Numaplane asset changes for API Gateway AuthZ to GitHub Proxy

[afugazzotto]

Summary

Currently, the GitHub Proxy relies on a sandboxed service (https://devportal.intuit.com/app/dp/resource/1876892738027973285) for API Gateway or Mesh authorization. We need to use and configure this asset instead https://devportal.intuit.com/app/dp/resource/5263599657741369597/overview.
Then, we need to update the numa-manifest-generator with the new IDPS policyID and other needed config changes.

Changes will include

• service preprod and prod deployment
• creation of a new offline job (one per env)
• IDPS secrets setup on all envs for appID, appSecret, and jobID with Access Control for arn:aws:iam::926113353675:role/numaplane
• downstream services onboarding: API Gateway, AuthZ Decision Service, Identity API Private, numaproxy

---

Message from the maintainers:

If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.

[afugazzotto]

This may no longer be needed if we do not use API Gateway and since we will use https://devportal.intuit.com/app/dp/resource/5263599657741369597/overview for the asset alias needed for the Mesh setup by the Mesh team as per discussion with Anil. @juliev0 can you confirm that this is the correct asset we will use and we do not need to create a new one?

[juliev0]

https://devportal.intuit.com/app/dp/resource/5263599657741369597/overview

So, if the question is whether I think we can continue to use our Numaplane Asset in our Controller's annotations:

annotations:
        sidecar.istio.io/inject: "true"
        policyId: "{{.MeshPolicyID}}"
        alpha.istio.io/identity: "Intuit.oss.analytics.numaplane"

then I am not aware of a reason why we can't.

Please note that this same Asset is referenced in our Namespace itself.