Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

14601 authorization api #16495

Open
wants to merge 29 commits into
base: main
Choose a base branch
from
Open

14601 authorization api #16495

wants to merge 29 commits into from

Conversation

jalbinson
Copy link
Collaborator

@jalbinson jalbinson commented Nov 6, 2024
edited
Loading

This PR adds authorization functionality to the auth and submission microservices.

Test Steps:

  1. Get secrets and active access token from Jamie
  2. Start up ReportStream, submissions, and auth (look at document in this PR for steps)
  3. Submit a report to http://localhost:9000/api/v1/reports
  4. Ensure the response you get is NOT 401 or 403. If something goes wrong in submissions thats beyond the scope of this ticket.

Bonus points: run the tests in the auth and submissions project to ensure they are passing on your machine locally.

Changes

  • Okta admin API calls to retrieve group information
  • Added Okta-Groups header with a JWT value
  • JWT read/writing
  • Authorization logic for senders

Checklist

Testing

  • Tested locally?
  • Ran ./prime test or ./gradlew testSmoke against local Docker ReportStream container?
  • Added tests?

Linked Issues

@jalbinson
15864 Spring Cloud Gate configuration with Swagger
d530487
@jalbinson
Merge branch 'master' into platform/jamie/15864-spring-cloud-swagger
e68207f
@jalbinson
add basic healthcheck test
3403b45
@jalbinson
Merge branch 'platform/jamie/15864-spring-cloud-swagger' of github.co…
cbe8404 
…m:CDCgov/prime-reportstream into platform/jamie/15864-spring-cloud-swagger
@jalbinson
Merge branch 'master' into platform/jamie/15864-spring-cloud-swagger
8e64119
@jalbinson
Merge branch 'master' into platform/jamie/15864-spring-cloud-swagger
74046c6
@jalbinson
PR feedback
9d0dc6f
@jalbinson
Merge branch 'master' into platform/jamie/15864-spring-cloud-swagger
2986d9c
@jalbinson
Merge branch 'platform/jamie/15864-spring-cloud-swagger' of github.co…
652a45e 
…m:CDCgov/prime-reportstream into platform/jamie/15864-spring-cloud-swagger
@jalbinson
config injection cleanup
a94be0b
@jalbinson
Merge branch 'master' into platform/jamie/15864-spring-cloud-swagger
74a903a
@jalbinson
fix test
c093548
@jalbinson
Merge branch 'platform/jamie/15864-spring-cloud-swagger' of github.co…
ceea1f7 
…m:CDCgov/prime-reportstream into platform/jamie/15864-spring-cloud-swagger
@jalbinson
14601 authz api
df7bac8
@jalbinson
merge main
da94858
@jalbinson jalbinson changed the title Platform/jamie/14601 authz api 14601 authz api Nov 7, 2024
@jalbinson jalbinson changed the title 14601 authz api 14601 authorization api Nov 7, 2024
@jalbinson jalbinson marked this pull request as ready for review November 7, 2024 21:27
@jalbinson jalbinson added the platform Platform Team label Nov 7, 2024
@MichaelEsuruoso MichaelEsuruoso assigned JFisk42 and adegolier and unassigned JFisk42 Nov 8, 2024
@jalbinson jalbinson added the microservice Tickets that are required to properly support the microservice arch label Nov 8, 2024
arnejduranovic
arnejduranovic reviewed Nov 13, 2024
View reviewed changes
auth/docs/setup.md Outdated Show resolved Hide resolved
auth/docs/setup.md Show resolved Hide resolved
adegolier
adegolier reviewed Nov 14, 2024
View reviewed changes
Copy link
Collaborator

@adegolier adegolier left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried to follow the test steps, but I get connection refused when I try to submit a report.

auth/docs/setup.md Show resolved Hide resolved
auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/OktaClientConfig.kt
.setClientId(oktaClientProperties.clientId)
.setScopes(oktaClientProperties.requiredScopes)
.setPrivateKey(oktaClientProperties.apiPrivateKey)
// .setCacheManager(...) TODO: investigate caching since groups don't often change
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a ticket for this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would just leave this be for now. Caching is something we can worry about if performance becomes a problem especially since this is currently a POC.

auth/src/main/resources/application.yml Show resolved Hide resolved
...st/kotlin/gov/cdc/prime/reportstream/auth/filter/AppendOktaGroupsGatewayFilterFactoryTest.kt Show resolved Hide resolved
auth/src/test/resources/application.yml
path: /swagger/api-docs

#Uncomment for verbose logging
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This appears to be uncommented already, is that intentional?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, good catch. It's helpful for debugging as it spits out tons of logs.

auth/src/test/resources/application.yml Show resolved Hide resolved
submissions/src/test/kotlin/SubmissionControllerIntegrationTest.kt Outdated Show resolved Hide resolved
jalbinson and others added 2 commits November 19, 2024 15:20
@jalbinson @arnejduranovic
Update auth/docs/setup.md
3cb1171 
Co-authored-by: Arnej <118766341+arnejduranovic@users.noreply.github.com>
@jalbinson
Merge branch 'main' into platform/jamie/14601-authz-api
54fb1ba
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@arnejduranovic arnejduranovic arnejduranovic left review comments

@adegolier adegolier adegolier left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@adegolier adegolier

Labels
microservice Tickets that are required to properly support the microservice arch platform Platform Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement ReportStream AUTH-Z API
5 participants
@jalbinson @adegolier @arnejduranovic @JFisk42 @emvaldes