From 3bd8cf265c41f59734f1a040e5c745f9fc7f4433 Mon Sep 17 00:00:00 2001 From: arbulu89 Date: Tue, 10 Sep 2024 15:48:37 +0200 Subject: [PATCH 1/2] Add oauth2 integration usage and documentation --- README.md | 10 +++++++++- roles/app/defaults/main.yml | 8 ++++++++ roles/app/tasks/docker.yml | 8 ++++++++ roles/app/templates/trento-web.j2 | 8 ++++++++ 4 files changed, 33 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c6ca48e..814c4a3 100644 --- a/README.md +++ b/README.md @@ -247,10 +247,18 @@ These variables are the defaults of our roles, if you want to override the prope | smtp_port | Port number of SMTP server | | | smtp_user | Username for SMTP authentication | | | smtp_password | Password for SMTP authentication | | -| enable_oidc | Enable OIDC integration, this disables the username/password authentication method | false | +| enable_oidc | Enable OIDC integration, this disables the username/password authentication method (self exclusive SSO type) | false | | oidc_client_id | OIDC client id, required when enable_oidc is true | | | oidc_client_secret | OIDC client secret, required when enable_oidc is true | | | oidc_server_base_url | OIDC identity provider base url, required when enable_oidc is true | | +| enable_oauth2 | Enable OAUTH2 integration, this disables the username/password authentication method (self exclusive SSO type) | false | +| oauth2_client_id | OAUTH2 client id, required when enable_oauth2 is true | | +| oauth2_client_secret | OAUTH2 client secret, required when enable_oauth2 is true | | +| oauth2_server_base_url | OAUTH2 identity provider base url, required when enable_oauth2 is true | | +| oauth2_authorize_url | OAUTH2 authorize url, required when enable_oauth2 is true | | +| oauth2_token_url | OAUTH2 token url, required when enable_oauth2 is true | | +| oauth2_user_url | OAUTH2 user information url, required when enable_oauth2 is true | | +| oauth2_scopes | OAUTH2 scopes, required when enable_oauth2 is true | "profile email" | | install_nginx | Install nginx | true | | nginx_ssl_cert_as_base64 | Nginx SSL certificate provided as base64 string | false | | nginx_ssl_key_as_base64 | Nginx SSL key provided as base64 string | false | diff --git a/roles/app/defaults/main.yml b/roles/app/defaults/main.yml index 0c9fb83..947aa3c 100644 --- a/roles/app/defaults/main.yml +++ b/roles/app/defaults/main.yml @@ -27,3 +27,11 @@ enable_oidc: "false" oidc_client_id: "" oidc_client_secret: "" oidc_server_base_url: "" +enable_oauth2: "false" +oauth2_client_id: "" +oauth2_client_secret: "" +oauth2_server_base_url: "" +oauth2_authorize_url: "" +oauth2_token_url: "" +oauth2_user_url: "" +oauth2_scopes: "" diff --git a/roles/app/tasks/docker.yml b/roles/app/tasks/docker.yml index 1d86095..003424f 100644 --- a/roles/app/tasks/docker.yml +++ b/roles/app/tasks/docker.yml @@ -106,3 +106,11 @@ OIDC_CLIENT_ID: "{{ oidc_client_id }}" OIDC_CLIENT_SECRET: "{{ oidc_client_secret }}" OIDC_BASE_URL: "{{ oidc_server_base_url }}" + ENABLE_OAUTH2: "{{ enable_oauth2 }}" + OAUTH2_CLIENT_ID: "{{ oauth2_client_id }}" + OAUTH2_CLIENT_SECRET: "{{ oauth2_client_secret }}" + OAUTH2_BASE_URL: "{{ oauth2_server_base_url }}" + OAUTH2_AUTHORIZE_URL: "{{ oauth2_authorize_url }}" + OAUTH2_TOKEN_URL: "{{ oauth2_token_url }}" + OAUTH2_USER_URL: "{{ oauth2_user_url }}" + OAUTH2_SCOPES: "{{ oauth2_scopes }}" diff --git a/roles/app/templates/trento-web.j2 b/roles/app/templates/trento-web.j2 index b6697f3..14d2c61 100644 --- a/roles/app/templates/trento-web.j2 +++ b/roles/app/templates/trento-web.j2 @@ -22,3 +22,11 @@ ENABLE_OIDC={{ enable_oidc }} OIDC_CLIENT_ID={{ oidc_client_id }} OIDC_CLIENT_SECRET={{ oidc_client_secret }} OIDC_BASE_URL={{ oidc_server_base_url }} +ENABLE_OAUTH2={{ enable_oauth2 }} +OAUTH2_CLIENT_ID={{ oauth2_client_id }} +OAUTH2_CLIENT_SECRET={{ oauth2_client_secret }} +OAUTH2_BASE_URL={{ oauth2_server_base_url }} +OAUTH2_AUTHORIZE_URL={{ oauth2_authorize_url }} +OAUTH2_TOKEN_URL={{ oauth2_token_url }} +OAUTH2_USER_URL={{ oauth2_user_url }} +OAUTH2_SCOPES={{ oauth2_scopes }} From 852c877de8b7523a917933672c29720a983152b6 Mon Sep 17 00:00:00 2001 From: arbulu89 Date: Thu, 12 Sep 2024 10:30:21 +0200 Subject: [PATCH 2/2] Add oauth2 scopes default value --- roles/app/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/app/defaults/main.yml b/roles/app/defaults/main.yml index 947aa3c..0229949 100644 --- a/roles/app/defaults/main.yml +++ b/roles/app/defaults/main.yml @@ -34,4 +34,4 @@ oauth2_server_base_url: "" oauth2_authorize_url: "" oauth2_token_url: "" oauth2_user_url: "" -oauth2_scopes: "" +oauth2_scopes: "profile email"