Make authenticator config in ORY Rule overridable (#2068)

* Make authenticator config in ory rule overridable * Improvements * Add authnenticator name clarification * Fix chart * Handle nil property in chart
kyma-incubator · Oct 13, 2021 · be43209 · be43209
1 parent ee61b98
commit be43209
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 5 deletions.
diff --git a/chart/compass/charts/gateway/templates/oathkeeper-authenticator-rules.yaml b/chart/compass/charts/gateway/templates/oathkeeper-authenticator-rules.yaml
@@ -1,5 +1,5 @@
 {{- range $authenMappingServiceName, $value := .Values.global.oathkeeper.mutators.authenticationMappingServices -}}
-{{if and (eq $value.authenticator.enabled true) (eq $value.authenticator.createRule true)}}
+{{ if and (eq $value.authenticator.enabled true) (eq $value.authenticator.createRule true) }}
 ---
 apiVersion: oathkeeper.ory.sh/v1alpha1
 kind: Rule
@@ -18,7 +18,12 @@ spec:
     handler: allow
   mutators:
   - handler: hydrator
-{{ toYaml $value.cfg| indent 4 }}
+    config:
+      api:
+        url: "http://{{ $.Values.global.director.host }}:{{ $.Values.global.director.graphql.external.port }}/authn-mapping/{{ $value.authenticator.name }}"
+        retry:
+          give_up_after: {{ default "6s" ((((($value).cfg).config).api).retry).give_up_after }}
+          max_delay: {{ default "2000ms" ((((($value).cfg).config).api).retry).max_delay }}
   - handler: hydrator
 {{ toYaml $.Values.global.oathkeeper.mutators.tenantMappingService | indent 4 }}
   - handler: id_token

diff --git a/chart/compass/values.yaml b/chart/compass/values.yaml
@@ -75,7 +75,7 @@ global:
       version: "PR-2027"
     director:
       dir:
-      version: "PR-2050"
+      version: "PR-2068"
     gateway:
       dir:
       version: "PR-2050"
@@ -325,7 +325,7 @@ global:
                   give_up_after: 6s
                   max_delay: 2000ms
           authenticator:
-            name: "tenant-fetcher"
+            name: "tenant-fetcher" # we need this property because the ory-rule name should be FQDN compliant, and we cannot rename the parent property tenantFetcher to tenant-fetcher because Helm does not support it https://helm.sh/docs/chart_best_practices/values/
             enabled: false
             createRule: true
             gatewayHost: "compass-gateway"

diff --git a/components/director/internal/tenantmapping/handler.go b/components/director/internal/tenantmapping/handler.go
@@ -136,7 +136,7 @@ func (h Handler) processRequest(ctx context.Context, reqData oathkeeper.ReqData)
 	}
 
 	if len(objCtxs) == 0 {
-		log.C(ctx).WithError(err).Errorf("An error occurred while determining the auth details for the request: %v", err)
+		log.C(ctx).Error("An error occurred while determining the auth details for the request: no object contexts were found")
 		return reqData.Body
 	}