We would like to deploy STAC Auth Proxy in front of the eoAPI-provided STAC API to enable the DLR Terrabyte platform to host user-private collections.
The policies linking users to resource filters should be stored in OPA, which generates the CQL2 expressions for STAC Auth Proxy to apply. https://developmentseed.org/stac-auth-proxy/user-guide/record-level-auth/#opa-filter
Target use case:
- Calling
/collections as an anonymous user, I get all public collections
- Calling
/collections as an authenticated user (i.e. with a bearer token), I get all public collections plus those associated with my workspace
Questions to answer:
- Is all necessary functionality and configurability in place in STAC Auth Proxy to fulfil this use case?
- What are the steps for a deployment in the EOEPCA develop cluster?
We would like to deploy STAC Auth Proxy in front of the eoAPI-provided STAC API to enable the DLR Terrabyte platform to host user-private collections.
The policies linking users to resource filters should be stored in OPA, which generates the CQL2 expressions for STAC Auth Proxy to apply. https://developmentseed.org/stac-auth-proxy/user-guide/record-level-auth/#opa-filter
Target use case:
/collectionsas an anonymous user, I get all public collections/collectionsas an authenticated user (i.e. with a bearer token), I get all public collections plus those associated with my workspaceQuestions to answer: