AZURE_CLIENT_ID` | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-password` |
In Order to run service with AAD authentication add below environment variables.This is the recommended approach to run entitlement service in local.
As AAD will authenticate the token and extract the payload to fetch user information.
| name | value | description | sensitive? | source |
| --- | --- | --- | --- | --- |
| `azure_istioauth_enabled` | `false` | Flag to Disable AAD auth | no | -- |
| `azure_activedirectory_session_stateless` | `true` | Flag run in stateless mode (needed by AAD dependency) | no | -- |
| `azure_activedirectory_client_id` | `********` | AAD client application ID | yes | output of infrastructure deployment |
In Order to run service with Istio authentication add below environment variables.This is needed only to test istio filter scenarios,
with these settings service expects "x-payload" header which contains Base64 encoded format of Payload.In this approach service will not do Authentication.
name | value | description | sensitive? | source |
| --- | --- | --- | --- | --- |
| `azure_istioauth_enabled` | `true` | Flag to Disable AAD auth | no | -- |
**Required to run integration tests**
| name | value | description | sensitive? | source |
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment