Add oidc configuration params

README.md

@@ -110,7 +110,7 @@ Create a vars.json file, following the example below:
 > The default values for variables ending with `_host` usually point to:
 >  - `host.docker.internal` when using `docker` install method
 >  - `localhost` in the case of `rpm` install method.
-> These work for single-host deployments but be sure to set them explicitly when pointing to manually deployed 
+> These work for single-host deployments but be sure to set them explicitly when pointing to manually deployed
 > services either with an **external IP** or an **internal IP** based on the infra network configuration or when using multi-node deployments.
 
 ```
@@ -127,7 +127,7 @@ Create a vars.json file, following the example below:
   "nginx_ssl_key": "<paste your SSL certificate key here in base64>"
 }
 ```
-> Additionally, when deploying trento agents using the playbook, api-key auto retrieval from the server is not supported yet, so either 
+> Additionally, when deploying trento agents using the playbook, api-key auto retrieval from the server is not supported yet, so either
 > use `"enable_api_key": "false"` and skip `trento_api_key` altogether or disable agent deployment for the first run, retrieve the api-key from the UI
 > and set the `trento_api_key` accordingly.
 
@@ -247,6 +247,10 @@ These variables are the defaults of our roles, if you want to override the prope
 | smtp_port                      | Port number of SMTP server                                                                                       |                                             |
 | smtp_user                      | Username for SMTP authentication                                                                                 |                                             |
 | smtp_password                  | Password for SMTP authentication                                                                                 |                                             |
+| enable_oidc                    | Enable OIDC integration, this disables the username/password authentication method                           | false                                       |
+| oidc_client_id                 | OIDC client id, required when enable_oidc is true                                                                |                                             |
+| oidc_client_secret             | OIDC client secret, required when enable_oidc is true                                                            |                                             |
+| oidc_server_base_url           | OIDC identity provider base url, required when enable_oidc is true                                               |                                             |
 | install_nginx                  | Install nginx                                                                                                    | true                                        |
 | nginx_ssl_cert_as_base64       | Nginx SSL certificate provided as base64 string                                                                  | false                                       |
 | nginx_ssl_key_as_base64        | Nginx SSL key provided as base64 string                                                                          | false                                       |
@@ -263,6 +267,7 @@ These variables are the defaults of our roles, if you want to override the prope
 | web_host                       | Host where the web instance is listening                                                                         | http://localhost                            |
 | install_method                 | Installation method for trento components, can be either `rpm` or `docker`                                       | rpm                                         |
 
+
 **trento agents**
 
 | Name              | Description                                                                            | Default                                                                         |

roles/app/defaults/main.yml

@@ -23,3 +23,7 @@ alert_sender: ""
 alert_recipient: ""
 amqp_protocol: amqp
 install_method: rpm
+enable_oidc: "false"
+oidc_client_id: ""
+oidc_client_secret: ""
+oidc_server_base_url: ""

roles/app/tasks/docker.yml

@@ -102,3 +102,7 @@
       ENABLE_API_KEY: "{{ enable_api_key }}"
       CHARTS_ENABLED: "{{ enable_charts }}"
       TRENTO_WEB_ORIGIN: "{{ trento_server_name }}"
+      ENABLE_OIDC: "{{ enable_oidc }}"
+      OIDC_CLIENT_ID: "{{ oidc_client_id }}"
+      OIDC_CLIENT_SECRET: "{{ oidc_client_secret }}"
+      OIDC_BASE_URL: "{{ oidc_server_base_url }}"

roles/app/templates/trento-web.j2

@@ -18,3 +18,7 @@ ENABLE_API_KEY={{ enable_api_key }}
 CHARTS_ENABLED={{ enable_charts }}
 PORT={{ web_listen_port }}
 TRENTO_WEB_ORIGIN={{ trento_server_name }}
+ENABLE_OIDC={{ enable_oidc }}
+OIDC_CLIENT_ID={{ oidc_client_id }}
+OIDC_CLIENT_SECRET={{ oidc_client_secret }}
+OIDC_BASE_URL={{ oidc_server_base_url }}