update UI

Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
kyverno · Feb 18, 2024 · 4943663 · 4943663
1 parent 8a9509d
commit 4943663
Show file tree

Hide file tree

Showing 7 changed files with 116 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -9,6 +9,13 @@ Policy Reporter provides also a Prometheus Metrics API as well as an standalone
 
 This project is in an early stage. Please let me know if anything did not work as expected or if you want to send your audits to unsupported targets.
 
+## Preview Feature Docs
+
+Documentation for upcoming features and changes for the new Policy Reporter UI v2 are located in [Docs](https://github.com/kyverno/policy-reporter/tree/3.x/docs)
+
+* [Basic Installation](https://github.com/kyverno/policy-reporter/blob/3.x/docs/TUTORIALS.md)
+* [OAUth2 / OpenIDConnect](https://github.com/kyverno/policy-reporter/blob/3.x/docs/UI_AUTH.md)
+
 ## Documentation
 
 You can find detailed Information and Screens about Features and Configurations in the [Documentation](https://kyverno.github.io/policy-reporter).

diff --git a/charts/policy-reporter/Chart.lock b/charts/policy-reporter/Chart.lock
@@ -4,12 +4,12 @@ dependencies:
   version: 2.8.1
 - name: ui
   repository: oci://ghcr.io/kyverno/charts/policy-reporter
-  version: 0.0.18
+  version: 0.0.22
 - name: kyverno-plugin
   repository: oci://ghcr.io/kyverno/charts/policy-reporter
   version: 0.0.3
 - name: trivy-plugin
   repository: oci://ghcr.io/kyverno/charts/policy-reporter
   version: 0.0.5
-digest: sha256:a28956d9501662782a76ae16f19bb344292354ecb5f930b04510542834765f58
-generated: "2024-02-07T17:38:17.927313+01:00"
+digest: sha256:1a35c9c175c2eee87667e0f2955da34b9503a6d32544b2f26da7a2ba60c5a6bd
+generated: "2024-02-18T16:01:19.61184+01:00"
diff --git a/charts/policy-reporter/Chart.yaml b/charts/policy-reporter/Chart.yaml
@@ -20,7 +20,7 @@ dependencies:
     condition: monitoring.enabled
     version: "2.8.1"
   - name: ui
-    version: "0.0.18"
+    version: "0.0.22"
     repository: "oci://ghcr.io/kyverno/charts/policy-reporter"
     condition: ui.enabled
   - name: kyverno-plugin

diff --git a/charts/policy-reporter/README.md b/charts/policy-reporter/README.md
@@ -348,7 +348,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get
 |  | monitoring | 2.8.1 |
 | oci://ghcr.io/kyverno/charts/policy-reporter | kyverno-plugin | 0.0.3 |
 | oci://ghcr.io/kyverno/charts/policy-reporter | trivy-plugin | 0.0.5 |
-| oci://ghcr.io/kyverno/charts/policy-reporter | ui | 0.0.14 |
+| oci://ghcr.io/kyverno/charts/policy-reporter | ui | 0.0.22 |
 
 ## Maintainers
 

diff --git a/charts/policy-reporter/charts/ui-0.0.18.tgz b/charts/policy-reporter/charts/ui-0.0.18.tgz
diff --git a/charts/policy-reporter/charts/ui-0.0.22.tgz b/charts/policy-reporter/charts/ui-0.0.22.tgz
diff --git a/docs/UI_AUTH.md b/docs/UI_AUTH.md
@@ -0,0 +1,104 @@
+# Configure Authentication for Policy Reporter UI
+
+With Policy Reporter UI v2 it is possible to use either OAuth2 or OpenIDConnect as authentication mechanism.
+
+Its not possible to reduce or configure view permission based on roles or any other information yet. 
+Authentication ensures that no unauthorized person is able to open the UI at all.
+
+## OAuth2
+
+Policy Reporter UI v2 supports a fixed set of oauth2 providers. If the provider of your choice is not yet supported, you can submit a feature request for it.
+
+### Supported OAuth Provider
+
+* amazon
+* gitlab 
+* github 
+* apple
+* google
+* yandex
+* azuread
+
+### Example Configuration (GitHub Provider)
+
+Since the callback URL depends on your setup, you must explicitly configure it.
+
+```yaml
+ui:
+  oauth:
+    enabled: true
+    clientId: c79c02881aa1...
+    clientSecret: fb2035255d0bd182c9...
+    provider: github
+    callback: http://localhost:8082/callback
+    scopes: []
+```
+
+### Example SecretRef
+
+Instead of providing the information directly in the values, you can also fetch the information from an existing secret.
+
+#### Values
+
+```yaml
+ui:
+  oauth:
+    enabled: true
+    callback: http://localhost:8082/callback
+    scopes: []
+    secretRef: 'github-provider'
+```
+#### Secret
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github-provider
+data:
+  clientId: Yzc5YzAyODgxYWEx
+  clientSecret: ZmIyMDM1MjU1ZDBiZDE4MmM5
+  provider: Z2l0aHVi
+```
+
+## OpenIDConnect
+
+This authentication mechanism supports all compatible services and systems.
+
+### Example Configuration (Keycloak)
+
+```yaml
+ui:
+  openIDConnect:
+    enabled: true
+    clientId: policy-reporter
+    clientSecret: c11cYF9tNtL94w....
+    callbackUrl: http://localhost:8082/callback
+    discoveryUrl: 'https://keycloak.instance.de/realms/timetracker'
+```
+
+### Example SecretRef
+
+Instead of providing the information directly in the values, you can also fetch the information from an existing secret.
+
+#### Values
+
+```yaml
+ui:
+  openIDConnect:
+    enabled: true
+    callback: http://localhost:8082/callback
+    secretRef: 'keycloak-provider'
+```
+#### Secret
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: keycloak-provider
+data:
+  clientId: Yzc5YzAyODgxYWEx
+  clientSecret: ZmIyMDM1MjU1ZDBiZDE4MmM5
+  discoveryUrl: aHR0cHM6Ly9rZXljbG9hay5pbnN0YW5jZS5kZS9yZWFsbXMvdGltZXRyYWNrZXI=
+```