Iss. #11 - Update docker-compose for FDN API, update auth defaults
Included extra defaults in secrets files, and added default realm, scopes, and clients to be added in startup for keycloak.
Merge request reports
Activity
assigned to @cguindon, @epoirier, @zhoufang, and @zacharysabourin
added 1 commit
- 1c60882f - Iss. #11 (closed) - Update docker-compose for FDN API, update auth defaults
- Resolved by Martin Lowe
- config/keycloak/realm-export.json 0 → 100644
175 "containerId": "foundation", 176 "attributes": {} 177 }, 178 { 179 "id": "7c66615b-2087-4102-8404-c7ad8fd59994", 180 "name": "fdn_read_org", 181 "composite": true, 182 "composites": { 183 "realm": [ 184 "fdb_read_organization", 185 "fdb_read_organization_transactions", 186 "fdb_read_organization_documents", 187 "fdb_read_organization_employment" 188 ] 189 }, 190 "clientRole": false, I am concerned that we are exposing a bit too much of our security configurations here. However, I do understand this is an export of our testing environment not production. I also understand that secrets are not included in exports.
Note: Attributes containing secrets or private information will be masked in export file.
@mbarbero do you think it's safe to export the keycloak config and include it in our project? I would personally prefer a solution similar to what I am doing with drupal where I am copying sensitive data from a private server. What is your recommendation?
Another solution would be for us to use a staging instance of keycloak to avoid from having to provide an instance of keycloak for this type of project.
@mbarbero Can you remind me if we have a staging instance of keycloak that we can use for testing? Would that be preferable in your opinion?>
changed this line in version 5 of the diff
We don't have staging instance of keycloak. I guess it would be much preferable (on okd-c2, our test/staging cluster would be even better). I can work with @mward and @jmazanek4ep to teach them how to setup one (that would let them gain experience with keycloak in order to maintain the production instance from now on as well).
WDYT?
added 1 commit
- af61d7a6 - Update make commands to use templates, made maria optional w/ profile
added 1 commit
- 53c201f9 - Update make commands to use templates, made maria optional w/ profile
added 1 commit
- 61f4a30b - Remove keycloak as its meant to be configured else where
unassigned @cguindon, @zacharysabourin, @zhoufang, and @epoirier
requested review from @cguindon, @epoirier, @zacharysabourin, and @zhoufang
added 4 commits
-
61f4a30b...59bea6d1 - 3 commits from branch
eclipsefdn/it/api:main
- 4fdf1553 - Merge branch 'main' into 'malowe/main/11'
-
61f4a30b...59bea6d1 - 3 commits from branch
mentioned in commit df7a0dd9