diff --git a/charts/platform/README.md b/charts/platform/README.md index 9c87595..a57b3f0 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -24,16 +24,6 @@ If you want to deploy keycloak and postgresql as part of the platform deployment ## Pre-Requisites -### TLS Certificate - -The chart will attempt to generate a TLS certificate if `tls.enabled` is set to `true` and no `tls.secretName` is provided. - -Alternatively, you can also provide your own certificate as well. Once you have the certificate and key, you can create a TLS secret with the following command: - -```bash -kubectl create secret tls --cert --key -``` - ### KAS Secret In order to run the KAS server, you need to provide the KAS with a set a keys. This will allow the KAS to support nanotdf and tdf3 rewrap functionality. @@ -105,112 +95,7 @@ grpcurl -insecure $PLATFORM_HOST:443 kas.AccessService/PublicKey ### Post Install with Playground enabled -Create a Keycloak Configuration File with the following content: - -```yaml -baseUrl: &baseUrl http://localhost:8888 -serverBaseUrl: &serverBaseUrl http://localhost:8080 -customAudMapper: &customAudMapper - name: audience-mapper - protocol: openid-connect - protocolMapper: oidc-audience-mapper - config: - included.custom.audience: *serverBaseUrl - access.token.claim: "true" - id.token.claim: "true" -realms: - - realm_repepresentation: - realm: opentdf - enabled: true - custom_realm_roles: - - name: opentdf-org-admin - - name: opentdf-admin - - name: opentdf-readonly - custom_client_roles: - tdf-entity-resolution: - - name: entity-resolution-test-role - custom_groups: - - name: mygroup - attributes: - mygroupattribute: - - mygroupvalue - clients: - - client: - clientID: opentdf - enabled: true - name: opentdf - serviceAccountsEnabled: true - clientAuthenticatorType: client-secret - secret: secret - protocolMappers: - - *customAudMapper - sa_realm_roles: - - opentdf-org-admin - - client: - clientID: opentdf-sdk - enabled: true - name: opentdf-sdk - serviceAccountsEnabled: true - clientAuthenticatorType: client-secret - secret: secret - protocolMappers: - - *customAudMapper - sa_realm_roles: - - opentdf-readonly - - client: - clientID: tdf-entity-resolution - enabled: true - name: tdf-entity-resolution - serviceAccountsEnabled: true - clientAuthenticatorType: client-secret - secret: secret - protocolMappers: - - *customAudMapper - sa_client_roles: - realm-management: - - view-clients - - query-clients - - view-users - - query-users - - client: - clientID: tdf-authorization-svc - enabled: true - name: tdf-authorization-svc - serviceAccountsEnabled: true - clientAuthenticatorType: client-secret - secret: secret - protocolMappers: - - *customAudMapper - users: - - username: sample-user - enabled: true - firstName: sample - lastName: user - email: sampleuser@sample.com - credentials: - - value: testuser123 - type: password - attributes: - superhero_name: - - thor - superhero_group: - - avengers - groups: - - mygroup - realmRoles: - - opentdf-org-admin - clientRoles: - realm-management: - - view-clients - - query-clients - - view-users - - query-users - tdf-entity-resolution: - - entity-resolution-test-role - token_exchanges: - - start_client: opentdf - target_client: opentdf-sdk - ``` +Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/platform/main/service/cmd/keycloak_data.yaml) Run the following command to provision keycloak test data diff --git a/charts/platform/README.md.gotmpl b/charts/platform/README.md.gotmpl index 6a109aa..c395fa6 100644 --- a/charts/platform/README.md.gotmpl +++ b/charts/platform/README.md.gotmpl @@ -25,16 +25,6 @@ If you want to deploy keycloak and postgresql as part of the platform deployment ## Pre-Requisites -### TLS Certificate - -The chart will attempt to generate a TLS certificate if `tls.enabled` is set to `true` and no `tls.secretName` is provided. - -Alternatively, you can also provide your own certificate as well. Once you have the certificate and key, you can create a TLS secret with the following command: - -```bash -kubectl create secret tls --cert --key -``` - ### KAS Secret In order to run the KAS server, you need to provide the KAS with a set a keys. This will allow the KAS to support nanotdf and tdf3 rewrap functionality. @@ -107,112 +97,7 @@ grpcurl -insecure $PLATFORM_HOST:443 kas.AccessService/PublicKey ### Post Install with Playground enabled -Create a Keycloak Configuration File with the following content: - -```yaml -baseUrl: &baseUrl http://localhost:8888 -serverBaseUrl: &serverBaseUrl http://localhost:8080 -customAudMapper: &customAudMapper - name: audience-mapper - protocol: openid-connect - protocolMapper: oidc-audience-mapper - config: - included.custom.audience: *serverBaseUrl - access.token.claim: "true" - id.token.claim: "true" -realms: - - realm_repepresentation: - realm: opentdf - enabled: true - custom_realm_roles: - - name: opentdf-org-admin - - name: opentdf-admin - - name: opentdf-readonly - custom_client_roles: - tdf-entity-resolution: - - name: entity-resolution-test-role - custom_groups: - - name: mygroup - attributes: - mygroupattribute: - - mygroupvalue - clients: - - client: - clientID: opentdf - enabled: true - name: opentdf - serviceAccountsEnabled: true - clientAuthenticatorType: client-secret - secret: secret - protocolMappers: - - *customAudMapper - sa_realm_roles: - - opentdf-org-admin - - client: - clientID: opentdf-sdk - enabled: true - name: opentdf-sdk - serviceAccountsEnabled: true - clientAuthenticatorType: client-secret - secret: secret - protocolMappers: - - *customAudMapper - sa_realm_roles: - - opentdf-readonly - - client: - clientID: tdf-entity-resolution - enabled: true - name: tdf-entity-resolution - serviceAccountsEnabled: true - clientAuthenticatorType: client-secret - secret: secret - protocolMappers: - - *customAudMapper - sa_client_roles: - realm-management: - - view-clients - - query-clients - - view-users - - query-users - - client: - clientID: tdf-authorization-svc - enabled: true - name: tdf-authorization-svc - serviceAccountsEnabled: true - clientAuthenticatorType: client-secret - secret: secret - protocolMappers: - - *customAudMapper - users: - - username: sample-user - enabled: true - firstName: sample - lastName: user - email: sampleuser@sample.com - credentials: - - value: testuser123 - type: password - attributes: - superhero_name: - - thor - superhero_group: - - avengers - groups: - - mygroup - realmRoles: - - opentdf-org-admin - clientRoles: - realm-management: - - view-clients - - query-clients - - view-users - - query-users - tdf-entity-resolution: - - entity-resolution-test-role - token_exchanges: - - start_client: opentdf - target_client: opentdf-sdk - ``` +Download the [keycloak_data.yaml](https://raw.githubusercontent.com/opentdf/platform/main/service/cmd/keycloak_data.yaml) Run the following command to provision keycloak test data diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 1f0b174..4b77242 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -66,7 +66,6 @@ func (suite *PlatformChartIntegrationSuite) SetupTest() { } func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { - namespaceName := fmt.Sprintf("opentdf-%s", strings.ToLower(random.UniqueId())) releaseName := "opentdf" @@ -122,7 +121,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { suite.Require().NoError(err) err = ingTmpl.Execute(&ingRendered, map[string]string{"Namespace": namespaceName}) suite.Require().NoError(err) - err = os.WriteFile("traefik.yaml", ingRendered.Bytes(), 0644) + err = os.WriteFile("traefik.yaml", ingRendered.Bytes(), 0o644) suite.Require().NoError(err) traefikIngressCfg, err := filepath.Abs("traefik.yaml") @@ -166,7 +165,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { kcDataPath, err := filepath.Abs("../platform/service/cmd/keycloak_data.yaml") suite.Require().NoError(err) - dockerRun := exec.Command("docker", "run", "--rm", "--network=platform-k3d", "--add-host=keycloak.opentdf.local:10.255.127.1", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-p", kcAdminPass, "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") + dockerRun := exec.Command("docker", "run", "--rm", "--network=platform-k3d", "--add-host=keycloak.opentdf.local:10.255.127.1", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak", "-p", kcAdminPass, "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") dockerRunOutput, err := dockerRun.CombinedOutput() suite.Require().NoError(err, string(dockerRunOutput)) if err == nil {