Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feature / Move gateway authentication to a separate service (#477)
* Add a new auth service to Gradle build files * Rename GrpcAuthValidator * Add thread local logging helper * Rename GrpcAuthHelpers * Provide a general HTTP/1 auth validator as part of the common auth (internal) package * Include HTTP codecs (1 & 2) in the common lib package * Use the new auth validator as the auth handler in the gateway. Login processing is removed from the gateway and will now be handled by the auth service. * Remove gateway dependency on -lib-auth. Gateway is just using internal auth validation, the same as a regular service. * Disable auth for protocol negotiation test * Explicit protocol version check in protocol negotiation test * Allow for Web Sockets in the HTTP/1 auth validator * Disable auth in the HTTP/1 proxy test * Do not prepare auth in platform tests if auth is disabled * Disable auth in unit tests where it is not needed * Clean up some code warnings * Disable auth for web API testing workflow * Move HTTP test helpers into common test library * Stub class for the authentication service * Add auth service to the platform test framework * Start skeleton auth service in a test case * Stub test cases for guest login * Factor protocol negotiator into a common base class and move to common lib * Move protocol negotiator test to common lib * Make the gateway use the new common protocol negotiator * Move web server onto the common protocol negotiator * Fix setup of HTTP codec for different scenarios in the protocol negotiator * Let the auth service start up and install the auth router * Rename TRAC auth providers package * Move user DB into impl package for TRAC auth * Rename login provider interface * Rename methods in login interface * Rename auth headers interface * Rename auth login package * Rename simple login package * Rename simple login plugin * Restrict simple login classes to package scope * Remove references to connId in http login handler * New auth provider interfaces (sits above login interface) * Update login plugin for guest protocol to use new IAuthProvider interface * make IUserDatabase a private detail of simple login * Make -svc-auth depend on -lib-auth * Include both auth and logic providers as plugin types * Expose login providers in simple login plugin * Include external systems in auth config * Lookup class to register and give out auth providers * Make auth service use the auth provider * Move login content responses to the public login package * Rename login content dir * Add optional config items to for login and return paths * Make login content use config and query params for return path * Remove unused methods in ILoginProvider * Update main login handler to remove code for request pass-through * Working tests for basic login and redirect * Handle differences between Java 17 / 21 in guest login test * Main functionality of gateway auth handler * Fix for removing disabled auth handler * Updates in gateway HTTP/1 auth handler * Updates in gateway HTTP/1 auth handler * Fix handling query params in gateway HTTP/1 proxy * Serve login content from JAR resources * Move guest login test into -lib-auth * Update namespace for login tests * Allow platform test helper to be used for config only (i.e. without starting services) * Update login test to test the login handler in isolation, but supplying the required TRAC config * Rename cookies / headers / metadata keys to match the normal convention * Common wrapper classes for working with HTTP request / response objects across protocol versions * Remove old auth headers classes (using Netty Headers base class instead) * Consolidate auth helpers for managing auth headers, move to using Netty's generic Headers framework * Use new common HTTP framework for login base classes * Update login providers for new framework * Finalize tests for guest login and login refresh * Working version of HTTP/1 login handler - all tests passing with guest login * Update built in login to work with new framework * Move close wrapper in to general test helpers package * Use new auth helpers in HTTP/1 auth validator / gw-handler classes * Update top level namespace for -lib-auth * Rename some classes in the login package * Update login providers after rename * Remove hard coding in basic auth header * Smoke test to ensure auth service is serving the login provider * Add a login test firing multiple requests on the same connection * Add test cases for dummy provider and provider switching * Remove unneeded comment (doesn't relate to this code) * Platform test code updated after auth lib refactor * Add a dummy auth provider for the auth service tests * Update dummy auth provider and associated tests * Update netty setup for auth service main class * Relay handler to pass messages back from an embedded channel * Logging and connection ID in base protocol negotiator * Update config protos for auth * Finalize auth service provider lookup * Auth service config to work with latest config proto * Add service properties to platform config * Use service properties to set idle timeout in auth service * Trace logging in the auth service * Config helpers and constants for service properties * Use service properties to set idle timeout in the gateway * Trace logging in the base protocol negotiator * Use new service props to set idle timeout for the gateway in dev local config * Remove explicit idle timeout field in gateway config (using service properties instead) * Fix common tests after changes * Update config files after config changes * Updates and fixes in auth headers logic * Rename wrapHttpHeaders to make it clear headers are not copied * Handle reading of auth settings config for the gateway * Update IAuthProvider interface in -lib-auth * Always require cookie direction in auth helpers * Working version of gateway auth handler for HTTP/1, no token refresh support yet * Use auth settings to set up auth handler in the gateway * Update configs to include auth service and new service properties * Implemented token refresh in GW HTTP/1 auth handler * Close connections in the GW auth handler if authentication fails * Logging and idle handling improvements for the gateway * Update log messages for token refresh * Remove unused code * Update expiry header name * Rename common auth package, to reflect namespace change in -lib-auth * More intelligent setup of the gw routing for services * Use auth service info to set up login redirect path in auth handler settings * Fix tests for login expiry token * Use some different ports for end-to-end tests * Use service enabled flag to enable / disable the web server * Update dev local config for web server enabled change * Use some different ports for testing * Update dev local and platform template config files * Fix rewrites of the platform config file for web API test in CI * Use the same ports as dev-local in template platform config * Fix rewrites of the platform config file for web API test in CI * Config updates * Web socket fixes * Fix header prefix for header translation in websockets router * Fix log noise for web sockets in the Gateway * Add log for web sockets translation * Logger types for core router * Fix lib auth tests * Fix lib common tests * Simpler log setup in core router baser class
- Loading branch information
1 parent
437e62c
commit f52ca0b