TheGraph Auth-Layer-Proxy #43
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AlfredoG87
added
the
New Feature
AlfredoG87
force-pushed
the
envoy-aut-layer-final
branch
from
a9b1ada to
dda5e8a
Compare
… of a long term final solution. Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
…s and improved a little on the docs instructions, also moved the copy of the filters from the mapping volume on the docker-compose to the Dockerfile, so those files can be copied and included with the image at build time Signed-off-by: Alfredo Gutierrez <[email protected]>
…k on productization Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
…ill no longer be needed. Signed-off-by: Alfredo Gutierrez <[email protected]>
…t all on the same script. Added SHA-256 function to hash received token before comparing it to db. Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
… instrospection endpoint instead of checking it agasint postgres, added validations and descriptive errors. Cleanup Dockerfile to only include the needed dependencies. Updated example.env with needed env variables Updated README.md with new instructions Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
Added GHA WF for running unit tests as part of CI pipeline Improvements to Readme with instructions on how to run tests Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
Signed-off-by: Alfredo Gutierrez <[email protected]>
AlfredoG87
force-pushed
the
envoy-aut-layer-final
branch
from
a76805c to
fff4e0e
Compare
Nana-EC
reviewed
Mar 28, 2024
.github/workflows/proxy-tests.yml
Outdated
| @@ -0,0 +1,50 @@ | |||
| name: Tests | |||
auth-layer-proxy/README.md
Outdated
| linkStyle 4 stroke:#00ff00,stroke-width:2px; | ||
|
|
||
| ``` | ||
| More information on the **Authorization Layer** can be found [here](link) |
There was a problem hiding this comment.
It was a placeholder for when the doc was merged into main.
now that is already merged I fixed the link with the appropiate url
✅ done
auth-layer-proxy/README.md
Outdated
| @@ -0,0 +1,184 @@ | |||
| # Readme | |||
|
|
|||
| This is a token verification auth-layer-proxy for Hedera-The-Graph implementation that will allows a node operator to publish a secured `admin port` of the-graph deployment for hedera. | |||
There was a problem hiding this comment.
nit:
Suggested change
| This is a token verification auth-layer-proxy for Hedera-The-Graph implementation that will allows a node operator to publish a secured `admin port` of the-graph deployment for hedera. | |
| This is a token verification auth-layer-proxy for Hedera-The-Graph implementation that will allow a node operator to publish a secured `admin port` of the-graph deployment for Hedera. |
auth-layer-proxy/README.md
Outdated
| } | ||
| ``` | ||
|
|
||
| For instructions on how to set-up the Auth Provider using KeyCloak, refer to the `Auth-Layer-Server` [README](link) |
There was a problem hiding this comment.
It was a placeholder for when the auth-layer-server was already merged, now that is merged I have updated with the approapiate URL. thanks for noticing!!
✅ Done
Signed-off-by: Alfredo Gutierrez <[email protected]>
This was referenced Apr 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Productization of Envoy Proxy as Auth Layer Proxy, for validating the request token and params and deciding if it has the appropiate permissions to access the index Admin API of HederaTheGraph deployment.
Is meant to secure the Admin Endpoints for authorized developers only assigned subgraphs.
Added Unit Tests to comply that the VerificationTokenFilter is working as expected.
Related issue(s):
Fixes #
Notes for reviewer:
Tests CI is already included on this PR and running, you can checkout the coverage and details of the run here:
https://github.com/hashgraph/hedera-the-graph/actions/runs/8384795289/job/22962691770?pr=43
or by following the details.
The 2 steps that show the results are:
Run TestsandGenerate Console ReportChecklist