From 88ce81a078313399a969bbf7b953d85f6f734d35 Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Wed, 9 Aug 2023 14:41:39 +0200 Subject: [PATCH 1/8] first landing page updates --- docs/content/_index.adoc | 47 +++++++++++++++++-- .../mytheme/layouts/shortcodes/seo.html | 10 ++-- 2 files changed, 49 insertions(+), 8 deletions(-) diff --git a/docs/content/_index.adoc b/docs/content/_index.adoc index 7ac2bfb3f..7f2d89e9b 100644 --- a/docs/content/_index.adoc +++ b/docs/content/_index.adoc @@ -6,9 +6,50 @@ draft: false {{< seo title="Verify access all the time and everywhere with Heimdall" - link="/docs/getting_started/concepts.adoc" - link_title="Get Started" >}} -Adopt Zero Trust architecture by authenticating, enriching and authorizing incoming HTTP requests at any level. No need to learn new protocols, authentication and authorization frameworks. You can still use them. +Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service, which can help you adopting Zero Trust architecture by authenticating, enriching and authorizing incoming HTTP requests at any level. No need to learn new protocols, authentication and authorization frameworks. +

+}}">Get Started {{< /seo >}} +{{% seo title="Easy to integrate" %}} + +Use technics you are already familiar with + +[source, yaml] +---- +apiVersion: heimdall.dadrus.github.com/v1alpha2 +kind: RuleSet +metadata: + name: My awesome service +spec: + rules: + - id: my_api_rule + match: + url: http://127.0.0.1:9090/api/<**> + execute: + - authenticator: keycloak + - authorizer: opa +---- + +The decision process can be controlled by each and every upstream service individually via rules, which heimdall can load from different sources, like e.g. from a `RuleSet` kubernetes resource. + + +{{% /seo %}} + +{{% seo title="Reduces the cognitive load of your team" %}} + +By outsourcing authentication and authorization decisions to heimdall you can reduce the complexity of your code base, free resources and reduce the cognitive load of your team pretty much. + +{{% /seo %}} + +{{% seo title="Feature rich" %}} + +* Use pipelines to compose reusable steps into the logic you need +* Dynamically enrich requests with information like e.g. user data to help you make authorization decisions +* Use Common Expression Language to implement complex authorization logic within a pipeline +* Use existing authorization systems, like OpenFGA, Ory Keto, Open Policy Agent and many more. +* Use existing authentication systems supporting OpenID Connect or OAuth2 +* Combine existing authentication systems + +{{% /seo %}} \ No newline at end of file diff --git a/docs/themes/mytheme/layouts/shortcodes/seo.html b/docs/themes/mytheme/layouts/shortcodes/seo.html index 77c7643a3..77bb2f061 100644 --- a/docs/themes/mytheme/layouts/shortcodes/seo.html +++ b/docs/themes/mytheme/layouts/shortcodes/seo.html @@ -1,7 +1,7 @@ +{{ $_hugo_config := `{ "version": 1 }` }}
-

{{ .Get "title" }}

-

{{ .Inner }}

- {{ $link := .Get "link" }} - {{ $linkTitle := .Get "link_title" }} - {{ $linkTitle }} +

{{ .Get "title" }}


+
+ {{ .Inner }} +
\ No newline at end of file From 0f3b2bb5614f90f3f505f2bc0babfd03e5979b04 Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Wed, 9 Aug 2023 14:46:08 +0200 Subject: [PATCH 2/8] more content --- docs/content/_index.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/content/_index.adoc b/docs/content/_index.adoc index 7f2d89e9b..dc5ae6c5e 100644 --- a/docs/content/_index.adoc +++ b/docs/content/_index.adoc @@ -51,5 +51,6 @@ By outsourcing authentication and authorization decisions to heimdall you can re * Use existing authorization systems, like OpenFGA, Ory Keto, Open Policy Agent and many more. * Use existing authentication systems supporting OpenID Connect or OAuth2 * Combine existing authentication systems +* Can be integrated with any proxy or API Gateway. {{% /seo %}} \ No newline at end of file From 62de25eacf38cedd4fc5dc1e9deca27e0ede8d8a Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Wed, 9 Aug 2023 15:12:46 +0200 Subject: [PATCH 3/8] obsolete template removed --- docs/themes/mytheme/layouts/shortcodes/seo.html | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/themes/mytheme/layouts/shortcodes/seo.html b/docs/themes/mytheme/layouts/shortcodes/seo.html index 77bb2f061..35e89deab 100644 --- a/docs/themes/mytheme/layouts/shortcodes/seo.html +++ b/docs/themes/mytheme/layouts/shortcodes/seo.html @@ -1,4 +1,3 @@ -{{ $_hugo_config := `{ "version": 1 }` }}

{{ .Get "title" }}


From ab065e6ff2a5f147fb910452e0b7d6a4e9648a3b Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Wed, 9 Aug 2023 15:15:26 +0200 Subject: [PATCH 4/8] updates based on the recent comments to the PR --- docs/content/_index.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/content/_index.adoc b/docs/content/_index.adoc index dc5ae6c5e..a73b4968c 100644 --- a/docs/content/_index.adoc +++ b/docs/content/_index.adoc @@ -14,7 +14,7 @@ Heimdall is a cloud native Identity Aware Proxy and Access Control Decision serv {{% seo title="Easy to integrate" %}} -Use technics you are already familiar with +Use techniques you are already familiar with [source, yaml] ---- @@ -32,14 +32,14 @@ spec: - authorizer: opa ---- -The decision process can be controlled by each and every upstream service individually via rules, which heimdall can load from different sources, like e.g. from a `RuleSet` kubernetes resource. +Create rules for each upstream and path you want to secure, loading them from a variety of sources such as Kubernetes custom resources, S3 buckets or regular files. {{% /seo %}} {{% seo title="Reduces the cognitive load of your team" %}} -By outsourcing authentication and authorization decisions to heimdall you can reduce the complexity of your code base, free resources and reduce the cognitive load of your team pretty much. +By outsourcing authentication and authorization decisions to heimdall you can reduce the complexity of your code base, free resources and reduce the cognitive load of your team substantially. {{% /seo %}} From baff76b7df82ec36594a1a41281089585f06b1a8 Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Wed, 9 Aug 2023 15:25:48 +0200 Subject: [PATCH 5/8] template block added again as it is required to properly render inner contents --- docs/themes/mytheme/layouts/shortcodes/seo.html | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/themes/mytheme/layouts/shortcodes/seo.html b/docs/themes/mytheme/layouts/shortcodes/seo.html index 35e89deab..77bb2f061 100644 --- a/docs/themes/mytheme/layouts/shortcodes/seo.html +++ b/docs/themes/mytheme/layouts/shortcodes/seo.html @@ -1,3 +1,4 @@ +{{ $_hugo_config := `{ "version": 1 }` }}

{{ .Get "title" }}


From b46e9cc3526e857445d387d8300c23973890ff1e Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Wed, 9 Aug 2023 15:50:22 +0200 Subject: [PATCH 6/8] new css class added to use for better rendering --- docs/themes/mytheme/layouts/shortcodes/seo.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/themes/mytheme/layouts/shortcodes/seo.html b/docs/themes/mytheme/layouts/shortcodes/seo.html index 77bb2f061..2a615388d 100644 --- a/docs/themes/mytheme/layouts/shortcodes/seo.html +++ b/docs/themes/mytheme/layouts/shortcodes/seo.html @@ -1,5 +1,5 @@ {{ $_hugo_config := `{ "version": 1 }` }} -
+

{{ .Get "title" }}


{{ .Inner }} From d01a6b52127ebc67b995fadcc13877f10b0e40b7 Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Wed, 9 Aug 2023 15:50:38 +0200 Subject: [PATCH 7/8] sections rearranged --- docs/content/_index.adoc | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/content/_index.adoc b/docs/content/_index.adoc index a73b4968c..e7d629410 100644 --- a/docs/content/_index.adoc +++ b/docs/content/_index.adoc @@ -4,13 +4,18 @@ date: 2022-06-05T20:03:18+02:00 draft: false --- -{{< seo - title="Verify access all the time and everywhere with Heimdall" ->}} +{{% seo title="Verify access all the time and everywhere with Heimdall" %}} Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service, which can help you adopting Zero Trust architecture by authenticating, enriching and authorizing incoming HTTP requests at any level. No need to learn new protocols, authentication and authorization frameworks. -

-}}">Get Started -{{< /seo >}} + + +link:{{< relref "/docs/getting_started/concepts.adoc" >}}[Get Started] +{{% /seo %}} + +{{% seo title="Reduce the cognitive load of your team" %}} + +By outsourcing authentication and authorization decisions to heimdall you can reduce the complexity of your code base, free resources and reduce the cognitive load of your team substantially. + +{{% /seo %}} {{% seo title="Easy to integrate" %}} @@ -32,14 +37,9 @@ spec: - authorizer: opa ---- -Create rules for each upstream and path you want to secure, loading them from a variety of sources such as Kubernetes custom resources, S3 buckets or regular files. - - -{{% /seo %}} - -{{% seo title="Reduces the cognitive load of your team" %}} +Create rules for each upstream and path you want to secure, loading them from a variety of sources such as Kubernetes custom resources, S3 buckets, any HTTPs endpoints or regular files. -By outsourcing authentication and authorization decisions to heimdall you can reduce the complexity of your code base, free resources and reduce the cognitive load of your team substantially. +link:{{< relref "/docs/configuration/rules/overview.adoc" >}}"[Learn more about rules] {{% /seo %}} From 2154265b44e7e816ddd29a3a65cba41cfd24cd58 Mon Sep 17 00:00:00 2001 From: Dimitrij Drus Date: Mon, 14 Aug 2023 09:59:51 +0200 Subject: [PATCH 8/8] further work on landing page --- docs/config.yaml | 3 +- docs/content/_index.adoc | 41 ++++++++----------- docs/themes/mytheme/layouts/index.html | 4 +- .../mytheme/layouts/partials/header.html | 2 +- .../themes/mytheme/layouts/partials/hero.html | 8 ++++ .../mytheme/layouts/shortcodes/grid.html | 6 +++ .../mytheme/layouts/shortcodes/gridentry.html | 9 ++++ .../mytheme/layouts/shortcodes/seo.html | 4 +- 8 files changed, 47 insertions(+), 30 deletions(-) create mode 100644 docs/themes/mytheme/layouts/partials/hero.html create mode 100644 docs/themes/mytheme/layouts/shortcodes/grid.html create mode 100644 docs/themes/mytheme/layouts/shortcodes/gridentry.html diff --git a/docs/config.yaml b/docs/config.yaml index 0971e7d31..f79a5e696 100644 --- a/docs/config.yaml +++ b/docs/config.yaml @@ -78,7 +78,7 @@ params: name: Apache 2.0 url: https://github.com/dadrus/heimdall/blob/master/LICENSE author: Dimitrij Drus - description: Heimdall is an open source identity aware proxy (IAP) and access control decision service, designed for cloud native applications + description: An open source Identity Aware Proxy and an Access Control Decision service for cloud native applications github: user: dadrus project: heimdall @@ -88,6 +88,7 @@ params: version_file: /heimdall/data.json search_index_file: /heimdall/x-current-version/index.json path_prefix: /heimdall/x-current-version + docs_entry_point: /docs/welcome.adoc module: mounts: diff --git a/docs/content/_index.adoc b/docs/content/_index.adoc index e7d629410..d4a23cae5 100644 --- a/docs/content/_index.adoc +++ b/docs/content/_index.adoc @@ -1,25 +1,17 @@ --- -title: "Index" +title: "Heimdall - a cloud native Identity Aware Proxy and Access Control Decision service" date: 2022-06-05T20:03:18+02:00 draft: false --- -{{% seo title="Verify access all the time and everywhere with Heimdall" %}} -Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service, which can help you adopting Zero Trust architecture by authenticating, enriching and authorizing incoming HTTP requests at any level. No need to learn new protocols, authentication and authorization frameworks. - +{{% seo title="Verify access all the time and everywhere with Heimdall" alignment="right" %}} +Adopt Zero Trust architecture by authenticating, enriching and authorizing incoming HTTP requests at any level. No need to learn new protocols, authentication and authorization frameworks. Just how to glue them with heimdall. link:{{< relref "/docs/getting_started/concepts.adoc" >}}[Get Started] {{% /seo %}} -{{% seo title="Reduce the cognitive load of your team" %}} - -By outsourcing authentication and authorization decisions to heimdall you can reduce the complexity of your code base, free resources and reduce the cognitive load of your team substantially. - -{{% /seo %}} - -{{% seo title="Easy to integrate" %}} - -Use techniques you are already familiar with +{{% seo title="Define rules reflecting your requirements" %}} +Use declarative techniques you are already familiar with [source, yaml] ---- @@ -37,20 +29,21 @@ spec: - authorizer: opa ---- -Create rules for each upstream and path you want to secure, loading them from a variety of sources such as Kubernetes custom resources, S3 buckets, any HTTPs endpoints or regular files. +Create rules for each upstream and path you want to secure, respectively, which deviates from your defaults, loading them from a variety of sources such as Kubernetes custom resources, S3 buckets, any HTTPs endpoints or regular files. link:{{< relref "/docs/configuration/rules/overview.adoc" >}}"[Learn more about rules] - {{% /seo %}} -{{% seo title="Feature rich" %}} - -* Use pipelines to compose reusable steps into the logic you need -* Dynamically enrich requests with information like e.g. user data to help you make authorization decisions -* Use Common Expression Language to implement complex authorization logic within a pipeline -* Use existing authorization systems, like OpenFGA, Ory Keto, Open Policy Agent and many more. -* Use existing authentication systems supporting OpenID Connect or OAuth2 -* Combine existing authentication systems -* Can be integrated with any proxy or API Gateway. +{{% seo title="The value you get" %}} +{{% grid %}} +{{% gridentry title="Reduce the cognitive load of your team" %}}By outsourcing authentication and authorization decisions to heimdall you can reduce the complexity of your code base, free resources and reduce the cognitive load of your team substantially.{{% /gridentry %}} +{{% gridentry title="Secure defaults for your services" %}}Define logic to be executed if no rule matches{{% /gridentry %}} +{{% gridentry title="Define mechanisms once, reuse many times" %}}Use rules to compose reusable steps into the logic you need individually for your services{{% /gridentry %}} +{{% gridentry title="Add context information to requests" %}}Dynamically enrich requests with information like e.g. user data to help you make authorization decisions and reduce dependencies in your code{{% /gridentry %}} +{{% gridentry title="Common Expression Language" %}}Use Common Expression Language to implement complex pipeline execution logic and simple authorization within a pipeline{{% /gridentry %}} +{{% gridentry title="Authorization systems freedom" %}}Use existing authorization systems, like OpenFGA, Ory Keto, Open Policy Agent and alike and combine them if required to get the best out of different worlds{{% /gridentry %}} +{{% gridentry title="OpenID Connect & OAuth2" %}}Use existing authentication systems supporting OpenID Connect or OAuth2{{% /gridentry %}} +{{% gridentry title="Authentication systems freedom" %}}Combine existing authentication systems to protect different areas of your system with different authentication systems. E.g. you can use one system to protect customer facing functionality and yet another for managing access to your backoffice specific functionality{{% /gridentry %}} +{{% /grid %}} {{% /seo %}} \ No newline at end of file diff --git a/docs/themes/mytheme/layouts/index.html b/docs/themes/mytheme/layouts/index.html index e3779e854..f756b52f4 100644 --- a/docs/themes/mytheme/layouts/index.html +++ b/docs/themes/mytheme/layouts/index.html @@ -1,7 +1,7 @@ {{- define "main" -}} - +{{- partial "hero.html" . -}}
- {{ .Content }} + {{ .Content }}
{{- end -}} diff --git a/docs/themes/mytheme/layouts/partials/header.html b/docs/themes/mytheme/layouts/partials/header.html index 7c095d9ef..1bdde3747 100644 --- a/docs/themes/mytheme/layouts/partials/header.html +++ b/docs/themes/mytheme/layouts/partials/header.html @@ -11,7 +11,7 @@