Using Istio auth in Partition Service (!83) · Merge requests · Open Subsurface Data Universe Software / Platform / System / Partition

Vibhuti Sharma [Microsoft] requested to merge users/Vibhuti/authN into master Aug 24, 2021

For partition service to authenticate managed identity, we are enabling it to use istio rules like other services. However, partition service only authorizes token of type service principal, not user or guest. To make sure this behavior is not affected, a filter is added which sets the authentication context. This context is retrieved by the AuthorizationService to check the user type. A check is also added on the issuer, to make sure only issuer with v1 or v2 aad url is accepted.

Testing

Tested locally by passing different claims values in "x-payload" header and seeing response as expected.

Edited Aug 26, 2021 by Vibhuti Sharma [Microsoft]

Using Istio auth in Partition Service

Merge request reports