Skip to content

Commit

Permalink
Add ABAC roles mapping documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@jraddaoui
jraddaoui committed Oct 15, 2024
1 parent d4b1947 commit 8e3edba
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 0 deletions.
14 changes: 14 additions & 0 deletions docs/src/admin-manual/iac.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,18 @@ claimPathSeparator = ""
# to a value of ["*"] when `claimValuePrefix = "enduro:"`. The default "" will
# not filter any value.
claimValuePrefix = ""
# Consider the values obtained from the claim as roles and use the `rolesMapping`
# config below to map them to Enduro attributes.
useRoles = false
# A JSON formatted string specifying a mapping from expected roles to Enduro
# attributes. JSON format:
# {
# "role1": ["attribute1", "atrribute2"],
# "role2": ["attribute1", "atrribute2", "attribute3", "atrribute4"]
# }
# Example:
# rolesMapping = '{"admin": ["*"], "operator": ["package:list", "package:listActions", "package:move", "package:read", "package:upload"], "readonly": ["package:list", "package:listActions", "package:read"]}'
rolesMapping = ""

[api.auth.ticket.redis]
# Redis URI to store a ticket used to set a websocket connection.
Expand All @@ -83,6 +95,8 @@ VITE_OIDC_ABAC_ENABLED
VITE_OIDC_ABAC_CLAIM_PATH
VITE_OIDC_ABAC_CLAIM_PATH_SEPARATOR
VITE_OIDC_ABAC_CLAIM_VALUE_PREFIX
VITE_OIDC_ABAC_USE_ROLES
VITE_OIDC_ABAC_ROLES_MAPPING
```

They must match the ones configured in the API. `VITE_OIDC_AUTHORITY` has to be
Expand Down
10 changes: 10 additions & 0 deletions enduro.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,17 @@ claimPathSeparator = ""
# to a value of ["*"] when `claimValuePrefix = "enduro:"`. The default "" will
# not filter any value.
claimValuePrefix = ""
# Consider the values obtained from the claim as roles and use the `rolesMapping`
# config below to map them to Enduro attributes.
useRoles = false
# A JSON formatted string specifying a mapping from expected roles to Enduro
# attributes. JSON format:
# {
# "role1": ["attribute1", "atrribute2"],
# "role2": ["attribute1", "atrribute2", "attribute3", "atrribute4"]
# }
# Example:
# rolesMapping = '{"admin": ["*"], "operator": ["package:list", "package:listActions", "package:move", "package:read", "package:upload"], "readonly": ["package:list", "package:listActions", "package:read"]}'
rolesMapping = ""

[api.auth.ticket.redis]
Expand Down

0 comments on commit 8e3edba

Please sign in to comment.