introduce integration test for authorization code grant flow

[Shikugawa]

Signed-off-by: Shikugawa Shikugawa@gmail.com

[istio-testing]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Shikugawa

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/istio-ecosystem/authservice/blob/master/OWNERS)~~ [Shikugawa] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[incfly]

Thanks! I have a quick comment: people working or need to try out this project are mostly from Istio/k8s background. So they are familiar with k8s, and we use k8s cluster in bookinfo example as well.

Could we use kind cluster as testing environment? So that devs above don't have to learn another tool (docker compose) to debug e2e test failure in future.

Moreover, let's say later we want to include helm release package, we want to use the same config in our e2e tests to guard our release. These configs will be k8s config.

I hope the change won't be that large. We will need to install YAMLs, install kubectl kind in the ubuntu vm instances. to access the port, we can either do port-forwarding in python test or figure out the locally accessible ingress ip from kind cluster somehow.

[Shikugawa]

@ZackButcher @incfly I found that GITHUB_TOKEN has only permission to read ghcr.io on the organization level. Thus we can't run to push built images to the registry on gha. But I don't belong to this organization. (only having repository level admin permission) Therefore, I ask the members in this organization to change the GITHUB_TOKEN default permission to allow both write and read.

[incfly]

I checked some doc and our settings, seem only authservice repo itself need to have the read/write permission, which is already the case?

https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio

https://github.com/orgs/istio-ecosystem/packages/container/authservice%2Fauthservice/settings

[Shikugawa]

@incfly It seems that permission is not enough. (All permissions are readonly)

We should configure it on the organization level. (This screenshot have taken from my organization which I have admin permission.)

[nacx]

This is already covered in the latest versions of authservice