Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[New Feature]: Use Cognito authentication for Airflow and OGC APIs #263

Open
LucaCinquini opened this issue Jan 13, 2025 · 2 comments
Open

[New Feature]: Use Cognito authentication for Airflow and OGC APIs #263

LucaCinquini opened this issue Jan 13, 2025 · 2 comments
Assignees
@jpl-btlunsfo
Labels
enhancement New feature or request U-SPS

Comments

@LucaCinquini
Copy link
Collaborator

LucaCinquini commented Jan 13, 2025
edited
Loading

PM Ticket Reference: unity-sds/unity-project-management#212

Description:

We need to be able to use the Cognito token for Airflow and OGS API requests - these should be proxied through the venue api gateway
Once the above is working, remove the Airflow login from the mid-proxy and prevent direct access to the mid-proxy

Explanation:
The preferred architecture is that the Airflow and OGC API endpoints are hidden behind the shared service and venue service proxies. The authorization token is retrieved from the shared services, and passed to the shared service proxy to enforce authentication. User permissions could be retrieved and passed to the OGC and Airflow APIs for further authorization.
@LucaCinquini LucaCinquini moved this to In Progress in Unity Project Board Jan 13, 2025
@LucaCinquini LucaCinquini added the enhancement New feature or request label Jan 21, 2025
@LucaCinquini LucaCinquini assigned jpl-btlunsfo and unassigned nikki-t Jan 21, 2025
@LucaCinquini
Copy link
Collaborator Author

LucaCinquini commented Jan 23, 2025
edited
Loading

As discussed during the PI, this task involves the following steps:

  • Change the SPS ALBs for Airflow and OGC APIs to NLBs
  • Configure the CS venue API gateway to proxy the SPS URLs to the SPS NLBs. For now, reuse the CS common Lambda Authorizer.
  • Configure VPC link from the shared services to the venue services (is it done already?)
  • Retrieve Cognito token from the shared services (provide examples via Python and CURL)
  • Pass the Cognito token as part of an OGC and Airflow API to the API Gateway, demonstrate that the request is passed on to the SPS endpoints
  • Update the integration tests to pass the Cognito token when invoking the Airflow and OGC APIs
  • Remove direct access to the mid-level CS proxies

@LucaCinquini
Copy link
Collaborator Author

References:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jpl-btlunsfo jpl-btlunsfo

Labels
enhancement New feature or request U-SPS
Projects
Unity Project Board
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
3 participants
@LucaCinquini @nikki-t @jpl-btlunsfo