arangodb
diff --git a/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/cli/arangodb_operator_integration.md
Lines changed: 19 additions & 19 deletions b/‎docs/cli/arangodb_operator_integration.md
Lines changed: 19 additions & 19 deletions
diff --git a/‎integrations/authentication/v1/auth.go
Lines changed: 30 additions & 0 deletions b/‎integrations/authentication/v1/auth.go
Lines changed: 30 additions & 0 deletions
diff --git a/‎integrations/authentication/v1/cache.go
Lines changed: 40 additions & 89 deletions b/‎integrations/authentication/v1/cache.go
Lines changed: 40 additions & 89 deletions
diff --git a/‎integrations/authentication/v1/configuration.go
Lines changed: 9 additions & 1 deletion b/‎integrations/authentication/v1/configuration.go
Lines changed: 9 additions & 1 deletion
@@ -13,6 +13,7 @@
 - (Feature) (Platform) Auth User Creation
 - (Maintenance) Add Common Api Import
 - (Feature) Previous Pod Logs in DebugPackage
+- (Feature) (Platform) Login & Logout Endpoints
 
 ## [1.2.48](https://github.com/arangodb/kube-arangodb/tree/1.2.48) (2025-05-08)
 - (Maintenance) Extend Documentation
 
@@ -18,6 +18,9 @@ Available Commands:
   help        Help about any command
 
 Flags:
+      --database.endpoint string                                    Endpoint of ArangoDB (Env: DATABASE_ENDPOINT) (default "localhost")
+      --database.port int                                           Port of ArangoDB (Env: DATABASE_PORT) (default 8529)
+      --database.proto string                                       Proto of the ArangoDB endpoint (Env: DATABASE_PROTO) (default "http")
       --health.address string                                       Address to expose health service (Env: HEALTH_ADDRESS) (default "0.0.0.0:9091")
       --health.auth.token string                                    Token for health service (when auth service is token) (Env: HEALTH_AUTH_TOKEN)
       --health.auth.type string                                     Auth type for health service (Env: HEALTH_AUTH_TYPE) (default "None")
@@ -26,8 +29,8 @@ Flags:
   -h, --help                                                        help for arangodb_operator_integration
       --integration.authentication.v1                               Enable AuthenticationV1 Integration Service (Env: INTEGRATION_AUTHENTICATION_V1)
       --integration.authentication.v1.enabled                       Defines if Authentication is enabled (Env: INTEGRATION_AUTHENTICATION_V1_ENABLED) (default true)
-      --integration.authentication.v1.external                      Defones if External access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_EXTERNAL)
-      --integration.authentication.v1.internal                      Defones if Internal access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_INTERNAL) (default true)
+      --integration.authentication.v1.external                      Defines if External access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_EXTERNAL)
+      --integration.authentication.v1.internal                      Defines if Internal access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_INTERNAL) (default true)
       --integration.authentication.v1.path string                   Path to the JWT Folder (Env: INTEGRATION_AUTHENTICATION_V1_PATH)
       --integration.authentication.v1.token.allowed strings         Allowed users for the Token (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_ALLOWED)
       --integration.authentication.v1.token.max-size uint16         Max Token max size in bytes (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_MAX_SIZE) (default 64)
@@ -37,38 +40,35 @@ Flags:
       --integration.authentication.v1.token.user string             Default user of the Token (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_USER) (default "root")
       --integration.authentication.v1.ttl duration                  TTL of the JWT cache (Env: INTEGRATION_AUTHENTICATION_V1_TTL) (default 15s)
       --integration.authorization.v0                                Enable AuthorizationV0 Integration Service (Env: INTEGRATION_AUTHORIZATION_V0)
-      --integration.authorization.v0.external                       Defones if External access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_EXTERNAL)
-      --integration.authorization.v0.internal                       Defones if Internal access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_INTERNAL) (default true)
+      --integration.authorization.v0.external                       Defines if External access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_EXTERNAL)
+      --integration.authorization.v0.internal                       Defines if Internal access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_INTERNAL) (default true)
       --integration.config.v1                                       Enable ConfigV1 Integration Service (Env: INTEGRATION_CONFIG_V1)
-      --integration.config.v1.external                              Defones if External access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_EXTERNAL)
-      --integration.config.v1.internal                              Defones if Internal access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_INTERNAL) (default true)
+      --integration.config.v1.external                              Defines if External access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_EXTERNAL)
+      --integration.config.v1.internal                              Defines if Internal access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_INTERNAL) (default true)
       --integration.config.v1.module strings                        Module in the reference <name>=<abs path> (Env: INTEGRATION_CONFIG_V1_MODULE)
       --integration.envoy.auth.v3                                   Enable EnvoyAuthV3 Integration Service (Env: INTEGRATION_ENVOY_AUTH_V3)
-      --integration.envoy.auth.v3.database.endpoint string          Endpoint of ArangoDB (Env: INTEGRATION_ENVOY_AUTH_V3_DATABASE_ENDPOINT)
-      --integration.envoy.auth.v3.database.port int                 Port of ArangoDB (Env: INTEGRATION_ENVOY_AUTH_V3_DATABASE_PORT) (default 8529)
-      --integration.envoy.auth.v3.database.proto string             Proto of the ArangoDB endpoint (Env: INTEGRATION_ENVOY_AUTH_V3_DATABASE_PROTO) (default "http")
       --integration.envoy.auth.v3.extensions.cookie.jwt             Defines if Cookie JWT extension is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTENSIONS_COOKIE_JWT) (default true)
       --integration.envoy.auth.v3.extensions.jwt                    Defines if JWT extension is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTENSIONS_JWT) (default true)
       --integration.envoy.auth.v3.extensions.users.create           Defines if UserCreation extension is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTENSIONS_USERS_CREATE)
-      --integration.envoy.auth.v3.external                          Defones if External access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTERNAL)
-      --integration.envoy.auth.v3.internal                          Defones if Internal access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_INTERNAL) (default true)
+      --integration.envoy.auth.v3.external                          Defines if External access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTERNAL)
+      --integration.envoy.auth.v3.internal                          Defines if Internal access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_INTERNAL) (default true)
       --integration.scheduler.v1                                    SchedulerV1 Integration (Env: INTEGRATION_SCHEDULER_V1)
-      --integration.scheduler.v1.external                           Defones if External access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_EXTERNAL)
-      --integration.scheduler.v1.internal                           Defones if Internal access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_INTERNAL) (default true)
+      --integration.scheduler.v1.external                           Defines if External access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_EXTERNAL)
+      --integration.scheduler.v1.internal                           Defines if Internal access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_INTERNAL) (default true)
       --integration.scheduler.v1.namespace string                   Kubernetes Namespace (Env: INTEGRATION_SCHEDULER_V1_NAMESPACE) (default "default")
       --integration.scheduler.v1.verify-access                      Verify the CRD Access (Env: INTEGRATION_SCHEDULER_V1_VERIFY_ACCESS) (default true)
       --integration.scheduler.v2                                    SchedulerV2 Integration (Env: INTEGRATION_SCHEDULER_V2)
       --integration.scheduler.v2.deployment string                  ArangoDeployment Name (Env: INTEGRATION_SCHEDULER_V2_DEPLOYMENT)
       --integration.scheduler.v2.driver string                      Helm Driver (Env: INTEGRATION_SCHEDULER_V2_DRIVER) (default "secret")
-      --integration.scheduler.v2.external                           Defones if External access to service scheduler.v2 is enabled (Env: INTEGRATION_SCHEDULER_V2_EXTERNAL)
-      --integration.scheduler.v2.internal                           Defones if Internal access to service scheduler.v2 is enabled (Env: INTEGRATION_SCHEDULER_V2_INTERNAL) (default true)
+      --integration.scheduler.v2.external                           Defines if External access to service scheduler.v2 is enabled (Env: INTEGRATION_SCHEDULER_V2_EXTERNAL)
+      --integration.scheduler.v2.internal                           Defines if Internal access to service scheduler.v2 is enabled (Env: INTEGRATION_SCHEDULER_V2_INTERNAL) (default true)
       --integration.scheduler.v2.namespace string                   Kubernetes Namespace (Env: INTEGRATION_SCHEDULER_V2_NAMESPACE) (default "default")
       --integration.shutdown.v1                                     ShutdownV1 Handler (Env: INTEGRATION_SHUTDOWN_V1)
-      --integration.shutdown.v1.external                            Defones if External access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_EXTERNAL)
-      --integration.shutdown.v1.internal                            Defones if Internal access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_INTERNAL) (default true)
+      --integration.shutdown.v1.external                            Defines if External access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_EXTERNAL)
+      --integration.shutdown.v1.internal                            Defines if Internal access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_INTERNAL) (default true)
       --integration.storage.v2                                      StorageBucket V2 Integration (Env: INTEGRATION_STORAGE_V2)
-      --integration.storage.v2.external                             Defones if External access to service storage.v2 is enabled (Env: INTEGRATION_STORAGE_V2_EXTERNAL)
-      --integration.storage.v2.internal                             Defones if Internal access to service storage.v2 is enabled (Env: INTEGRATION_STORAGE_V2_INTERNAL) (default true)
+      --integration.storage.v2.external                             Defines if External access to service storage.v2 is enabled (Env: INTEGRATION_STORAGE_V2_EXTERNAL)
+      --integration.storage.v2.internal                             Defines if Internal access to service storage.v2 is enabled (Env: INTEGRATION_STORAGE_V2_INTERNAL) (default true)
       --integration.storage.v2.s3.allow-insecure                    If set to true, the Endpoint certificates won't be checked (Env: INTEGRATION_STORAGE_V2_S3_ALLOW_INSECURE)
       --integration.storage.v2.s3.bucket.name string                Bucket name (Env: INTEGRATION_STORAGE_V2_S3_BUCKET_NAME)
       --integration.storage.v2.s3.bucket.prefix string              Bucket Prefix (Env: INTEGRATION_STORAGE_V2_S3_BUCKET_PREFIX)
 
@@ -0,0 +1,30 @@
+//
+// DISCLAIMER
+//
+// Copyright 2025 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1
+
+type authRequest struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type authResponse struct {
+	Token string `json:"jwt"`
+}
@@ -1,7 +1,7 @@
 //
 // DISCLAIMER
 //
-// Copyright 2024 ArangoDB GmbH, Cologne, Germany
+// Copyright 2024-2025 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -21,124 +21,75 @@
 package v1
 
 import (
+	"context"
 	"io"
 	"os"
 	"path"
 	"sort"
 	"time"
 
 	"github.com/arangodb/kube-arangodb/pkg/util"
-	"github.com/arangodb/kube-arangodb/pkg/util/errors"
 )
 
 const MaxSize = 128
 
-type cache struct {
-	parent *implementation
-
-	eol time.Time
-
+type tokens struct {
 	signingToken []byte
 
 	validationTokens [][]byte
 }
 
-func (i *implementation) newCache(cfg Configuration) (*cache, error) {
-	files, err := os.ReadDir(i.cfg.Path)
-	if err != nil {
-		return nil, err
-	}
-
-	var keys []string
-	var tokens = make(map[string][]byte)
-
-	for _, file := range files {
-		if file.IsDir() {
-			continue
-		}
-
-		data, err := util.OpenWithRead(path.Join(i.cfg.Path, file.Name()), MaxSize)
+func newCache(cfg Configuration) func(ctx context.Context) (*tokens, time.Duration, error) {
+	return func(ctx context.Context) (*tokens, time.Duration, error) {
+		files, err := os.ReadDir(cfg.Path)
 		if err != nil {
-			continue
-		}
-
-		if len(data) == 0 {
-			continue
-		}
-
-		buff := make([]byte, cfg.Create.MaxSize)
-
-		for id := range buff {
-			buff[id] = 0
+			return nil, 0, err
 		}
 
-		copy(buff, data)
+		var keys []string
+		var ts = make(map[string][]byte)
 
-		keys = append(keys, file.Name())
-		tokens[file.Name()] = buff
-	}
+		for _, file := range files {
+			if file.IsDir() {
+				continue
+			}
 
-	if len(keys) == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
+			data, err := util.OpenWithRead(path.Join(cfg.Path, file.Name()), MaxSize)
+			if err != nil {
+				continue
+			}
 
-	sort.Strings(keys)
+			if len(data) == 0 {
+				continue
+			}
 
-	data := make([][]byte, len(keys))
+			buff := make([]byte, cfg.Create.MaxSize)
 
-	for id := range data {
-		data[id] = tokens[keys[id]]
-	}
+			for id := range buff {
+				buff[id] = 0
+			}
 
-	cache := cache{
-		parent:           i,
-		eol:              time.Now().Add(i.cfg.TTL),
-		signingToken:     tokens[keys[0]],
-		validationTokens: data,
-	}
+			copy(buff, data)
 
-	return &cache, nil
-}
-
-func (i *implementation) localGetCache() *cache {
-	if c := i.cache; c != nil && c.eol.After(time.Now()) {
-		return c
-	}
-
-	return nil
-}
-
-func (i *implementation) withCache() (*cache, error) {
-	if c := i.getCache(); c != nil {
-		return c, nil
-	}
-
-	return i.refreshCache()
-}
-
-func (i *implementation) getCache() *cache {
-	i.lock.RLock()
-	defer i.lock.RUnlock()
+			keys = append(keys, file.Name())
+			ts[file.Name()] = buff
+		}
 
-	return i.localGetCache()
-}
+		if len(keys) == 0 {
+			return nil, 0, io.ErrUnexpectedEOF
+		}
 
-func (i *implementation) refreshCache() (*cache, error) {
-	i.lock.Lock()
-	defer i.lock.Unlock()
+		sort.Strings(keys)
 
-	if c := i.localGetCache(); c != nil {
-		return c, nil
-	}
+		data := make([][]byte, len(keys))
 
-	// Get was not successful, retry
+		for id := range data {
+			data[id] = ts[keys[id]]
+		}
 
-	if c, err := i.newCache(i.cfg); err != nil {
-		return nil, err
-	} else if c == nil {
-		return nil, errors.Errorf("cache returned is nil")
-	} else {
-		i.cache = c
-		return i.cache, nil
+		return &tokens{
+			signingToken:     ts[keys[0]],
+			validationTokens: data,
+		}, cfg.TTL, nil
 	}
 }
@@ -1,7 +1,7 @@
 //
 // DISCLAIMER
 //
-// Copyright 2024 ArangoDB GmbH, Cologne, Germany
+// Copyright 2024-2025 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -67,6 +67,14 @@ type Configuration struct {
 	Path string
 
 	Create Token
+
+	Database ConfigurationDatabase
+}
+
+type ConfigurationDatabase struct {
+	Proto    string
+	Endpoint string
+	Port     int
 }
 
 func (c Configuration) With(mods ...Mod) Configuration {