Helm gateway option for token-integration-subject

Signed-off-by: Nikolay.Deliyski <Nikolay.Deliyski@bosch.io> (cherry picked from commit 6d1b2a2)
eclipse-ditto · Apr 8, 2024 · 4a5093a · 4a5093a
1 parent 145794c
commit 4a5093a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/deployment/helm/ditto/templates/gateway-deployment.yaml b/deployment/helm/ditto/templates/gateway-deployment.yaml
@@ -226,6 +226,8 @@ spec:
               value: "{{ .Values.gateway.config.sse.throttling.limit }}"
             - name: OAUTH_ALLOWED_CLOCK_SKEW
               value: "{{ .Values.gateway.config.authentication.oauth.allowedClockSkew }}"
+            - name: OAUTH_TOKEN_INTEGRATION_SUBJECT
+              value: "{{ .Values.gateway.config.authentication.oauth.tokenIntegrationSubject }}"
             {{- if .Values.gateway.extraEnv }}
               {{- toYaml .Values.gateway.extraEnv | nindent 12 }}
             {{- end }}

diff --git a/deployment/helm/ditto/values.yaml b/deployment/helm/ditto/values.yaml
@@ -1514,6 +1514,8 @@ gateway:
         #    authSubjects:
         #    - "{{ jwt:sub }}"
         #    - "{{ jwt:groups }}"
+        # configure the subject to inject in policy action activateTokenIntegration
+        tokenIntegrationSubject: "integration:{{policy-entry:label}}:{{jwt:aud}}"
       # devops contains the configuration of the gateway's "/devops" API, e.g. access to it
       devops:
         # secured this controls whether "/devops" and "/api/2/connections" resources are secured or not