Draft: OAuth2 Correction & Gateway Deployment (!292) · Merge requests · data-custodian / custodian

Martin Fontanet requested to merge gateway-oauth into develop Apr 29, 2024

This PR fixes the use of ID token and Access Token for the Gateway. It also replaces the previous OIDC connection mechanism (in the code) by an init container approach, and proposes a new configuration setup for the gateway.

OpenID Connect changes

The OIDC ID token is now passed in a custom header (default X-Id-Token)
The OAuth2 Access Token is passed in the Authorization header instead of the ID token

Gateway configuration changes

The gateway is now configured using two files
- config.yml: contains non-sensitive config (redirections, default server address and port, ...)
- secrets.yml: contains sensitive config (client secret, client ID, OIDC config, ...)
secrets.yml.dist provides a template that can be used to create secrets.yml

OIDC Endpoint Connection changes

The for loop that tries to connect to the OIDC endpoint is removed from the code
The connection tests is added via in a docker-compose.yml file using an init container
An init container is added to the helm charts as well

Draft: OAuth2 Correction & Gateway Deployment

OpenID Connect changes

Gateway configuration changes

OIDC Endpoint Connection changes

Merge request reports