Reopening it since the impl merged is not working as should be.
The points checked and analysed are in the PR to revert it: https://github.com/aerogear/mobile-security-service-operator/pull/76
Summary
||What shows required to do?||Status|| PS ||
|Add annotation in the service-account to pass the route|(/)| - |
|Add annotation in the service to pass the secret|(x)| service.alpha.openshift.io/serving-cert-secret-name: <nameOfSecret> |
|Create the secret|(x)| See [here|https://github.com/integr8ly/3scale-operator-old/blob/15f7b3c35e205b74b7bba37b99c8cd78ce9e7e40/pkg/controller/threescale/threescale_controller.go#L172] |
|Create the deployment object as slide-card for the MSS|(/)| - |
|Pass in the OAuth deployment the secret as arg| (x)| See [here|https://github.com/openshift/oauth-proxy/blob/master/contrib/sidecar.yaml#L63] |
|Add TLS termination in the route| (x)| See [here|https://github.com/openshift/oauth-proxy/blob/master/contrib/sidecar.yaml#L21] |
|Make the request in the APP CR use the secret| (x)| See [here|https://github.com/integr8ly/3scale-operator-old/blob/43abc73120c37cc4f221aaa59f3e8ee135e7a7ba/pkg/threescale/client.go#L275] |
|Create and Update Status for Ouath Deployment|(/)| - |
|App check for Ouath Deployment to update the status OK|(/)| - |
See the [OCP OAuth example|https://github.com/openshift/oauth-proxy/blob/master/contrib/sidecar.yaml#L63].
NOTES:
* Has more than on option to do the authentication, for example, in the above example it is using a secret, however, we could use a certificate as well.
* [~lfitzgerald] and [~dffrench] it shows make part of another epic. Should not be better move this JIRA to there?
c/c [~dffrench] [~lfitzgerald] |
|
