Draft: GONRG-10142 Use id_token by default in GC OSDU
Type of change
-
Bug Fix -
Feature
Please provide link to gitlab issue or ADR(Architecture Decision Record)
Does this introduce a change in the core logic?
- NO
Does this introduce a change in the cloud provider implementation, if so which cloud?
-
AWS -
Azure -
Google Cloud -
IBM
Does this introduce a breaking change?
- NO
What is the current behavior?
The current Helm Chart includes options focused on on-premise deployment, such as local URLs for Keycloak, internal networks, and manual certificate management
What is the new/expected behavior?
The project is switching to using Google OAuth2 and id_etoken for default authentication.
The value of the onPremEnabled variable is set to false, which activates the cloud settings.
The RequestAuthentication configuration now uses Google OAuth2 as an OpenID Connect provider, indicating https://accounts.google.com as the issuer and the corresponding jwksUri.
The entire authentication and communication infrastructure of the services is adapted to work with Google Cloud, with minimal dependence on on-premise services. Authentication is expected to work based on Google OAuth2, with the ability to use id_token to access services via Istio.
Have you added/updated Unit Tests and Integration Tests?
No