🐛 fixes directorv2: Use wb-auth as forwardauth for dynamic services (ITISFoundation#8139)

Author: pcrespov

services/director-v2/src/simcore_service_director_v2/core/dynamic_services_settings/__init__.py

@@ -13,7 +13,9 @@ class DynamicServicesSettings(BaseCustomSettings):
         default=True, description="Enables/Disables the dynamic_sidecar submodule"
     )
 
-    DYNAMIC_SIDECAR: DynamicSidecarSettings = Field(json_schema_extra={"auto_default_from_env": True})
+    DYNAMIC_SIDECAR: DynamicSidecarSettings = Field(
+        json_schema_extra={"auto_default_from_env": True}
+    )
 
     DYNAMIC_SCHEDULER: DynamicServicesSchedulerSettings = Field(
         json_schema_extra={"auto_default_from_env": True}
@@ -31,4 +33,6 @@ class DynamicServicesSettings(BaseCustomSettings):
         json_schema_extra={"auto_default_from_env": True}
     )
 
-    WEBSERVER_SETTINGS: WebServerSettings = Field(json_schema_extra={"auto_default_from_env": True})
+    WEBSERVER_AUTH_SETTINGS: WebServerSettings = Field(
+        json_schema_extra={"auto_default_from_env": True}
+    )

services/director-v2/src/simcore_service_director_v2/modules/dynamic_sidecar/docker_service_specs/proxy.py

@@ -48,8 +48,8 @@ def get_dynamic_proxy_spec(
     dynamic_services_scheduler_settings: DynamicServicesSchedulerSettings = (
         dynamic_services_settings.DYNAMIC_SCHEDULER
     )
-    webserver_settings: webserver.WebServerSettings = (
-        dynamic_services_settings.WEBSERVER_SETTINGS
+    wb_auth_settings: webserver.WebServerSettings = (
+        dynamic_services_settings.WEBSERVER_AUTH_SETTINGS
     )
 
     mounts = [
@@ -99,7 +99,7 @@ def get_dynamic_proxy_spec(
             f"traefik.http.middlewares.{scheduler_data.proxy_service_name}-security-headers.headers.accesscontrolmaxage": "100",
             f"traefik.http.middlewares.{scheduler_data.proxy_service_name}-security-headers.headers.addvaryheader": "true",
             # auth
-            f"traefik.http.middlewares.{scheduler_data.proxy_service_name}-auth.forwardauth.address": f"{webserver_settings.api_base_url}/auth:check",
+            f"traefik.http.middlewares.{scheduler_data.proxy_service_name}-auth.forwardauth.address": f"{wb_auth_settings.api_base_url}/auth:check",
             f"traefik.http.middlewares.{scheduler_data.proxy_service_name}-auth.forwardauth.trustForwardHeader": "true",
             f"traefik.http.middlewares.{scheduler_data.proxy_service_name}-auth.forwardauth.authResponseHeaders": f"Set-Cookie,{DEFAULT_SESSION_COOKIE_NAME}",
             # routing

services/docker-compose.yml

@@ -390,8 +390,10 @@ services:
       TRACING_OPENTELEMETRY_COLLECTOR_ENDPOINT: ${TRACING_OPENTELEMETRY_COLLECTOR_ENDPOINT}
       TRACING_OPENTELEMETRY_COLLECTOR_PORT: ${TRACING_OPENTELEMETRY_COLLECTOR_PORT}
 
-      WEBSERVER_HOST: ${WEBSERVER_HOST}
-      WEBSERVER_PORT: ${WEBSERVER_PORT}
+      # WEBSERVER_AUTH_SETTINGS
+      WEBSERVER_HOST: ${WB_AUTH_WEBSERVER_HOST}
+      WEBSERVER_PORT: ${WB_AUTH_WEBSERVER_PORT}
+
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
     deploy:

services/web/server/tests/unit/with_dbs/03/test_login_auth_app.py

@@ -159,7 +159,11 @@ def test_docker_compose_dev_vendors_forwardauth_configuration(
     services_docker_compose_dev_vendors_file: Path,
     env_devel_dict: EnvVarsDict,
 ):
-    """Test that manual service forwardauth.address points to correct WB_AUTH_WEBSERVER_HOST and port."""
+    """Test that manual service forwardauth.address points to correct WB_AUTH_WEBSERVER_HOST and port.
+
+    NOTE: traefik's `forwardauth` labels are also used in
+        `services/director-v2/src/simcore_service_director_v2/modules/dynamic_sidecar/docker_service_specs/proxy.py`
+    """
 
     # Load docker-compose file
     compose_config = yaml.safe_load(