Open galenatjpl opened 7 months ago
@ramesh-maddegoda I know that you are already able to deploy and integrate the lambda authorizer. What I think is left to do, is to make sure the proper roles are injected into the lambda via the CSV env variable thing you implemented a while back. Also work with the leads to determine if any special roles/groups are needed to control access to the shared services resources.
To close this ticket off, we will need a test procedure that tells how to log in and access a shared service resource, and demonstrates the use of the authorizer.
1) Create 2 API Gateway resources as follows:
2) Integrate both resources with the example demo data URL: https://api.nasa.gov/neo/rest/v1/neo/browse?api_key=DEMO_KEY
3) Secure /demo-data-secured by enabling Unity_CS_Common_Authorizer in the Method Request.
4) Deploy the API Gateway
5) Access the /demo-data resource without a valid access token (this should show results)
6) Access the - /demo-data-secured resource without a valid access token (this should show “Unauthorized” response).
7) Get a valid access toke using one of the methods documented at https://github.com/unity-sds/unity-cs/wiki/Getting-Cognito-JWT-Tokens-in-Command-Line
8) Access the - /demo-data-secured resource with a valid access token (this should show results).
Added new user groups for EMIT and SGB projects.
Ensure that there is a common authorization mechanism in place on the shared services account, that authorizes access to shared services resources (for example Data Catalog or Algorithm Catalog). Note, this is a different authorizer than the venue account. This is a lambda authorizer that's integrated with the shared services
Unity-Prod
account's API Gateway.