-
-
Notifications
You must be signed in to change notification settings - Fork 566
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
website/docs: Update ArgoCD integration docs. #9684
Conversation
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik-storybook canceled.
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #9684 +/- ##
==========================================
- Coverage 92.39% 92.36% -0.03%
==========================================
Files 704 704
Lines 34401 34403 +2
==========================================
- Hits 31785 31778 -7
- Misses 2616 2625 +9
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much for this contribution @Gunsmithy ! I made a rather nit-picky request, sorry and please. :-)
@@ -69,16 +132,25 @@ In the `argocd-secret` Secret, add the following value to the `data` field: | |||
dex.authentik.clientSecret: <base 64 encoded value of the Client Secret from the Provider above> | |||
``` | |||
|
|||
If using helm, the above can be added to `configs.secret.extra` like so, securely substituting the string however you see fit: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If using helm, the above can be added to `configs.secret.extra` like so, securely substituting the string however you see fit: | |
If using Helm, the above can be added to `configs.secret.extra` as shown below, securely substituting the string however you see fit: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to further edit this, to identify/qualify and be very specific on what "the above <?>" is... Can we say
"If using Helm, the above string/line/definition/? can be added to a configs.secret.extra
section in the <??> file, as shown below, securely substituting the string however you see fit:"
These are nits (well not the capitalization, that's important), but for new users, it's always nice to be a bit pedantic, and say where (in what file) we are talking about.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Amended, see what you think!
} | ||
|
||
data "authentik_scope_mapping" "scope-email" { | ||
name = "authentik default OAuth Mapping: OpenID 'email'" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you could do something like this here:
data "authentik_scope_mapping" "test" {
managed_list = [
"goauthentik.io/providers/oauth2/scope-email",
"goauthentik.io/providers/oauth2/scope-openid",
"goauthentik.io/providers/oauth2/scope-profile",
]
}
and then use data.authentik_scope_mapping.test.ids
down below
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clean! I didn't realize there was a data source for these. I can make that change. I can make it on the Grafana one as well in this same PR if desired as I lifted this method from there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"goauthentik.io/providers/oauth2/scope-profile",
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, added one small possible improvement, but definitely not required
Details
Updated the ArgoCD integration documentation, primarly to add an example Terraform implementation similar to the one found in the Grafana integration docs. (Lost some time to the lack of this since I didn't know the UI defaults to having the email, openid and profile scopes when creating a new provider.)
Added an extra pointer for how to modify the ArgoCD secret when deployed with Helm, and how to add Readonly users to Argo.
Also made the opinionated change of replacing most HTTP schemes with HTTPS where they should realistically be used. :)
Checklist
ak test authentik/
)make lint-fix
)If an API change has been made
make gen-build
)If changes to the frontend have been made
make web
)If applicable
make website
)