Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • P Partition
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 7
    • Issues 7
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 7
    • Merge requests 7
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Open Subsurface Data Universe SoftwareOpen Subsurface Data Universe Software
  • Platform
  • System
  • Partition
  • Merge requests
  • !83

Using Istio auth in Partition Service

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged Vibhuti Sharma [Microsoft] requested to merge users/Vibhuti/authN into master Aug 24, 2021
  • Overview 13
  • Commits 13
  • Pipelines 32
  • Changes 12

For partition service to authenticate managed identity, we are enabling it to use istio rules like other services. However, partition service only authorizes token of type service principal, not user or guest. To make sure this behavior is not affected, a filter is added which sets the authentication context. This context is retrieved by the AuthorizationService to check the user type. A check is also added on the issuer, to make sure only issuer with v1 or v2 aad url is accepted.

Testing

  • Tested locally by passing different claims values in "x-payload" header and seeing response as expected.
Edited Aug 26, 2021 by Vibhuti Sharma [Microsoft]
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: users/Vibhuti/authN