feat(jans-cedarling): add well-known authzen configuration endpoint (#…

…10435)

* feat(jans-cedarling): add authzen configuration

Signed-off-by: SafinWasi <[email protected]>

* docs(jans-cedarling): update openapi

Signed-off-by: SafinWasi <[email protected]>

* chore(jans-cedarling): add log level to options

Signed-off-by: SafinWasi <[email protected]>

* chore: use hostname

Signed-off-by: SafinWasi <[email protected]>

---------

Signed-off-by: SafinWasi <[email protected]>

jans-cedarling/flask-sidecar/flask-sidecar.yml

@@ -104,11 +104,30 @@ components:
       - id
       - type
       type: object
+    WellKnown:
+      properties:
+        access_evaluation_v1_endpoint:
+          type: string
+      type: object
 info:
   title: Cedarling Sidecar
   version: v1
 openapi: 3.0.0
 paths:
+  /.well-known/authzen-configuration:
+    get:
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/WellKnown'
+          description: OK
+        default:
+          $ref: '#/components/responses/DEFAULT_ERROR'
+      summary: Returns authzen configuration endpoint
+      tags:
+      - Evaluate
   /cedarling/evaluation:
     post:
       requestBody:

jans-cedarling/flask-sidecar/main/extensions/routes_extension.py

@@ -1,4 +1,4 @@
 from main.v1.resource import blp as evaluation_routes
 
 def register_routes(app):
-    app.register_blueprint(evaluation_routes, url_prefix="/cedarling")
+    app.register_blueprint(evaluation_routes, url_prefix="")

jans-cedarling/flask-sidecar/main/v1/resource.py

@@ -1,13 +1,14 @@
 from main.extensions import BlueprintApi
-from main.v1.schema import EvaluationRequestSchema, DecisionSchema 
+from main.v1.schema import EvaluationRequestSchema, DecisionSchema, WellKnownSchema
 from flask.views import MethodView
+from flask import request
 from main.extensions import cedarling
 
 blp = BlueprintApi("Evaluate",
                    __name__,
                    description="AuthZen evaluation endpoint")
 
-@blp.route("/evaluation")
+@blp.route("/cedarling/evaluation")
 class Evaluation(MethodView):
     @blp.arguments(EvaluationRequestSchema, location="json")
     @blp.response(200, DecisionSchema)
@@ -22,3 +23,15 @@ def post(self, payload):
                                 payload.get("context", {})
                         )
         return auth_response
+
+@blp.route("/.well-known/authzen-configuration")
+class WellKnown(MethodView):
+    @blp.response(200, WellKnownSchema)
+    def get(self):
+        """
+        Returns authzen configuration endpoint
+        """
+        response = {
+            "access_evaluation_v1_endpoint": f"{request.host_url}cedarling/evaluation"
+        }
+        return response

jans-cedarling/flask-sidecar/main/v1/schema.py

@@ -35,3 +35,6 @@ class EvaluationRequestSchema(BaseSchema):
 class DecisionSchema(BaseSchema):
     decision = ma.fields.Bool(required=True)
     context = ma.fields.Dict()
+
+class WellKnownSchema(BaseSchema):
+    access_evaluation_v1_endpoint = ma.fields.Str()

jans-cedarling/flask-sidecar/secrets/bootstrap.json

@@ -3,6 +3,7 @@
     "CEDARLING_POLICY_STORE_URI": "https://gluu.org",
     "CEDARLING_POLICY_STORE_ID": "gICAgcHJpbmNpcGFsIGlz",
     "CEDARLING_LOG_TYPE": "std_out",
+    "CEDARLING_LOG_LEVEL": "INFO",
     "CEDARLING_LOG_TTL": null,
     "CEDARLING_USER_AUTHZ": "enabled",
     "CEDARLING_WORKLOAD_AUTHZ": "enabled",