Skip to content

Commit

Permalink
Add oidc configuration params (#41)
Browse files Browse the repository at this point in the history
* Add oidc configuration params

* addressing review feedbacks
  • Loading branch information
CDimonaco authored and arbulu89 committed Sep 24, 2024
1 parent d710957 commit 254a200
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 2 deletions.
9 changes: 7 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ Create a vars.json file, following the example below:
> The default values for variables ending with `_host` usually point to:
> - `host.docker.internal` when using `docker` install method
> - `localhost` in the case of `rpm` install method.
> These work for single-host deployments but be sure to set them explicitly when pointing to manually deployed
> These work for single-host deployments but be sure to set them explicitly when pointing to manually deployed
> services either with an **external IP** or an **internal IP** based on the infra network configuration or when using multi-node deployments.

```
Expand All @@ -127,7 +127,7 @@ Create a vars.json file, following the example below:
"nginx_ssl_key": "<paste your SSL certificate key here in base64>"
}
```
> Additionally, when deploying trento agents using the playbook, api-key auto retrieval from the server is not supported yet, so either
> Additionally, when deploying trento agents using the playbook, api-key auto retrieval from the server is not supported yet, so either
> use `"enable_api_key": "false"` and skip `trento_api_key` altogether or disable agent deployment for the first run, retrieve the api-key from the UI
> and set the `trento_api_key` accordingly.
Expand Down Expand Up @@ -247,6 +247,10 @@ These variables are the defaults of our roles, if you want to override the prope
| smtp_port | Port number of SMTP server | |
| smtp_user | Username for SMTP authentication | |
| smtp_password | Password for SMTP authentication | |
| enable_oidc | Enable OIDC integration, this disables the username/password authentication method | false |
| oidc_client_id | OIDC client id, required when enable_oidc is true | |
| oidc_client_secret | OIDC client secret, required when enable_oidc is true | |
| oidc_server_base_url | OIDC identity provider base url, required when enable_oidc is true | |
| install_nginx | Install nginx | true |
| nginx_ssl_cert_as_base64 | Nginx SSL certificate provided as base64 string | false |
| nginx_ssl_key_as_base64 | Nginx SSL key provided as base64 string | false |
Expand All @@ -263,6 +267,7 @@ These variables are the defaults of our roles, if you want to override the prope
| web_host | Host where the web instance is listening | http://localhost |
| install_method | Installation method for trento components, can be either `rpm` or `docker` | rpm |


**trento agents**

| Name | Description | Default |
Expand Down
4 changes: 4 additions & 0 deletions roles/app/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,7 @@ alert_sender: ""
alert_recipient: ""
amqp_protocol: amqp
install_method: rpm
enable_oidc: "false"
oidc_client_id: ""
oidc_client_secret: ""
oidc_server_base_url: ""
4 changes: 4 additions & 0 deletions roles/app/tasks/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -102,3 +102,7 @@
ENABLE_API_KEY: "{{ enable_api_key }}"
CHARTS_ENABLED: "{{ enable_charts }}"
TRENTO_WEB_ORIGIN: "{{ trento_server_name }}"
ENABLE_OIDC: "{{ enable_oidc }}"
OIDC_CLIENT_ID: "{{ oidc_client_id }}"
OIDC_CLIENT_SECRET: "{{ oidc_client_secret }}"
OIDC_BASE_URL: "{{ oidc_server_base_url }}"
4 changes: 4 additions & 0 deletions roles/app/templates/trento-web.j2
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,7 @@ ENABLE_API_KEY={{ enable_api_key }}
CHARTS_ENABLED={{ enable_charts }}
PORT={{ web_listen_port }}
TRENTO_WEB_ORIGIN={{ trento_server_name }}
ENABLE_OIDC={{ enable_oidc }}
OIDC_CLIENT_ID={{ oidc_client_id }}
OIDC_CLIENT_SECRET={{ oidc_client_secret }}
OIDC_BASE_URL={{ oidc_server_base_url }}

0 comments on commit 254a200

Please sign in to comment.