GitLab

For partition service to authenticate managed identity, we are enabling it to use istio rules like other services. However, partition service only authorizes token of type service principal, not user or guest. To make sure this behavior is not affected, a filter is added which sets the authentication context. This context is retrieved by the AuthorizationService to check the user type. A check is also added on the issuer, to make sure only issuer with v1 or v2 aad url is accepted.

Testing

• Tested locally by passing different claims values in "x-payload" header and seeing response as expected.