-
Notifications
You must be signed in to change notification settings - Fork 4
/
configMap.yaml
130 lines (130 loc) · 4.61 KB
/
configMap.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
apiVersion: v1
kind: ConfigMap
metadata:
name: identity-platform-admin-ui
data:
PORT: "8000"
LOG_LEVEL: DEBUG
TRACING_ENABLED: "false"
KRATOS_PUBLIC_URL: http://kratos-public.default.svc.cluster.local
KRATOS_ADMIN_URL: http://kratos-admin.default.svc.cluster.local
HYDRA_ADMIN_URL: http://hydra-admin.default.svc.cluster.local:4445
OATHKEEPER_PUBLIC_URL: http://oathkeeper-api.default.svc.cluster.local:4456
IDP_CONFIGMAP_NAME: idps
IDP_CONFIGMAP_NAMESPACE: default
SCHEMAS_CONFIGMAP_NAME: identity-schemas
SCHEMAS_CONFIGMAP_NAMESPACE: default
RULES_CONFIGMAP_NAME: oathkeeper-rules
RULES_CONFIGMAP_FILE_NAME: access-rules.json
RULES_CONFIGMAP_NAMESPACE: default
OPENFGA_API_SCHEME: http
OPENFGA_API_HOST: openfga.default.svc.cluster.local:8080
OPENFGA_API_TOKEN: "42"
OPENFGA_STORE_ID: "-----to-be-replaced----"
OPENFGA_AUTHORIZATION_MODEL_ID: "-----to-be-replaced----"
AUTHORIZATION_ENABLED: "true"
AUTHENTICATION_ENABLED: "true"
OIDC_ISSUER: "https://iam.dev.canonical.com/stg-identity-jaas-dev-hydra"
OAUTH2_CLIENT_ID: "-----to-be-replaced----"
OAUTH2_CLIENT_SECRET: "-----to-be-replaced----"
OAUTH2_REDIRECT_URI: "http://localhost:8000/api/v0/auth/callback"
OAUTH2_CODEGRANT_SCOPES: "openid,offline_access,email,profile"
OAUTH2_AUTH_COOKIES_ENCRYPTION_KEY: "WrfOcYmVBwyduEbKYTUhO4X7XVaOQ1wF"
ACCESS_TOKEN_VERIFICATION_STRATEGY: "jwks"
MAIL_HOST: "mailhog.default.svc.cluster.local"
MAIL_PORT: "1025"
MAIL_FROM_ADDRESS: "identity-team@canonical.com"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: idps
data:
"idps.yaml": |
- id: microsoft_af675f353bd7451588e2b8032e315f6f
client_id: af675f35-3bd7-4515-88e2-b8032e315f6f
provider: microsoft
client_secret: 3y38Q~aslkdhaskjhd~W0xWDB.123u98asd
microsoft_tenant: e1574293-28de-4e94-87d5-b61c76fc14e1
mapper_url: file:///etc/config/kratos/microsoft_schema.jsonnet
scope:
- profile
- email
- address
- phone
- id: google_18fa2999e6c9475aa49515d933d8e8ce
client_id: 18fa2999-e6c9-475a-a495-15d933d8e8ce
provider: google
client_secret: 3y38Q~aslkdhaskjhd~W0xWDB.123u98asd
mapper_url: file:///etc/config/kratos/google_schema.jsonnet
scope:
- profile
- email
- address
- phone
- id: aws_18fa2999e6c9475aa49589d941d8e1zy
client_id: 18fa2999-e6c9-475a-a495-89d941d8e1zy
provider: aws
client_secret: 3y38Q~aslkdhaskjhd~W0xWDB.123u98asd
mapper_url: file:///etc/config/kratos/google_schema.jsonnet
scope:
- profile
- email
- address
- phone
---
apiVersion: v1
kind: ConfigMap
metadata:
name: identity-schemas
data:
"default.schema": "default"
"admin_v0": |
{
"id": "admin_v0",
"schema": {
"$id": "https://schemas.canonical.com/presets/kratos/admin_v0.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"properties": {
"additionalProperties": true,
"traits": {
"properties": {
"email": {
"format": "email",
"minLength": 3,
"ory.sh/kratos": {
"verification": {
"via": "email"
}
},
"title": "E-Mail",
"type": "string"
},
"name": {
"title": "Name",
"type": "string"
},
"phone_number": {
"title": "Phone Number",
"type": "string"
},
"username": {
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
}
},
"title": "Username",
"type": "string"
}
},
"type": "object"
}
},
"title": "Admin Account",
"type": "object"
}
}