feat: Add helm chart auth options.

[pantierra]

This PR adds the following authorization options to the helm chart:

stac-auth-proxy:
  enabled: true

  authorization:
  
    route:
      # mode: "default" (default, DEFAULT_PUBLIC), "custom", "private", "disabled"
      mode: "default"
     
      # Custom endpoint configurations (only used when mode: "custom")
      publicEndpoints: {}
        # Example:
        # "^/collections$": ["GET"]
        # "^/search$": ["GET", "POST"]
      privateEndpoints: {}
        # Example:
        # "^/collections$": [["POST", "collection:create"]]
        # "^/collections/([^/]+)/items$": [["POST", "item:create"]]
    
    record:
      # mode: "disabled" (default), "custom", "opa"
      mode: "disabled"
    
      # Custom filters configurations (only used when mode: "custom")
      custom:
        filtersFile: "data/custom_filters.py"
        
      # OPA configuration (only used when mode: "opa")
      opa:
        url: "http://opa:8181/"
        policy: "stac/items/allow"

Manual configuration via environment variables and manual mount of filter files is still possible.

Moved kubernetes documentation into it's own file and added documentation for the auth options provided by the helm charts with this PR.

The PR requires #114 and #117.

I open this as a draft, as I expect us to have a few iterations and conversations about this.

[alukach]

Should we push this into the docs directory to publish at developmentseed.org/stac-auth-proxy?

[pantierra]

This might be a bit out of context. We could move it into the docs but frame it as helm/kubernetes setup and include this.

[alukach]

Aside from the repo, is there anywhere else that this information would be surfaced?

I'd ideally like for people to be able to think about this tool as a packaged product rather than just a codebase, hence my view that docs should be available outside of the repo

[alukach]

Aside from the repo, is there anywhere else that this information would be surfaced?

I'd ideally like for people to be able to think about this tool as a packaged product rather than just a codebase, hence my view that docs should be available outside of the repo

[pantierra]

Happy to move it to the docs. Perhaps good to bring in #117 first? After that I can combine README and AUTHORIZATION into one file in the docs.

[pantierra]

I wasn't aware of the deployment.md, now that I found it, #117 is not a prerequisite anymore.

• Moved the kubernetes information from docs/user-guides/deployment.md to docs/user-guides/kubernetes.md
• Moved the content of AUTHORIZATION.md into the docs folder's kubernetes.md

[alukach]

Will this (and the privateEndpoints) override the defaults established within the stac auth proxy's configuration?

[pantierra]

These would just set an env variable with the contents specified here. So, to my understanding, yes, if these are set, they will override them.

[pantierra]

Clarified a bit better in the comments.

[alukach]

Okay, let's give this a go. I am still a bit skeptical that this detailed config is superior to just raw environment variables but am going to assume that it's a K8s thing and go with that