Merge pull request #42 from aserto-dev/authorizer-auth

Authorizer authorization config

Author: Ronen Hilewicz

charts/aserto-lib/Chart.yaml

@@ -21,7 +21,7 @@ type: library
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.1
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/aserto/Chart.lock

@@ -1,30 +1,24 @@
 dependencies:
+- name: aserto-lib
+  repository: file://../aserto-lib
+  version: 0.2.0
+- name: authorizer
+  repository: file://../authorizer
+  version: 0.2.0
 - name: controller
   repository: file://../controller
   version: 0.0.1
+- name: console
+  repository: file://../console
+  version: 0.1.7
 - name: directory
   repository: file://../directory
-  version: 0.2.2
-- name: authorizer
-  repository: file://../authorizer
-  version: 0.1.10
+  version: 0.2.0
 - name: discovery
   repository: file://../discovery
-  version: 0.1.9
-- name: console
-  repository: file://../console
-  version: 0.1.8
+  version: 0.2.0
 - name: scim
   repository: file://../scim
-  version: 0.1.7
-- name: registry-proxy
-  repository: file://../registry-proxy
-  version: 0.1.6
-- name: aserto-lib
-  repository: file://../aserto-lib
-  version: 0.2.1
-- name: multi-tenant-scim
-  repository: file://../multi-tenant-scim
-  version: 0.0.1
-digest: sha256:dd5cc7966bdbc8c5cb731339a97d2ef3d1764b81e8aa624ea76abdc539824093
-generated: "2025-01-24T11:04:50.423851638+02:00"
+  version: 0.2.0
+digest: sha256:eeb8b6b65e31152eadc15ffd86d33a57b36f4c27bdb70f9548b63b147dc6b9d2
+generated: "2025-03-28T11:34:16.57247-04:00"

charts/aserto/Chart.yaml

@@ -21,7 +21,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.12
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -30,36 +30,36 @@ version: 0.1.12
 appVersion: "0.1.0"
 
 dependencies:
+  - name: aserto-lib
+    version: 0.2.0
+    repository: file://../aserto-lib
+  - name: authorizer
+    version: 0.2.0
+    repository: file://../authorizer
+    condition: authorizer.enabled
   - name: controller
     version: 0.0.1
     repository: file://../controller
+  - name: console
+    version: 0.1.7
+    repository: file://../console
+    condition: console.enabled
   - name: directory
-    version: 0.2.2
+    version: 0.2.0
     repository: file://../directory
-  - name: authorizer
-    version: 0.1.10
-    repository: file://../authorizer
-    condition: authorizer.enabled
   - name: discovery
-    version: 0.1.9
+    version: 0.2.0
     repository: file://../discovery
     condition: discovery.enabled
-  - name: console
-    version: 0.1.8
-    repository: file://../console
-    condition: console.enabled
+  # - name: multi-tenant-scim
+  #   version: 0.0.1
+  #   repository: file://../multi-tenant-scim
+  #   condition: multi-tenant-scim.enabled
+  # - name: registry-proxy
+  #   version: 0.1.6
+  #   repository: file://../registry-proxy
+  #   condition: registry-proxy.enabled
   - name: scim
-    version: 0.1.7
+    version: 0.2.0
     repository: file://../scim
     condition: scim.enabled
-  - name: registry-proxy
-    version: 0.1.6
-    repository: file://../registry-proxy
-    condition: registry-proxy.enabled
-  - name: aserto-lib
-    version: 0.2.1
-    repository: file://../aserto-lib
-  - name: multi-tenant-scim
-    version: 0.0.1
-    repository: file://../multi-tenant-scim
-    condition: multi-tenant-scim.enabled

charts/authorizer/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: aserto-lib
   repository: file://../aserto-lib
-  version: 0.2.1
-digest: sha256:83c950a4ee60c07dbc8e045f6645365ca35eced4f1aa329f51c8e2de1de28f93
-generated: "2024-12-17T16:09:37.112996+02:00"
+  version: 0.2.0
+digest: sha256:e847ea16d4c0c170655af988461152ab61eed5372f1639769dd7d198346da272
+generated: "2025-03-28T11:27:37.668307-04:00"

charts/authorizer/Chart.yaml

@@ -21,15 +21,15 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.10
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 0.16.0
+appVersion: 0.16.1
 
 dependencies:
   - name: aserto-lib
-    version: 0.2.1
+    version: 0.2.0
     repository: file://../aserto-lib

charts/authorizer/templates/config.yaml

@@ -38,7 +38,14 @@ stringData:
     jwt:
       acceptable_time_skew_seconds: {{ .Values.jwtAcceptableTimeSkewSeconds | default "5" }}
 
-    auth:
+    authorization:
+      enabled: true
+      ignored_methods:
+        - /grpc.reflection.v1alpha.ServerReflection/ServerReflectionInfo
+        - /grpc.reflection.v1.ServerReflection/ServerReflectionInfo
+        - /aserto.authorizer.v2.Authorizer/Info
+
+    authentication:
       authenticators_enabled:
         root_key: true
         oidc: true
@@ -58,6 +65,7 @@ stringData:
         - methods:
             - /grpc.reflection.v1.ServerReflection/ServerReflectionInfo
             - /grpc.reflection.v1alpha.ServerReflection/ServerReflectionInfo
+            - /aserto.authorizer.v2.Authorizer/Info
           authenticators_enabled:
             anonymous: true
 

charts/console/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: aserto-lib
   repository: file://../aserto-lib
-  version: 0.2.1
-digest: sha256:83c950a4ee60c07dbc8e045f6645365ca35eced4f1aa329f51c8e2de1de28f93
-generated: "2024-12-17T16:09:37.348401+02:00"
+  version: 0.2.0
+digest: sha256:e847ea16d4c0c170655af988461152ab61eed5372f1639769dd7d198346da272
+generated: "2025-03-28T11:27:43.142209-04:00"

charts/console/Chart.yaml

@@ -21,15 +21,15 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.8
+version: 0.1.7
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 0.2.0
+appVersion: 0.2.8
 
 dependencies:
   - name: aserto-lib
-    version: 0.2.1
+    version: 0.2.0
     repository: file://../aserto-lib

charts/console/templates/deployment.yaml

@@ -55,7 +55,7 @@ spec:
             - name: DS0_TENANT_ID
               value: {{ .tenant_id }}
             {{- end }}
-            {{- with include "aserto-lib.controllerKeyEnv" (list . "read") }}
+            {{- with include "aserto-lib.controllerKeyEnv" (list . "write") }}
             - name: DS0_ROOT_KEY
               {{- . | nindent 14 }}
             {{- end }}

charts/console/templates/service.yaml

@@ -4,6 +4,11 @@ metadata:
   name: {{ include "console.fullname" . }}
   labels:
     {{- include "console.labels" . | nindent 4 }}
+
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 8 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports: