54ae364def
This PR introduces two new features - AWS STS compatible STS API named AssumeRoleWithClientGrants ``` POST /?Action=AssumeRoleWithClientGrants&Token=<jwt> ``` This API endpoint returns temporary access credentials, access tokens signature types supported by this API - RSA keys - ECDSA keys Fetches the required public key from the JWKS endpoints, provides them as rsa or ecdsa public keys. - External policy engine support, in this case OPA policy engine - Credentials are stored on disks
18 lines
354 B
YAML
18 lines
354 B
YAML
version: '2'
|
|
services:
|
|
opa:
|
|
image: openpolicyagent/opa:0.9.1
|
|
ports:
|
|
- 8181:8181
|
|
command:
|
|
- "run"
|
|
- "--server"
|
|
- "--log-level=debug"
|
|
api_server:
|
|
image: openpolicyagent/demo-restful-api:0.2
|
|
ports:
|
|
- 5000:5000
|
|
environment:
|
|
- OPA_ADDR=http://opa:8181
|
|
- POLICY_PATH=/v1/data/httpapi/authz
|