-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Frank Jogeleit <[email protected]>
- Loading branch information
Showing
5 changed files
with
120 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,10 +2,6 @@ | |
|
||
With Policy Reporter UI v2 it is possible to use either OAuth2 or OpenIDConnect as authentication mechanism. | ||
|
||
::: warning | ||
Its not possible to reduce or configure view permission based on roles or any other information yet. Authentication ensures that no unauthorized person is able to open the UI at all. | ||
::: | ||
|
||
## OAuth2 | ||
|
||
Policy Reporter UI v2 supports a fixed set of oauth2 providers. If the provider of your choice is not yet supported, you can submit a feature request for it. | ||
|
@@ -115,3 +111,51 @@ ui: | |
``` | ||
::: | ||
## Access Control | ||
The current MVP provides a basic machanism to manage access control for custom boards and and generated dashboards. | ||
*More fine grained and flexible access control is planned for later releases.* | ||
### Allow E-Mail List | ||
It is possible to define a list of user emails per custom board that are allowed to access it. It is also possible to define a list of user emails that are allowed to access all generated dashboards, access to a subset of dashboards is not yet supported. | ||
### Example | ||
* Allow a set of users to access all generated resource- and policy dashboards. | ||
* Allow a set of users to access the **Infrastructure** custom board. | ||
::: code-group | ||
```yaml [values.yaml] | ||
ui: | ||
boards: | ||
accessControl: | ||
emails: ['[email protected]'] | ||
|
||
customBoards: | ||
- name: Infrastructure | ||
namespaces: | ||
selector: | ||
team: infra | ||
accessControl: | ||
emails: ['[email protected]'] | ||
``` | ||
```yaml [config.yaml] | ||
boards: | ||
accessControl: | ||
emails: ['[email protected]'] | ||
|
||
customBoards: | ||
- name: Infrastructure | ||
namespaces: | ||
selector: | ||
team: infra | ||
accessControl: | ||
emails: ['[email protected]'] | ||
``` | ||
::: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
# App Configuration | ||
|
||
## Logging | ||
|
||
Configure additional request logging, output format and log level. | ||
|
||
::: code-group | ||
|
||
```yaml [values.yaml] | ||
ui: | ||
logging: | ||
# -- enables external api request logging | ||
api: false | ||
# -- enables server access logging | ||
server: false | ||
# -- log encoding | ||
# possible encodings are console and json | ||
encoding: console | ||
# -- log level | ||
# default info | ||
logLevel: 0 | ||
``` | ||
```yaml [config.yaml] | ||
logging: | ||
# -- Enables external api request logging | ||
api: false | ||
# -- Enables server access logging | ||
server: false | ||
# -- Log encoding | ||
# possible encodings are console and json | ||
encoding: console | ||
# -- Log level | ||
# default info | ||
logLevel: 0 | ||
``` | ||
::: | ||
## Server | ||
Customize server related configurations | ||
::: code-group | ||
```yaml [values.yaml] | ||
ui: | ||
server: | ||
# -- Application port | ||
port: 8080 | ||
# -- Enables CORS header | ||
cors: true | ||
# -- Overwrites Request Host with Proxy Host and adds `X-Forwarded-Host` and `X-Origin-Host` headers | ||
overwriteHost: true | ||
``` | ||
```yaml [values.yaml] | ||
server: | ||
# -- Application port | ||
port: 8080 | ||
# -- Enabled CORS header | ||
cors: true | ||
# -- Overwrites Request Host with Proxy Host and adds `X-Forwarded-Host` and `X-Origin-Host` headers | ||
overwriteHost: true | ||
``` | ||
::: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters