Skip to content

✨ Add wb-auth new Service and Redirect ForwardAuth for Vendor Services #8130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jul 22, 2025
Merged

✨ Add wb-auth new Service and Redirect ForwardAuth for Vendor Services #8130

merged 11 commits into from
Jul 22, 2025

Conversation

@pcrespov
Copy link
Member

@pcrespov pcrespov commented Jul 21, 2025
edited
Loading

What do these changes do?

This PR introduces a new service, wb-auth , to the simcore-service stack to act as a centralized forward authentication endpoint used for vendor services.

This is the setup, where wb-auth is represented below as AuthServer

Changes:

  • Added: New service wb-auth integrated into the simcore-service stack (based on webserver image)
  • Updated: Traefik configuration now redirects forwardauth middleware for test vendor services to wb-auth (but needs to be done in deploy).

Related issue/s

How to test

cd services/web/server
make install-dev
pytest -vv tests/unit/with_dbs/03/test_login_auth_app.py

Manual exploratory test

image

Dev-ops

@pcrespov pcrespov self-assigned this Jul 21, 2025
@codecov
Copy link

codecov bot commented Jul 21, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 95.23810% with 1 line in your changes missing coverage. Please review.

Project coverage is 88.10%. Comparing base (48fadf2) to head (90486c5).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8130      +/-   ##
==========================================
+ Coverage   87.42%   88.10%   +0.67%     
==========================================
  Files        1843     1891      +48     
  Lines       70822    72708    +1886     
  Branches     1274     1274              
==========================================
+ Hits        61915    64056    +2141     
+ Misses       8529     8274     -255     
  Partials      378      378
Flag Coverage Δ
integrationtests 64.20% <23.80%> (+3.72%) ⬆️
unittests 86.72% <95.23%> (+0.14%) ⬆️
Components Coverage Δ
pkg_aws_library 93.93% <ø> (ø)
pkg_celery_library 87.34% <ø> (ø)
pkg_dask_task_models_library 79.62% <ø> (ø)
pkg_models_library 93.15% <ø> (ø)
pkg_notifications_library 85.26% <ø> (ø)
pkg_postgres_database 88.02% <ø> (ø)
pkg_service_integration 70.17% <ø> (ø)
pkg_service_library 71.48% <ø> (ø)
pkg_settings_library 90.45% <ø> (ø)
pkg_simcore_sdk 85.05% <ø> (-0.06%) ⬇️
agent 93.81% <ø> (ø)
api_server 93.02% <ø> (ø)
autoscaling 95.88% <ø> (ø)
catalog 92.34% <ø> (ø)
clusters_keeper 99.13% <ø> (ø)
dask_sidecar 91.81% <ø> (ø)
datcore_adapter 97.94% <ø> (ø)
director 76.14% <ø> (ø)
director_v2 91.06% <ø> (+5.53%) ⬆️
dynamic_scheduler 96.27% <ø> (ø)
dynamic_sidecar 90.07% <ø> (ø)
efs_guardian 89.76% <ø> (ø)
invitations 91.44% <ø> (ø)
payments 92.60% <ø> (ø)
resource_usage_tracker 92.50% <ø> (∅)
storage 86.39% <ø> (-0.34%) ⬇️
webclient ∅ <ø> (∅)
webserver 88.24% <95.23%> (+<0.01%) ⬆️

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 48fadf2...90486c5. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pcrespov pcrespov force-pushed the is7781/auth-service branch from 3c0f8e1 to e53a9bb Compare July 21, 2025 17:09
@pcrespov pcrespov changed the title WIP: Is7781/auth service ✨ Add wg-auth new Service and Redirect ForwardAuth for Vendor Services Jul 21, 2025
@pcrespov pcrespov marked this pull request as ready for review July 21, 2025 17:23
@pcrespov pcrespov added the a:webserver webserver's codebase. Assigning the area is particularly useful for bugs label Jul 21, 2025
@pcrespov pcrespov added this to the Engage milestone Jul 21, 2025
@pcrespov pcrespov requested a review from giancarloromeo July 21, 2025 17:36
@pcrespov pcrespov enabled auto-merge (squash) July 21, 2025 17:40
@pcrespov pcrespov added 🤖-automerge marks PR as ready to be merged for Mergify and removed 🤖-automerge marks PR as ready to be merged for Mergify labels Jul 21, 2025
@pcrespov pcrespov disabled auto-merge July 21, 2025 17:41
matusdrobuliak66
matusdrobuliak66 approved these changes Jul 21, 2025
View reviewed changes
Copy link
Collaborator

@matusdrobuliak66 matusdrobuliak66 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

YuryHrytsuk
YuryHrytsuk approved these changes Jul 22, 2025
View reviewed changes
sanderegg
sanderegg approved these changes Jul 22, 2025
View reviewed changes
Copy link
Member

@sanderegg sanderegg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing, thanks! and the logo rocks!

@YuryHrytsuk
Copy link
Contributor

YuryHrytsuk commented Jul 22, 2025

@pcrespov what stands for WG? I would expect WB initially

@pcrespov
Copy link
Member Author

pcrespov commented Jul 22, 2025

@pcrespov what stands for WG? I would expect WB initially

@YuryHrytsuk you are totally right. It must be wb (from webserver) not wg ... I will change it
thx for noticing!

@pcrespov pcrespov changed the title ✨ Add wg-auth new Service and Redirect ForwardAuth for Vendor Services ✨ Add wb-auth new Service and Redirect ForwardAuth for Vendor Services Jul 22, 2025
@pcrespov pcrespov enabled auto-merge (squash) July 22, 2025 07:20
@pcrespov pcrespov added the 🤖-automerge marks PR as ready to be merged for Mergify label Jul 22, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 22, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

giancarloromeo
giancarloromeo approved these changes Jul 22, 2025
View reviewed changes
Copy link
Contributor

@giancarloromeo giancarloromeo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thx

@pcrespov pcrespov merged commit 2b9bf2b into ITISFoundation:master Jul 22, 2025
95 of 96 checks passed
@pcrespov pcrespov deleted the is7781/auth-service branch July 22, 2025 07:49
mrnicegyu11
mrnicegyu11 reviewed Jul 22, 2025
View reviewed changes
Copy link
Member

@mrnicegyu11 mrnicegyu11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

saw it too late, should work as-is thx!

@pcrespov pcrespov mentioned this pull request Jul 22, 2025
Merged
@YuryHrytsuk YuryHrytsuk mentioned this pull request Jul 23, 2025
Closed
YuryHrytsuk added a commit to YuryHrytsuk/osparc-ops-environments that referenced this pull request Jul 23, 2025
@YuryHrytsuk
Add wb-auth simcore service
efbeb01 
* closes ITISFoundation#1145

* ITISFoundation/osparc-simcore#8130
This was referenced Jul 23, 2025
Merged
Closed
YuryHrytsuk added a commit to YuryHrytsuk/osparc-ops-environments that referenced this pull request Jul 24, 2025
@YuryHrytsuk
Traefik: use wb-auth for platform user auth
6792608 
Since new service for user authentication was introduced. We shall use
it in platform user authentication middleware

* ITISFoundation/osparc-simcore#8130
* ITISFoundation#1146

* ITISFoundation#1145
@YuryHrytsuk YuryHrytsuk mentioned this pull request Jul 24, 2025
Merged
1 task
YuryHrytsuk added a commit to ITISFoundation/osparc-ops-environments that referenced this pull request Jul 25, 2025
@YuryHrytsuk
Add wb-auth simcore service (#1146)
220efa6 
* Add wb-auth simcore service

* closes #1145

* ITISFoundation/osparc-simcore#8130

* Rename env to follow existing style

* Update PR templates (add grafana dashboards check)

* Add public network
YuryHrytsuk added a commit to ITISFoundation/osparc-ops-environments that referenced this pull request Jul 25, 2025
@YuryHrytsuk
Traefik: use wb-auth for platform user auth (#1148)
e4bd11b 
Since new service for user authentication was introduced. We shall use
it in platform user authentication middleware

* ITISFoundation/osparc-simcore#8130
* #1146

* #1145
@YuryHrytsuk YuryHrytsuk mentioned this pull request Jul 29, 2025
Closed
18 tasks
@matusdrobuliak66 matusdrobuliak66 mentioned this pull request Aug 5, 2025
Closed
88 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrnicegyu11 mrnicegyu11 mrnicegyu11 left review comments

@giancarloromeo giancarloromeo giancarloromeo approved these changes

@sanderegg sanderegg sanderegg approved these changes

@YuryHrytsuk YuryHrytsuk YuryHrytsuk approved these changes

@matusdrobuliak66 matusdrobuliak66 matusdrobuliak66 approved these changes

@GitHK GitHK Awaiting requested review from GitHK GitHK is a code owner

Assignees

@pcrespov pcrespov

Labels

🤖-automerge marks PR as ready to be merged for Mergify a:webserver webserver's codebase. Assigning the area is particularly useful for bugs

Projects

None yet

Milestone

Engage

Development

Successfully merging this pull request may close these issues.

Webserver: Have a separate service for authentication?

6 participants

@pcrespov @YuryHrytsuk @giancarloromeo @mrnicegyu11 @sanderegg @matusdrobuliak66