Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

14601 authorization api #16495

Open
wants to merge 33 commits into
base: main
Choose a base branch
from
Open

14601 authorization api #16495

wants to merge 33 commits into from

Conversation

jalbinson
Copy link
Collaborator

@jalbinson jalbinson commented Nov 6, 2024

This PR adds authorization functionality to the auth and submission microservices.

Test Steps:

  1. Get secrets and active access token from Jamie
  2. Start up ReportStream, submissions, and auth (look at document in this PR for steps)
  3. Submit a report to http://localhost:9000/api/v1/reports
  4. Ensure the response you get is NOT 401 or 403. If something goes wrong in submissions thats beyond the scope of this ticket.

Bonus points: run the tests in the auth and submissions project to ensure they are passing on your machine locally.

Changes

  • Okta admin API calls to retrieve group information
  • Added Okta-Groups header with a JWT value
  • JWT read/writing
  • Authorization logic for senders

Checklist

Testing

  • Tested locally?
  • Ran ./prime test or ./gradlew testSmoke against local Docker ReportStream container?
  • Added tests?

Linked Issues

@jalbinson jalbinson changed the title Platform/jamie/14601 authz api 14601 authz api Nov 7, 2024
@jalbinson jalbinson changed the title 14601 authz api 14601 authorization api Nov 7, 2024
@jalbinson jalbinson marked this pull request as ready for review November 7, 2024 21:27
@jalbinson jalbinson added the platform Platform Team label Nov 7, 2024
@MichaelEsuruoso MichaelEsuruoso assigned JFisk42 and adegolier and unassigned JFisk42 Nov 8, 2024
@jalbinson jalbinson added the microservice Tickets that are required to properly support the microservice arch label Nov 8, 2024
auth/docs/setup.md Outdated Show resolved Hide resolved
auth/docs/setup.md Show resolved Hide resolved
Copy link
Collaborator

@adegolier adegolier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried to follow the test steps, but I get connection refused when I try to submit a report.

auth/docs/setup.md Show resolved Hide resolved
.setClientId(oktaClientProperties.clientId)
.setScopes(oktaClientProperties.requiredScopes)
.setPrivateKey(oktaClientProperties.apiPrivateKey)
// .setCacheManager(...) TODO: investigate caching since groups don't often change
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a ticket for this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would just leave this be for now. Caching is something we can worry about if performance becomes a problem especially since this is currently a POC.

auth/src/main/resources/application.yml Show resolved Hide resolved
auth/src/test/resources/application.yml Show resolved Hide resolved
auth/src/test/resources/application.yml Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
microservice Tickets that are required to properly support the microservice arch platform Platform Team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Implement ReportStream AUTH-Z API
5 participants