Shared Services common auth deployed (CS)

[galenatjpl]

Ensure that there is a common authorization mechanism in place on the shared services account, that authorizes access to shared services resources (for example Data Catalog or Algorithm Catalog). Note, this is a different authorizer than the venue account. This is a lambda authorizer that's integrated with the shared services Unity-Prod account's API Gateway.

[galenatjpl]

@ramesh-maddegoda I know that you are already able to deploy and integrate the lambda authorizer. What I think is left to do, is to make sure the proper roles are injected into the lambda via the CSV env variable thing you implemented a while back. Also work with the leads to determine if any special roles/groups are needed to control access to the shared services resources.

To close this ticket off, we will need a test procedure that tells how to log in and access a shared service resource, and demonstrates the use of the authorizer.

[ramesh-maddegoda]

Steps to test the Shared Services Common Authorizer and test results

1) Create 2 API Gateway resources as follows:

• /demo-data - for unsecured resource
• /demo-data-secured - for secured resource

2) Integrate both resources with the example demo data URL: https://api.nasa.gov/neo/rest/v1/neo/browse?api_key=DEMO_KEY

3) Secure /demo-data-secured by enabling Unity_CS_Common_Authorizer in the Method Request.

4) Deploy the API Gateway

5) Access the /demo-data resource without a valid access token (this should show results)

6) Access the - /demo-data-secured resource without a valid access token (this should show “Unauthorized” response).

7) Get a valid access toke using one of the methods documented at https://github.com/unity-sds/unity-cs/wiki/Getting-Cognito-JWT-Tokens-in-Command-Line

8) Access the - /demo-data-secured resource with a valid access token (this should show results).

[ramesh-maddegoda]

Added new user groups for EMIT and SGB projects.