In: https://github.com/wandb/core/pull/25229 we added a new endpoint, to be used internally to pass around sensitive information. This endpoint relies on authentication through JWTs, to allow other services in wandb to fetch customer secret values.
This PR:
Creates a new oidc reviewer cluster role binding that allows unauthenticated access to get the oidc configuration
Adds an environment variable GORILLA_INTERNAL_JWT_SUBJECTS_TO_ISSUERS to the app chart for gorilla to set up the issuer and subject relation.
This unlocks the weave playground which relies on fetching user secrets into the weave-trace service to make requests to llm services.
In: https://github.com/wandb/core/pull/25229 we added a new endpoint, to be used internally to pass around sensitive information. This endpoint relies on authentication through JWTs, to allow other services in wandb to fetch customer secret values.
This PR:
GORILLA_INTERNAL_JWT_SUBJECTS_TO_ISSUERSto the app chart for gorilla to set up the issuer and subject relation.This unlocks the weave playground which relies on fetching user secrets into the weave-trace service to make requests to llm services.
note: their is a PR in core (https://github.com/wandb/core/pull/25352) to make use of the environment variable structure used here.