From dafb79edb9e8134ff7d0ab83d0a3a1077323f897 Mon Sep 17 00:00:00 2001 From: Carmine Di Monaco Date: Tue, 20 Aug 2024 14:26:43 +0200 Subject: [PATCH 1/2] Add oidc configuration params --- README.md | 9 +++++++-- roles/app/defaults/main.yml | 4 ++++ roles/app/tasks/docker.yml | 4 ++++ roles/app/templates/trento-web.j2 | 4 ++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 80f873c..ea33c86 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ Create a vars.json file, following the example below: > The default values for variables ending with `_host` usually point to: > - `host.docker.internal` when using `docker` install method > - `localhost` in the case of `rpm` install method. -> These work for single-host deployments but be sure to set them explicitly when pointing to manually deployed +> These work for single-host deployments but be sure to set them explicitly when pointing to manually deployed > services either with an **external IP** or an **internal IP** based on the infra network configuration or when using multi-node deployments. ``` @@ -127,7 +127,7 @@ Create a vars.json file, following the example below: "nginx_ssl_key": "" } ``` -> Additionally, when deploying trento agents using the playbook, api-key auto retrieval from the server is not supported yet, so either +> Additionally, when deploying trento agents using the playbook, api-key auto retrieval from the server is not supported yet, so either > use `"enable_api_key": "false"` and skip `trento_api_key` altogether or disable agent deployment for the first run, retrieve the api-key from the UI > and set the `trento_api_key` accordingly. @@ -247,6 +247,10 @@ These variables are the defaults of our roles, if you want to override the prope | smtp_port | Port number of SMTP server | | | smtp_user | Username for SMTP authentication | | | smtp_password | Password for SMTP authentication | | +| enable_oidc | Enable OIDC integration, this will disable the username/password authentication method | false | +| oidc_client_id | OIDC client id, required when enable_oidc is true | | +| oidc_client_secret | OIDC client secret, required when enable_oidc is true | | +| oidc_server_base_url | OIDC identity provider base url, required when enable_oidc is true | | | install_nginx | Install nginx | true | | nginx_ssl_cert_as_base64 | Nginx SSL certificate provided as base64 string | false | | nginx_ssl_key_as_base64 | Nginx SSL key provided as base64 string | false | @@ -263,6 +267,7 @@ These variables are the defaults of our roles, if you want to override the prope | web_host | Host where the web instance is listening | http://localhost | | install_method | Installation method for trento components, can be either `rpm` or `docker` | rpm | + **trento agents** | Name | Description | Default | diff --git a/roles/app/defaults/main.yml b/roles/app/defaults/main.yml index c8884e0..0c9fb83 100644 --- a/roles/app/defaults/main.yml +++ b/roles/app/defaults/main.yml @@ -23,3 +23,7 @@ alert_sender: "" alert_recipient: "" amqp_protocol: amqp install_method: rpm +enable_oidc: "false" +oidc_client_id: "" +oidc_client_secret: "" +oidc_server_base_url: "" diff --git a/roles/app/tasks/docker.yml b/roles/app/tasks/docker.yml index 03cb129..1d86095 100644 --- a/roles/app/tasks/docker.yml +++ b/roles/app/tasks/docker.yml @@ -102,3 +102,7 @@ ENABLE_API_KEY: "{{ enable_api_key }}" CHARTS_ENABLED: "{{ enable_charts }}" TRENTO_WEB_ORIGIN: "{{ trento_server_name }}" + ENABLE_OIDC: "{{ enable_oidc }}" + OIDC_CLIENT_ID: "{{ oidc_client_id }}" + OIDC_CLIENT_SECRET: "{{ oidc_client_secret }}" + OIDC_BASE_URL: "{{ oidc_server_base_url }}" diff --git a/roles/app/templates/trento-web.j2 b/roles/app/templates/trento-web.j2 index 8b69dd1..b6697f3 100644 --- a/roles/app/templates/trento-web.j2 +++ b/roles/app/templates/trento-web.j2 @@ -18,3 +18,7 @@ ENABLE_API_KEY={{ enable_api_key }} CHARTS_ENABLED={{ enable_charts }} PORT={{ web_listen_port }} TRENTO_WEB_ORIGIN={{ trento_server_name }} +ENABLE_OIDC={{ enable_oidc }} +OIDC_CLIENT_ID={{ oidc_client_id }} +OIDC_CLIENT_SECRET={{ oidc_client_secret }} +OIDC_BASE_URL={{ oidc_server_base_url }} From 00e5af51d8ac46b32dffef5cfe6cab86fb6f8c82 Mon Sep 17 00:00:00 2001 From: Carmine Di Monaco Date: Wed, 21 Aug 2024 11:23:56 +0200 Subject: [PATCH 2/2] addressing review feedbacks --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ea33c86..c6ca48e 100644 --- a/README.md +++ b/README.md @@ -247,7 +247,7 @@ These variables are the defaults of our roles, if you want to override the prope | smtp_port | Port number of SMTP server | | | smtp_user | Username for SMTP authentication | | | smtp_password | Password for SMTP authentication | | -| enable_oidc | Enable OIDC integration, this will disable the username/password authentication method | false | +| enable_oidc | Enable OIDC integration, this disables the username/password authentication method | false | | oidc_client_id | OIDC client id, required when enable_oidc is true | | | oidc_client_secret | OIDC client secret, required when enable_oidc is true | | | oidc_server_base_url | OIDC identity provider base url, required when enable_oidc is true | |