add oidc auth docker-compose overrides

Signed-off-by: Rui Yang <ryang@pivotal.io> Co-authored-by: Bohan Chen <bochen@pivotal.io>
2020-11-11 17:56:47 -05:00 · 2020-11-11 17:56:47 -05:00 · a6217f2e29
parent 04f682cc17
commit a6217f2e29
3 changed files with 71 additions and 0 deletions
--- a/hack/oidc/config.json
+++ b/hack/oidc/config.json
@ -0,0 +1,18 @@
+{
+  "idp_name": "http://oidc:9000",
+  "port": 9000,
+  "client_config": [
+    {
+      "client_id": "foo",
+      "client_secret": "bar",
+      "redirect_uris": [
+        "http://localhost:8080/sky/issuer/callback"
+      ]
+    }
+  ],
+  "claim_mapping": {
+    "openid": [ "sub" ],
+    "email": [ "email", "email_verified" ],
+    "profile": [ "id", "username", "preferred_username", "groups" ]
+  }
+}
--- a/hack/oidc/users.json
+++ b/hack/oidc/users.json
@ -0,0 +1,20 @@
+[
+  {
+    "id": "1",
+    "email": "user1@example.com",
+    "email_verified": true,
+    "username": "user1",
+    "preferred_username": "John",
+    "password": "user1pass",
+    "groups": ["group1"]
+  },
+  {
+    "id": "2",
+    "email": "user2@example.com",
+    "email_verified": true,
+    "username": "user2",
+    "preferred_username": "John",
+    "password": "user2pass",
+    "groups": []
+  }
+]
--- a/hack/overrides/oidc.yml
+++ b/hack/overrides/oidc.yml
@ -0,0 +1,33 @@
+# oidc.yml - a docker-compose override that adds a oidc IDP to the stack
+#
+# There are 2 users and 1 group:
+# user1@example.com:user1pass;group1
+# user2@example.com:user2pass
+#
+# ref: https://hub.docker.com/r/qlik/simple-oidc-provider/
+# ref: https://docs.docker.com/compose/extends/
+#
+version: '3'
+
+services:
+  web:
+    environment:
+      # CONCOURSE_MAIN_TEAM_OIDC_USER: user1
+      CONCOURSE_MAIN_TEAM_OIDC_USER: John
+      # CONCOURSE_MAIN_TEAM_OIDC_GROUP: group1
+
+      CONCOURSE_OIDC_ISSUER: http://oidc:9000
+      CONCOURSE_OIDC_CLIENT_ID: foo
+      CONCOURSE_OIDC_CLIENT_SECRET: bar
+
+  oidc:
+    image: qlik/simple-oidc-provider
+    ports:
+    - 9000:9000
+    environment:
+      REDIRECTS: http://localhost:8080/sky/issuer/callback
+      CONFIG_FILE: /oidc/config.json
+      USERS_FILE: /oidc/users.json
+    volumes:
+    - ./hack/oidc:/oidc
+