OAuth login for Atlantis UI

[chenrui333]

Similar to #49, but I would be great to generalize the OAuth authentication support. Right now we are extensively using Google Login authentication for our tools like, Jenkins, Airflow

[lkysow]

Hey, can you add more information as to why this is a different request from #49?

[chenrui333]

Hi @lkysow, it is different request in terms of security implementation details. I think github is just one of the OAuth provider. 😄

Let me know if this makes sense.

[jolexa]

My two cents, the implementation of Oauth should not be Atlantis' concern. We already use Google Oauth in front of Atlantis UI via a sidecar-like process and I encourage that approach for everyone because there are several oauth providers, as you mentioned.

[chenrui333]

That sounds about right. Is there any reference that you can share for the setup?

[chenrui333]

I was recently looking at nginx-ingress plus oauth2-proxy, but could not get it working well.

[jolexa]

That sounds about right. Is there any reference that you can share for the setup?

Sorry, we don't have anything to share because our implementation is very organization specific. There are a few approaches, we have success using this right now https://github.com/cloudflare/nginx-google-oauth

[chenrui333]

Cool, thanks for sharing. I will re-think if we can try the sidecar container route.

[chenrui333]

When you do the deployment, how are you managing the session (Google OAuth) cookie between the Atlantis containers or just one Atlantis container deployment in your system?

[Jaff]

@jolexa @chenrui333 Were these issues resolved? We are in the same situation, needing to determine who is the user presenting the comments in order to channel workflow for proper permissions.

[michyliao]

@chenrui333 Were you able to set up atlantis using google oauth? I am trying to set up IAP with atlantis but am running into issues with github's webhook.

[ted-fastly]

For human traffic, we use zerotrust. Atlantis is only privately exposed except through Duo.