Refactor Authentication in IRS

[jzbmw]

As PO,
I want to change the authentication of the IRS,
so that it is more efficient to integrate the service.

Hints / Details

• child of Resiliency Measurements sig-release#218
• Add information to connect to own idp service within the deployment context
• Change from client_id client_secret to api key authentication
• think about the two users within the IRS (user, admin)
• https://miro.com/app/board/uXjVOGBahIA=/?moveToWidget=3458764569152538759&cot=14
• OAuth2 option is explained where to change code of the application. Keep as much usable Code for OAuth2 as possible.
• If anyone wants to use OAuth2 then they will have to adapt that in the code base for their deployment. It is not being shipped in an IRS chart

Outcome / Acceptance Criteria

Outcome

• Documentation has been changed -> https://catenax-ng.github.io/tx-item-relationship-service/docs/arc42/full.html#_safety_and_security_concepts
• hint was added what is necessary to do if IRS runs in a standalone company context!
• Check and refactor documentation if roles and rights reflect the current situation

Acceptance Criteria

• Auth process has been changed to API_Keys (Different API Keys for different roles)
• IRS has APIKeys enabled per default
• IRS OAuth2 Authentication is not able to be used via configuration
• IRS OAuth2 linked to a tag where OAuth2 is integrated into the documentation.
• Documentation is updated accordingly
• two roles, two token

Out of Scope

• ...

[jzbmw]

Blocked by Meeting, of which we need input on how to change this.

[jzbmw]

As described in the Acceptance Criteria

[ds-jhartmann]

Planning 2

• Remove OAuth authentication from the IRS Controllers (IRS, ESS, Policy Store) and configuration regarding this
• IRS authentication uses API Keys. 1 Key with view_irs access, 1 Key with admin_irs access
• Keys can be configured via application and helm configuration (stored in vault for DEV and INT environments)
• Remove OAuth based documentation and replace with documentation about new API Keys
• Add link of current tag to documentation for a reference implementation of OAuth2 (link to eclipse-tractusx repo)
• Update Insomnia collection to API Key based authentication
• Update Cucumber and Tavern test authentication to API Key
• Update ESS Demo script authentication

[ds-alexander-bulgakov]

Update after several tryouts and retests: Change to API-Keys is working fine on IRS after the correct secrets were set in #397, all requests can be sent out and either tavern- and cucumber-tests can be run as expected.
Currently ESS-INT has authentication issues, this is investigated by @ds-ext-kmassalski. Test ongoing.

Update: After the helm-version on ESS-INT (PR #720) and authentication for tavern-tests (PR #721) has been adjusted also the ESS-INT tests should run successfully. Test ongoing.

[ds-alexander-bulgakov]

Update: After the INT_ADMIN_USER secrets were updated with correct values in #397 all tests could be run as without authentication errors.
Documentation has been updated. Ticket is ready for PO-review, FYI @jzbmw.