Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • P Partition
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 9
    • Issues 9
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 6
    • Merge requests 6
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Open Subsurface Data Universe Software
  • Platform
  • System
  • Partition
  • Merge requests
  • !83

Merged
Created Aug 24, 2021 by Vibhuti Sharma [Microsoft]@Vibhuti.SharmaMaintainer

Using Istio auth in Partition Service

  • Overview 13
  • Commits 13
  • Pipelines 32
  • Changes 12

For partition service to authenticate managed identity, we are enabling it to use istio rules like other services. However, partition service only authorizes token of type service principal, not user or guest. To make sure this behavior is not affected, a filter is added which sets the authentication context. This context is retrieved by the AuthorizationService to check the user type. A check is also added on the issuer, to make sure only issuer with v1 or v2 aad url is accepted.

Testing

  • Tested locally by passing different claims values in "x-payload" header and seeing response as expected.
Edited Aug 26, 2021 by Vibhuti Sharma [Microsoft]
Assignee
Assign to
Reviewer
Request review from
Time tracking
Source branch: users/Vibhuti/authN