Merge pull request #1912 from bosch-io/improvement/helm-token-integration-subject

Helm gateway option for token-integration-subject

Author: alstanchev

deployment/helm/ditto/Chart.yaml

@@ -16,7 +16,7 @@ description: |
   A digital twin is a virtual, cloud based, representation of his real world counterpart
   (real world “Things”, e.g. devices like sensors, smart heating, connected cars, smart grids, EV charging stations etc).
 type: application
-version: 3.5.3  # chart version is effectively set by release-job
+version: 3.5.4  # chart version is effectively set by release-job
 appVersion: 3.5.3
 keywords:
   - iot-chart

deployment/helm/ditto/templates/gateway-deployment.yaml

@@ -226,6 +226,8 @@ spec:
               value: "{{ .Values.gateway.config.sse.throttling.limit }}"
             - name: OAUTH_ALLOWED_CLOCK_SKEW
               value: "{{ .Values.gateway.config.authentication.oauth.allowedClockSkew }}"
+            - name: OAUTH_TOKEN_INTEGRATION_SUBJECT
+              value: "{{ .Values.gateway.config.authentication.oauth.tokenIntegrationSubject }}"
             {{- if .Values.gateway.extraEnv }}
               {{- toYaml .Values.gateway.extraEnv | nindent 12 }}
             {{- end }}

deployment/helm/ditto/values.yaml

@@ -1514,6 +1514,8 @@ gateway:
         #    authSubjects:
         #    - "{{ jwt:sub }}"
         #    - "{{ jwt:groups }}"
+        # configure the subject to inject in policy action activateTokenIntegration
+        tokenIntegrationSubject: "integration:{{policy-entry:label}}:{{jwt:aud}}"
       # devops contains the configuration of the gateway's "/devops" API, e.g. access to it
       devops:
         # secured this controls whether "/devops" and "/api/2/connections" resources are secured or not