fix(gateway): gate unsafe auth deployment modes#1871
Conversation
BlockedGator is blocked because GitHub reports this PR has merge conflicts with Head SHA: Next action: @alangou needs to rebase or merge |
|
@alangou bumping this for a rebase so we can re-check |
bf0663e to
580e58b
Compare
PR Review StatusValidation: This PR is project-valid for OpenShell because it tightens gateway authentication posture for shared deployments, updates the Helm and server configuration surfaces, adds matching tests, and updates the affected documentation. Review findings:
Docs: Updated in the affected Kubernetes, reference, security, Helm, and architecture docs; no new Fern navigation entry appears necessary. Next state: |
Require explicit opt-in for OIDC authentication-only mode on shared gateway deployments and fail closed when gRPC user requests have no auth path. Align Helm validation, tests, and docs so weak auth modes are intentional and visible. Signed-off-by: Adrien Langou <alangou@nvidia.com>
580e58b to
9656e9e
Compare
PR Review StatusValidation: This PR is project-valid for OpenShell because it tightens gateway authentication posture for shared deployments, updates the Helm and server configuration surfaces, adds matching tests, and updates the affected documentation. Review findings:
Docs: Updated in the affected Kubernetes, reference, security, Helm, and architecture docs; no new Fern navigation entry appears necessary. Next state: |
Summary
Gate unsafe gateway authentication postures for shared deployments. OIDC authentication-only mode now requires an explicit opt-in, and gRPC user requests without an auth path fail closed instead of passing through.
Related Issue
Closes OS-186
Changes
allow_oidc_auth_onlyconfig and Helm value for OIDC authentication-only mode.UNAUTHENTICATED.Testing
mise run pre-commitpassesAdditional validation run:
CARGO_TARGET_DIR="/home/op/OpenShell/target" mise run testCARGO_TARGET_DIR="/home/op/OpenShell/target" mise exec -- cargo test -p openshell-servermise run helm:testmise run helm:lintmise run helm:docs:checkgit diff --checkNote:
mise run pre-commitcould not be confirmed because the shell executor stopped returning statuses.Checklist