From c608308a93d0dc4f868b5e42c8908b5fb1a1204b Mon Sep 17 00:00:00 2001 From: Sara Lambert Date: Thu, 21 Dec 2023 15:18:08 -0600 Subject: [PATCH 1/7] Added github action to build/publish sphinxdocs --- .github/workflows/sphinxdocs.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/sphinxdocs.yml diff --git a/.github/workflows/sphinxdocs.yml b/.github/workflows/sphinxdocs.yml new file mode 100644 index 00000000..b7df1d27 --- /dev/null +++ b/.github/workflows/sphinxdocs.yml @@ -0,0 +1,27 @@ +name: documentation + +on: [push, pull_request, workflow_dispatch] + +permissions: + contents: write + +jobs: + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v3 + - name: Install dependencies + run: | + pip install sphinx sphinx_rtd_theme myst_parser + - name: Sphinx build + run: | + sphinx-build doc _build + - name: Deploy to GitHub Pages + uses: peaceiris/actions-gh-pages@v3 + if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' }} + with: + publish_branch: gh-pages + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: _build/ + force_orphan: true From 9f7a17e7ff4af245d3d162ac0793e55845ffd313 Mon Sep 17 00:00:00 2001 From: Sara Lambert Date: Thu, 21 Dec 2023 15:19:28 -0600 Subject: [PATCH 2/7] Fix source dir for sphinxdocs workflow --- .github/workflows/sphinxdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sphinxdocs.yml b/.github/workflows/sphinxdocs.yml index b7df1d27..97e71d04 100644 --- a/.github/workflows/sphinxdocs.yml +++ b/.github/workflows/sphinxdocs.yml @@ -16,7 +16,7 @@ jobs: pip install sphinx sphinx_rtd_theme myst_parser - name: Sphinx build run: | - sphinx-build doc _build + sphinx-build docs _build - name: Deploy to GitHub Pages uses: peaceiris/actions-gh-pages@v3 if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' }} From 12a786c537cd5ad102b91f8153ec6e8f88869a11 Mon Sep 17 00:00:00 2001 From: Sara Lambert Date: Thu, 21 Dec 2023 15:27:48 -0600 Subject: [PATCH 3/7] Fixed minor typo --- docs/guides/admin-guide.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/admin-guide.rst b/docs/guides/admin-guide.rst index 4dd86cb8..bda18cb0 100644 --- a/docs/guides/admin-guide.rst +++ b/docs/guides/admin-guide.rst @@ -116,7 +116,7 @@ Production Deployment * Edit `config.backend.userapps.shared_storage` if you want to enable one or more Shared Data Volume * Edit `config.backend.userapps.annotations` to modify the Ingress annotations for UserApps * Edit `mongodb.autoimport` section to change which github repo is loaded during the `import-specs` job - * Locate `kubernetes.docker.internal` throughout and replace with your own documentation + * Locate `kubernetes.docker.internal` throughout and replace with your own domain 3. Change your kubeconfig context to your desired cluster context: `kubectl config use-context ` 4. Deploy the Helm chart using your custom values: `helm upgrade --install --create-namespace -n . -f values.myworkbench.yaml` * By default, `namespace=workbench` and `name=workbench` - you can use any combination here to deploy multiple different Workbench instances to the same cluster From 272eab586a4dfe8586492dae2b39fa1b661e2f1b Mon Sep 17 00:00:00 2001 From: Sara Lambert Date: Thu, 21 Dec 2023 15:30:44 -0600 Subject: [PATCH 4/7] Fix minor typo --- docs/guides/admin-guide.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/guides/admin-guide.rst b/docs/guides/admin-guide.rst index bda18cb0..259a5fb5 100644 --- a/docs/guides/admin-guide.rst +++ b/docs/guides/admin-guide.rst @@ -130,7 +130,7 @@ Keycloak Configuration Options ------------------------------ If you need to change the configuration of Keycloak, go to https://kubernetes.docker.internal/auth/ -Default credentails: `admin` / `workbench` +Default credentials: `admin` / `workbench` After logging in, choose the `workbench-dev` realm from the dropdown at the top-left @@ -143,6 +143,7 @@ When a user logs in via `browser` or `first broker login`, they are sent through These flows can be customized by navigating to the **Authentication** page, although most of the built-in flows work very nicely without additional modifications. Some examples: + * `browser` tells us how the user will be redirected to the Keycloak Login page (e.g. optionally skip Kecloak login and go to first provider) * `first broker login` lets us customize what happens after a user logs in for the first time (create a user, merge with existing account matching email, etc) From c4de64e286951f90aa482c1e4cfa030bbb828e9e Mon Sep 17 00:00:00 2001 From: Sara Lambert Date: Thu, 21 Dec 2023 15:31:39 -0600 Subject: [PATCH 5/7] Remove extra quote symbol --- docs/guides/admin-guide.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/admin-guide.rst b/docs/guides/admin-guide.rst index 259a5fb5..c0966273 100644 --- a/docs/guides/admin-guide.rst +++ b/docs/guides/admin-guide.rst @@ -167,7 +167,7 @@ This should provide you with a ClientID + ClientSecret to use. In Keycloak, create a new **Client** for each provider and specify your ClientID + ClientSecret when requested, and also set: -* First Login Flow" = `browser` +* First Login Flow = `browser` * Valid Redirect URLs = `https:///oauth2/callback` * Set Authorization URL / Token URL / User Info URL / etc according to your chosen provider * Default Scopes: `openid profile` + any other scopes desired From a63f7c17fea179b2f7abe4b3bf391878d0da0c5f Mon Sep 17 00:00:00 2001 From: Sara Lambert Date: Thu, 21 Dec 2023 15:35:10 -0600 Subject: [PATCH 6/7] Fix syntax errors involving backtick --- docs/guides/admin-guide.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/guides/admin-guide.rst b/docs/guides/admin-guide.rst index c0966273..211a1242 100644 --- a/docs/guides/admin-guide.rst +++ b/docs/guides/admin-guide.rst @@ -169,8 +169,8 @@ In Keycloak, create a new **Client** for each provider and specify your ClientID * First Login Flow = `browser` * Valid Redirect URLs = `https:///oauth2/callback` +* Default Scopes = *openid profile* + any other scopes desired * Set Authorization URL / Token URL / User Info URL / etc according to your chosen provider -* Default Scopes: `openid profile` + any other scopes desired For a more detailed example of configuring OAuth2 Proxy authentiating via Keycloak, see `an example application `_ @@ -214,8 +214,8 @@ To summarize, the steps required to authorize Keycloak group membership with OAu * Create a new Client Scope with the name **groups** in Keycloak. * Include a mapper of type **Group Membership**. - * Set the "Token Claim Name" to **groups** or customize by matching it to the `--oidc-groups-claim` option of OAuth2 Proxy. - * If the "Full group path" option is selected, you need to include a "/" separator in the group names defined in the `--allowed-group` option of OAuth2 Proxy. Example: "/groupname" or "/groupname/childgroup". + * Set the "Token Claim Name" to **groups** or customize by matching it to the *--oidc-groups-claim* option of OAuth2 Proxy. + * If the "Full group path" option is selected, you need to include a "/" separator in the group names defined in the *--allowed-group* option of OAuth2 Proxy. Example: "/groupname" or "/groupname/childgroup". After creating the Client Scope named *groups* you will need to attach it to your client. **Clients -> -> Client scopes -> Add client scope** -> Select **groups** and choose Optional and you should now have a client that maps group memberships into the JWT tokens so that Oauth2 Proxy may evaluate them. From 8d88d2ab68bdbb0148e41ef34f9fa6c6007aa25c Mon Sep 17 00:00:00 2001 From: Sara Lambert Date: Thu, 21 Dec 2023 15:38:55 -0600 Subject: [PATCH 7/7] Fixed syntax with list head --- docs/guides/dev-guide.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/guides/dev-guide.rst b/docs/guides/dev-guide.rst index 563090bb..1084f07e 100644 --- a/docs/guides/dev-guide.rst +++ b/docs/guides/dev-guide.rst @@ -74,6 +74,7 @@ This allows you to create, modify, and test custom applications Create / Edit App in Catalog + * Key (required) / Label (optional) * Display: stack / service / none * Access : external / internal / none