From 6544e4d2ce2510625e3f2c3879b226522b4a64cf Mon Sep 17 00:00:00 2001 From: Bruno Barin Date: Tue, 14 Dec 2021 14:11:50 -0300 Subject: [PATCH 1/3] Improved documentation guide on how to configure Litmus with Dex OIDC Signed-off-by: Bruno Barin --- .../chaoscenter-oauth-dex-installation.md | 33 ++++++++++--------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/website/docs/user-guides/chaoscenter-oauth-dex-installation.md b/website/docs/user-guides/chaoscenter-oauth-dex-installation.md index 7911dd14..0199404d 100644 --- a/website/docs/user-guides/chaoscenter-oauth-dex-installation.md +++ b/website/docs/user-guides/chaoscenter-oauth-dex-installation.md @@ -23,8 +23,8 @@ Before deploying LitmusChaos, make sure the following items are there - [Deployed ChaosCenter](../getting-started/installation.md) - Atleast one of the following - - Google Oauth credentials - - GitHub Oauth credentials + - Google Oauth credentials + - GitHub Oauth credentials ## Deploy Dex OIDC provider @@ -35,18 +35,17 @@ Make sure you have your Google and GitHub Client credentials ready, if you do no - [Guide to generating Google Oauth Client Credentials](https://support.google.com/cloud/answer/6158849?hl=en#zippy=) - [Guide to generating GitHub OAuth Client Credentials](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app) - ### Configuring Dex OIDC provider - ```bash -curl https://raw.githubusercontent.com/litmuschaos/litmus/8d025a2f3101990a1acc002612fbe7281dcbfb4d/litmus-portal/dex-server/dex-deployment.yaml --output dex-deployment.yaml +curl https://raw.githubusercontent.com/litmuschaos/litmus/master/litmus-portal/dex-server/dex-deployment.yaml --output dex-deployment.yaml ``` 1. Open the file with your favorite text-editor 2. You will find the following `config-map` with some data, replace your data as the comments suggests + ```yaml - issuer: http://:32000 # Replace your NODE_IP here + issuer: http://:32000 # Replace with the DEX URL storage: type: kubernetes config: @@ -58,6 +57,7 @@ curl https://raw.githubusercontent.com/litmuschaos/litmus/8d025a2f3101990a1acc00 redirectURIs: - '/auth/dex/callback' - 'http://localhost:8080/auth/dex/callback' # Included for local testing purposes + - 'http:///auth/dex/callback' # Replace with the Litmus Portal Frontend callback name: 'LitmusPortalAuthBackend' secret: ZXhhbXBsZS1hcHAtc2VjcmV0 oauth2: @@ -69,14 +69,14 @@ curl https://raw.githubusercontent.com/litmuschaos/litmus/8d025a2f3101990a1acc00 config: clientID: # Add your Google Client ID here clientSecret: # Add your Google Client Secret here - redirectURI: http://:32000 # Replace your NODE_IP here + redirectURI: http://:32000 # Replace with the DEX URL - type: github id: github name: GitHub config: clientID: # Add your GitHub Client ID here clientSecret: # Add your GitHub Client Secret here - redirectURI: http://:32000/callback # Replace your NODE_IP here + redirectURI: http://:32000/callback # Replace with the DEX URL ``` **Note: The Dex OIDC provider runs at `NODE_IP:32000` by default** @@ -103,30 +103,32 @@ litmusportal-server-9c4d85f57-5r6km 2/2 Running 0 mongo-0 1/1 Running 0 5m57s ``` - ### Configuring `litmusportal-server` to enable Dex features To set up Dex, we would require to modify our litmusportal-server a bit in order to communicate with Dex. This will be achieved by adding some environment variables - `OIDC_ISSUER`: The place where the Dex OIDC lives, i.e `NODE_IP:32000` - `DEX_ENABLED`: This variable enables dex features in the litmusportal-server -- `CALLBACK_URL`: This is the url that will be called back after user completes thier OAuth, this will be the litmusportal-frontend service +- `DEX_OAUTH_CALLBACK_URL`: This is the url that will be called back after user completes its authentication, this will be the litmusportal-frontend service +- `DEX_OAUTH_CLIENT_ID`: The client ID defined at the DEX server to allow it act on behalf of Litmus, i.e: `LitmusPortalAuthBackend` +- `DEX_OAUTH_CLIENT_SECRET`: The client secret defined at the DEX server, i.e: `ZXhhbXBsZS1hcHAtc2VjcmV0` -Set your variables using +Set your variables using ```bash -kubectl set env deployment/litmusportal-server -n litmus --containers="auth-server" DEX_SERVER="true", OIDC_ISSUER=:32000, CALLBACK_URL= +kubectl set env deployment/litmusportal-server -n litmus --containers="auth-server" DEX_SERVER="true", OIDC_ISSUER=:32000, DEX_OAUTH_CALLBACK_URL=/callback, +DEX_OAUTH_CLIENT_ID="LitmusPortalAuthBackend", +DEX_OAUTH_CLIENT_SECRET="ZXhhbXBsZS1hcHAtc2VjcmV0" ``` + Your litmusportal-server pod will be restarted and Dex features will be enabled! ### Verifying if OAuth2 is enabled -Go to http://litmusportal-frontend-service/auth/dex/login, you should be prompted with Google or GitHub login +Go to , you should be prompted with Google or GitHub login ![litmus-oauth-image](https://user-images.githubusercontent.com/31009634/135559389-c8cdf53c-76cf-4f9d-acaa-99014540f9cf.png) - - ## Resources - [Dex OIDC Provider configurations](https://dexidp.io/docs/) @@ -137,4 +139,3 @@ Go to http://litmusportal-frontend-service/auth/dex/login, you should be prompte - [Connect External ChaosAgents to ChaosCenter](../user-guides/chaosagents-installation.md) - [Setup Endpoints and Access ChaosCenter without Ingress](../user-guides/setup-without-ingress.md) - [Setup Endpoints and Access ChaosCenter with Ingress](../user-guides/setup-with-ingress.md) - From ec4fe90009403eeef4b289a553d115153e4e377e Mon Sep 17 00:00:00 2001 From: Bruno Barin Date: Tue, 14 Dec 2021 14:31:03 -0300 Subject: [PATCH 2/3] Update website/docs/user-guides/chaoscenter-oauth-dex-installation.md Co-authored-by: Hemanth Krishna Signed-off-by: Bruno Barin --- .../docs/user-guides/chaoscenter-oauth-dex-installation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/user-guides/chaoscenter-oauth-dex-installation.md b/website/docs/user-guides/chaoscenter-oauth-dex-installation.md index 0199404d..d44205f9 100644 --- a/website/docs/user-guides/chaoscenter-oauth-dex-installation.md +++ b/website/docs/user-guides/chaoscenter-oauth-dex-installation.md @@ -110,8 +110,8 @@ To set up Dex, we would require to modify our litmusportal-server a bit in order - `OIDC_ISSUER`: The place where the Dex OIDC lives, i.e `NODE_IP:32000` - `DEX_ENABLED`: This variable enables dex features in the litmusportal-server - `DEX_OAUTH_CALLBACK_URL`: This is the url that will be called back after user completes its authentication, this will be the litmusportal-frontend service -- `DEX_OAUTH_CLIENT_ID`: The client ID defined at the DEX server to allow it act on behalf of Litmus, i.e: `LitmusPortalAuthBackend` -- `DEX_OAUTH_CLIENT_SECRET`: The client secret defined at the DEX server, i.e: `ZXhhbXBsZS1hcHAtc2VjcmV0` +- `DEX_OAUTH_CLIENT_ID`: The client ID defined at the DEX server to allow it act on behalf of Litmus, e.g: `LitmusPortalAuthBackend` +- `DEX_OAUTH_CLIENT_SECRET`: The client secret defined at the DEX server, e.g: `ZXhhbXBsZS1hcHAtc2VjcmV0` Set your variables using From 84d5e7f085e827edc44b20c6e99f9b634ff1715d Mon Sep 17 00:00:00 2001 From: Bruno Barin Date: Wed, 15 Dec 2021 09:28:41 -0300 Subject: [PATCH 3/3] Warns about litmusportal-server being restarted after changes in configuration for DEX Signed-off-by: Bruno Barin --- website/docs/user-guides/chaoscenter-oauth-dex-installation.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/docs/user-guides/chaoscenter-oauth-dex-installation.md b/website/docs/user-guides/chaoscenter-oauth-dex-installation.md index d44205f9..3399ebc2 100644 --- a/website/docs/user-guides/chaoscenter-oauth-dex-installation.md +++ b/website/docs/user-guides/chaoscenter-oauth-dex-installation.md @@ -121,7 +121,10 @@ DEX_OAUTH_CLIENT_ID="LitmusPortalAuthBackend", DEX_OAUTH_CLIENT_SECRET="ZXhhbXBsZS1hcHAtc2VjcmV0" ``` +
+⚠ Your litmusportal-server pod will be restarted and Dex features will be enabled! +
### Verifying if OAuth2 is enabled