Skip to content

Commit

Permalink
[pre-commit.ci] auto fixes from pre-commit.com hooks
Browse files Browse the repository at this point in the history
for more information, see https://pre-commit.ci
  • Loading branch information
pre-commit-ci[bot] committed Sep 11, 2024
1 parent 0443fac commit c1ac29b
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions authN-authZ/auth-istio/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
In enterprise settings not only do we want to identify who is using a service but also what they are entitled to use. This is where authentication and authorization comes in. In contrast, API tokens provide full access by virtue of possession as long as they are valid/not expired. With that aside, we first provide the solution on AuthN and AuthZ in OPEA using Istio and JWT tokens. Another option is to leverage the oauth2-proxy with various OIDC providers for authentication and authorization. Using oauth2-proxy with Istio ensures secure, scalable access control, centralizes user management, and provides seamless single sign-on capabilities, improving overall security and user experience in complex microservices environments.

Currently we provide three kinds of setups for authentication and authorization:

- [via fake JWT token with curl](#perform-authentication-and-authorization-via-fake-jwt-tokens)
- [via JWT token generated by OIDC providers with curl](#perform-authentication-and-authorization-via-jwt-tokens-generated-by-oidc-provider)
- [via oauth2-proxy and OIDC providers with UI](#perform-authentication-and-authorization-via-oauth2-proxy-and-oidc-provider-and-ui)
Expand Down Expand Up @@ -288,6 +289,7 @@ kubectl apply -f $(pwd)/$DEPLOY_METHOD/chatQnA_ui_gateway.yaml
```
With helm chart based deployment, the UI already deployed as part of the pipeline. So expose endpoints like this:
```bash
kubectl apply -f $(pwd)/$DEPLOY_METHOD/chatQnA_router_gateway_oauth.yaml
```
Expand Down Expand Up @@ -316,6 +318,7 @@ Add both host names for ChatQnA UI and backend service into /etc/hosts
sudo sed -i '1i\127.0.0.1 chatqna-service.com' /etc/hosts
sudo sed -i '1i\127.0.0.1 chatqna-ui.com' /etc/hosts
```
Open browser with address `"chatqna-ui.com:${INGRESS_PORT}"` if using GMC based deployment. Otherwise, open the browser with address `"chatqna-service.com:${INGRESS_PORT}"`.
Login with user `bob` and its credentials shall return a 403 error. Login with user `mary` and its credentials shall able to access the ChatQnA service.

0 comments on commit c1ac29b

Please sign in to comment.