Skip to content

Commit

Permalink
chore(docs): minor platform chart doc updates (#79)
Browse files Browse the repository at this point in the history
  • Loading branch information
@strantalis
strantalis authored Aug 20, 2024
1 parent 81f64ca commit f5505c8
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 235 deletions.
117 changes: 1 addition & 116 deletions charts/platform/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,16 +24,6 @@ If you want to deploy keycloak and postgresql as part of the platform deployment

## Pre-Requisites

### TLS Certificate

The chart will attempt to generate a TLS certificate if `tls.enabled` is set to `true` and no `tls.secretName` is provided.

Alternatively, you can also provide your own certificate as well. Once you have the certificate and key, you can create a TLS secret with the following command:

```bash
kubectl create secret tls <tls-secret-name> --cert <path-to-cert-file> --key <path-to-key-file>
```

### KAS Secret

In order to run the KAS server, you need to provide the KAS with a set a keys. This will allow the KAS to support nanotdf and tdf3 rewrap functionality.
Expand Down Expand Up @@ -105,112 +95,7 @@ grpcurl -insecure $PLATFORM_HOST:443 kas.AccessService/PublicKey

### Post Install with Playground enabled

Create a Keycloak Configuration File with the following content:

```yaml
baseUrl: &baseUrl http://localhost:8888
serverBaseUrl: &serverBaseUrl http://localhost:8080
customAudMapper: &customAudMapper
name: audience-mapper
protocol: openid-connect
protocolMapper: oidc-audience-mapper
config:
included.custom.audience: *serverBaseUrl
access.token.claim: "true"
id.token.claim: "true"
realms:
- realm_repepresentation:
realm: opentdf
enabled: true
custom_realm_roles:
- name: opentdf-org-admin
- name: opentdf-admin
- name: opentdf-readonly
custom_client_roles:
tdf-entity-resolution:
- name: entity-resolution-test-role
custom_groups:
- name: mygroup
attributes:
mygroupattribute:
- mygroupvalue
clients:
- client:
clientID: opentdf
enabled: true
name: opentdf
serviceAccountsEnabled: true
clientAuthenticatorType: client-secret
secret: secret
protocolMappers:
- *customAudMapper
sa_realm_roles:
- opentdf-org-admin
- client:
clientID: opentdf-sdk
enabled: true
name: opentdf-sdk
serviceAccountsEnabled: true
clientAuthenticatorType: client-secret
secret: secret
protocolMappers:
- *customAudMapper
sa_realm_roles:
- opentdf-readonly
- client:
clientID: tdf-entity-resolution
enabled: true
name: tdf-entity-resolution
serviceAccountsEnabled: true
clientAuthenticatorType: client-secret
secret: secret
protocolMappers:
- *customAudMapper
sa_client_roles:
realm-management:
- view-clients
- query-clients
- view-users
- query-users
- client:
clientID: tdf-authorization-svc
enabled: true
name: tdf-authorization-svc
serviceAccountsEnabled: true
clientAuthenticatorType: client-secret
secret: secret
protocolMappers:
- *customAudMapper
users:
- username: sample-user
enabled: true
firstName: sample
lastName: user
email: [email protected]
credentials:
- value: testuser123
type: password
attributes:
superhero_name:
- thor
superhero_group:
- avengers
groups:
- mygroup
realmRoles:
- opentdf-org-admin
clientRoles:
realm-management:
- view-clients
- query-clients
- view-users
- query-users
tdf-entity-resolution:
- entity-resolution-test-role
token_exchanges:
- start_client: opentdf
target_client: opentdf-sdk
```
Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/platform/main/service/cmd/keycloak_data.yaml)

Run the following command to provision keycloak test data

Expand Down
117 changes: 1 addition & 116 deletions charts/platform/README.md.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,16 +25,6 @@ If you want to deploy keycloak and postgresql as part of the platform deployment

## Pre-Requisites

### TLS Certificate

The chart will attempt to generate a TLS certificate if `tls.enabled` is set to `true` and no `tls.secretName` is provided.

Alternatively, you can also provide your own certificate as well. Once you have the certificate and key, you can create a TLS secret with the following command:

```bash
kubectl create secret tls <tls-secret-name> --cert <path-to-cert-file> --key <path-to-key-file>
```

### KAS Secret

In order to run the KAS server, you need to provide the KAS with a set a keys. This will allow the KAS to support nanotdf and tdf3 rewrap functionality.
Expand Down Expand Up @@ -107,112 +97,7 @@ grpcurl -insecure $PLATFORM_HOST:443 kas.AccessService/PublicKey

### Post Install with Playground enabled

Create a Keycloak Configuration File with the following content:

```yaml
baseUrl: &baseUrl http://localhost:8888
serverBaseUrl: &serverBaseUrl http://localhost:8080
customAudMapper: &customAudMapper
name: audience-mapper
protocol: openid-connect
protocolMapper: oidc-audience-mapper
config:
included.custom.audience: *serverBaseUrl
access.token.claim: "true"
id.token.claim: "true"
realms:
- realm_repepresentation:
realm: opentdf
enabled: true
custom_realm_roles:
- name: opentdf-org-admin
- name: opentdf-admin
- name: opentdf-readonly
custom_client_roles:
tdf-entity-resolution:
- name: entity-resolution-test-role
custom_groups:
- name: mygroup
attributes:
mygroupattribute:
- mygroupvalue
clients:
- client:
clientID: opentdf
enabled: true
name: opentdf
serviceAccountsEnabled: true
clientAuthenticatorType: client-secret
secret: secret
protocolMappers:
- *customAudMapper
sa_realm_roles:
- opentdf-org-admin
- client:
clientID: opentdf-sdk
enabled: true
name: opentdf-sdk
serviceAccountsEnabled: true
clientAuthenticatorType: client-secret
secret: secret
protocolMappers:
- *customAudMapper
sa_realm_roles:
- opentdf-readonly
- client:
clientID: tdf-entity-resolution
enabled: true
name: tdf-entity-resolution
serviceAccountsEnabled: true
clientAuthenticatorType: client-secret
secret: secret
protocolMappers:
- *customAudMapper
sa_client_roles:
realm-management:
- view-clients
- query-clients
- view-users
- query-users
- client:
clientID: tdf-authorization-svc
enabled: true
name: tdf-authorization-svc
serviceAccountsEnabled: true
clientAuthenticatorType: client-secret
secret: secret
protocolMappers:
- *customAudMapper
users:
- username: sample-user
enabled: true
firstName: sample
lastName: user
email: [email protected]
credentials:
- value: testuser123
type: password
attributes:
superhero_name:
- thor
superhero_group:
- avengers
groups:
- mygroup
realmRoles:
- opentdf-org-admin
clientRoles:
realm-management:
- view-clients
- query-clients
- view-users
- query-users
tdf-entity-resolution:
- entity-resolution-test-role
token_exchanges:
- start_client: opentdf
target_client: opentdf-sdk
```
Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/platform/main/service/cmd/keycloak_data.yaml)

Run the following command to provision keycloak test data

Expand Down
5 changes: 2 additions & 3 deletions tests/chart_platform_integration_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,6 @@ func (suite *PlatformChartIntegrationSuite) SetupTest() {
}

func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() {

namespaceName := fmt.Sprintf("opentdf-%s", strings.ToLower(random.UniqueId()))
releaseName := "opentdf"

Expand Down Expand Up @@ -122,7 +121,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() {
suite.Require().NoError(err)
err = ingTmpl.Execute(&ingRendered, map[string]string{"Namespace": namespaceName})
suite.Require().NoError(err)
err = os.WriteFile("traefik.yaml", ingRendered.Bytes(), 0644)
err = os.WriteFile("traefik.yaml", ingRendered.Bytes(), 0o644)
suite.Require().NoError(err)

traefikIngressCfg, err := filepath.Abs("traefik.yaml")
Expand Down Expand Up @@ -166,7 +165,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() {

kcDataPath, err := filepath.Abs("../platform/service/cmd/keycloak_data.yaml")
suite.Require().NoError(err)
dockerRun := exec.Command("docker", "run", "--rm", "--network=platform-k3d", "--add-host=keycloak.opentdf.local:10.255.127.1", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-p", kcAdminPass, "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml")
dockerRun := exec.Command("docker", "run", "--rm", "--network=platform-k3d", "--add-host=keycloak.opentdf.local:10.255.127.1", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak", "-p", kcAdminPass, "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml")
dockerRunOutput, err := dockerRun.CombinedOutput()
suite.Require().NoError(err, string(dockerRunOutput))
if err == nil {
Expand Down

0 comments on commit f5505c8

Please sign in to comment.