IAM first version #1
Conversation
vramperez
force-pushed
the
feat/iam-chart
branch
from
1c19b14 to
45d52a2
Compare
| @@ -0,0 +1,7 @@ | |||
| # did-helper/Chart.yaml | |||
There was a problem hiding this comment.
I think we are at a point where it makes sense to create a dedicated chart for the helper. What do you think?
| ], | ||
| "client": { | ||
|
|
||
| "${CLIENT_DID}": [ |
There was a problem hiding this comment.
I think we should clean this up a little, to only those that are required in that repo.
|
|
||
| - name: iam | ||
| namespace: iam | ||
| chart: ../charts/decentralized-iam |
There was a problem hiding this comment.
This would require manual update of the file on each version increase of the chart. Since this file will mostly(always?) be used by maven, a less manual alternative would be replacing a version-variable by resource-filtering
| ingress: | ||
| tir: | ||
| annotations: | ||
| kubernetes.io/ingress.class: "apisix" # Workaround since chart does not set className properly |
There was a problem hiding this comment.
Could you create a PR on the chart please?
| fullInclusion: true | ||
|
|
||
| odrl-authorization: | ||
| apisix: |
There was a problem hiding this comment.
As far as I seen, no extension of the opa-plugin is loaded. That means no http-body is provided to opa, which breaks a number of policies.
There was a problem hiding this comment.
My mistake, thats most likely done by the odrl-authorization chart, right?
| Request request = new Request.Builder() | ||
| .url(issuerHost + CREDENTIAL_OFFER_URI_PATH + "?credential_configuration_id=" + credentialConfigId) | ||
| .get() | ||
| .header("Authorization", "Bearer " + keycloakJwt) |
There was a problem hiding this comment.
"Authorization" and "Bearer" are multi times used "magic" constants. Would be better to make real constants of them.
| /** | ||
| * SD-JWT-Credentials {@see https://drafts.oauth.net/oauth-sd-jwt-vc/draft-ietf-oauth-sd-jwt-vc.html} | ||
| */ | ||
| SD_JWT_VC("vc+sd-jwt"); |
There was a problem hiding this comment.
Could you extend the enum to also support dc+sd-jwt? vc+sd-jwt is already deprecated and we will most likely need it in the very short future.
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
| <modelVersion>4.0.0</modelVersion> | ||
|
|
||
| <groupId>org.fiware</groupId> |
There was a problem hiding this comment.
Would also better be org.fiware.dataspace
| <modelVersion>4.0.0</modelVersion> | ||
|
|
||
| <groupId>org.fiware</groupId> | ||
| <artifactId>decentralizedIam</artifactId> |
| <configuration> | ||
| <skip>true</skip> | ||
| <portBindings> | ||
| <!-- NGINX ingress controller http & https --> |
There was a problem hiding this comment.
If I understand correctly, we are now using apisix directly as an ingress controller? Then at least the comment should be updated.
No description provided.