address review comments

canonical · Oct 13, 2023 · 944a4b7 · 944a4b7
1 parent 0c019be
commit 944a4b7
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 28 deletions.
diff --git a/docs/json_schemas/auth_proxy/v0/requirer.json b/docs/json_schemas/auth_proxy/v0/requirer.json
@@ -19,22 +19,6 @@
       "type": "object",
       "properties": {}
     },
-    "Url": {
-      "title": "Url",
-      "type": "object",
-      "properties": {
-        "url": {
-          "title": "Url",
-          "minLength": 1,
-          "maxLength": 65536,
-          "format": "uri",
-          "type": "string"
-        }
-      },
-      "required": [
-        "url"
-      ]
-    },
     "AuthProxyRequirer": {
       "title": "AuthProxyRequirer",
       "type": "object",
@@ -44,7 +28,10 @@
           "description": "List of urls to be protected by Identity and Access Proxy.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/Url"
+            "type": "string",
+            "minLength": 1,
+            "maxLength": 65536,
+            "format": "uri"
           }
         },
         "allowed_endpoints": {

diff --git a/interfaces/auth_proxy/v0/README.md b/interfaces/auth_proxy/v0/README.md
@@ -30,7 +30,7 @@ Both the requirer and the provider need to adhere to a certain set of criteria t
 
 ### Requirer
 
-- Is expected to provide configuration required to set up access rules: protected urls, allowed endpoints and headers.
+- Is expected to provide configuration required to set up access rules: protected urls (externally accessible ingress urls), allowed endpoints and headers.
 
 ## Relation Data
 

diff --git a/interfaces/auth_proxy/v0/schema.py b/interfaces/auth_proxy/v0/schema.py
@@ -25,12 +25,8 @@
 from interface_tester.schema_base import DataBagSchema
 
 
-class Url(BaseModel):
-    url: AnyHttpUrl
-
-
 class AuthProxyRequirer(BaseModel):
-    protected_urls: List[Url] = Field(
+    protected_urls: List[AnyHttpUrl] = Field(
         description="List of urls to be protected by Identity and Access Proxy."
     )
     allowed_endpoints: Optional[List[str]] = Field(

diff --git a/interfaces/forward_auth/v0/README.md b/interfaces/forward_auth/v0/README.md
@@ -28,15 +28,11 @@ Both the requirer and the provider need to adhere to a certain set of criteria t
 - Is expected to provide a Policy Decision Point in IAP architecture
 - Must be able to authorize incoming HTTP requests.
 
-In the current architecture, [oathkeeper-operator](https://github.com/canonical/oathkeeper-operator) is the only known provider.
-
 ### Requirer
 
 - Is expected to be able to delegate authentication to an external service, e.g. with the use of Traefik ForwardAuth middleware
 - Is expected to transform incoming `forward_auth` data into relevant configuration (e.g. traefik routes).
 
-In the current architecture, [traefik-k8s-operator](https://github.com/canonical/traefik-k8s-operator) is the only requirer, however nginx can be considered as its equivalent for machine charms.
-
 ## Relation Data
 
 ### Provider
@@ -48,7 +44,7 @@ In the current architecture, [traefik-k8s-operator](https://github.com/canonical
 ```json
 {
   "application_data": {
-    "decisions_address": "http://oathkeeper-0.oathkeeper-endpoints.namespace.svc.cluster.local:4456/decisions",
+    "decisions_address": "https://oathkeeper-0.oathkeeper-endpoints.namespace.svc.cluster.local:4456/decisions",
     "app_names": ["some-charm", "some-other-charm"],
     "headers": ["X-User", "X-Some-Header"]
   }