Skip to content

Using Istio auth in Partition Service

Vibhuti Sharma [Microsoft] requested to merge users/Vibhuti/authN into master

For partition service to authenticate managed identity, we are enabling it to use istio rules like other services. However, partition service only authorizes token of type service principal, not user or guest. To make sure this behavior is not affected, a filter is added which sets the authentication context. This context is retrieved by the AuthorizationService to check the user type. A check is also added on the issuer, to make sure only issuer with v1 or v2 aad url is accepted.

Testing

  • Tested locally by passing different claims values in "x-payload" header and seeing response as expected.
Edited by Vibhuti Sharma [Microsoft]

Merge request reports

Loading