-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GDB-10780 Add GraphDB security configurations examples
- Loading branch information
Vladislav Nikolov
committed
Sep 2, 2024
1 parent
d97e4a0
commit 3f49678
Showing
2 changed files
with
77 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| Users provisioning | ||
| === | ||
|
|
||
| ## Configuring the admin and provisioner | ||
|
|
||
| ```yaml | ||
| security: | ||
| enabled: true | ||
| admin: | ||
| initialPassword: "{bcrypt}$2a$12$VDd8PrAndaJfoMJFlHFot.osSxZWQjMQZKgrEJgVZKFj6WFPvkbnS" # admin123 | ||
| provisioner: | ||
| username: graphdb-provisioner | ||
| password: provisionerpass123 | ||
| ``` | ||
| ## Configuring extra users | ||
| ```yaml | ||
| security: | ||
| enabled: true | ||
| initialUsers: | ||
| users: | ||
| tester: | ||
| username: tester | ||
| password: "{bcrypt}$2a$12$Ox/aDv4TpnVrMZPmCBNdbu1WI8ekuXiYWMuMie.fpHb.uWRukej1i" # password123 | ||
| grantedAuthorities: [ "ROLE_USER" ] | ||
| ``` | ||
| **Note: The password for the additional user is created by appending the bcrypt-hashed version | ||
| of the password to the "{bcrypt}" string.** | ||
| ## Configuring users by using a Secret | ||
| The Secret resource is defined in the [graphdb-users.yaml](./graphdb-users.yaml) file. It loads | ||
| the [users.js](./users.js) file as its content, which contains descriptions of all users. Each | ||
| user's password is stored by appending the bcrypt-hashed version of the password to the {bcrypt} string. | ||
| ```yaml | ||
| security: | ||
| enabled: true | ||
| initialUsers: | ||
| existingSecret: "graphdb-users" | ||
| secretKey: users.js | ||
| ``` | ||
| #### Credentials | ||
| | Username | Password | | ||
| |----------|----------| | ||
| | admin | admin | | ||
| | tester | tester | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # This YAML file defines a Kubernetes Secret named "graphdb-users." | ||
| # It stores the contents of the "users.js" file (located in the "files" directory) | ||
| # in base64-encoded format. This Secret securely provides sensitive data, | ||
| # such as configuration files, to Kubernetes pods. | ||
| # | ||
| # Place this Secret under the templates directory of the Helm chart. | ||
|
|
||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: graphdb-users | ||
| stringData: | ||
| users.js: > | ||
| { | ||
| "users" : { | ||
| "admin" : { | ||
| "username" : "admin", | ||
| "password" : "{bcrypt}$2a$12$EgGOH5kMwtrmBooSu/iRnOSkP712nLYOdLNQsZZ2dvM28XTgzvSKq", | ||
| "grantedAuthorities" : [ "ROLE_ADMIN" ] | ||
| }, | ||
| "tester": { | ||
| "username" : "tester", | ||
| "password" : "{bcrypt}$2a$12$MYBDxuw9ziuYwnOyYbt1P.yqzkG.ufxR3r7nw8QKuHa/Cu0gpnR5a", | ||
| "grantedAuthorities" : [ "ROLE_USER" ] | ||
| } | ||
| } | ||
| } |