From 49436637ca5c3644ecd04e6ca7db5bed4ce7d385 Mon Sep 17 00:00:00 2001 From: Frank Jogeleit Date: Sun, 18 Feb 2024 17:36:45 +0100 Subject: [PATCH] update UI Signed-off-by: Frank Jogeleit --- README.md | 7 ++ charts/policy-reporter/Chart.lock | 6 +- charts/policy-reporter/Chart.yaml | 2 +- charts/policy-reporter/README.md | 2 +- charts/policy-reporter/charts/ui-0.0.18.tgz | Bin 7262 -> 0 bytes charts/policy-reporter/charts/ui-0.0.22.tgz | Bin 0 -> 7504 bytes docs/UI_AUTH.md | 104 ++++++++++++++++++++ 7 files changed, 116 insertions(+), 5 deletions(-) delete mode 100644 charts/policy-reporter/charts/ui-0.0.18.tgz create mode 100644 charts/policy-reporter/charts/ui-0.0.22.tgz create mode 100644 docs/UI_AUTH.md diff --git a/README.md b/README.md index 896ce4fe..ced69081 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,13 @@ Policy Reporter provides also a Prometheus Metrics API as well as an standalone This project is in an early stage. Please let me know if anything did not work as expected or if you want to send your audits to unsupported targets. +## Preview Feature Docs + +Documentation for upcoming features and changes for the new Policy Reporter UI v2 are located in [Docs](https://github.com/kyverno/policy-reporter/tree/3.x/docs) + +* [Basic Installation](https://github.com/kyverno/policy-reporter/blob/3.x/docs/TUTORIALS.md) +* [OAUth2 / OpenIDConnect](https://github.com/kyverno/policy-reporter/blob/3.x/docs/UI_AUTH.md) + ## Documentation You can find detailed Information and Screens about Features and Configurations in the [Documentation](https://kyverno.github.io/policy-reporter). diff --git a/charts/policy-reporter/Chart.lock b/charts/policy-reporter/Chart.lock index dbdd82ba..66d2ce1c 100644 --- a/charts/policy-reporter/Chart.lock +++ b/charts/policy-reporter/Chart.lock @@ -4,12 +4,12 @@ dependencies: version: 2.8.1 - name: ui repository: oci://ghcr.io/kyverno/charts/policy-reporter - version: 0.0.18 + version: 0.0.22 - name: kyverno-plugin repository: oci://ghcr.io/kyverno/charts/policy-reporter version: 0.0.3 - name: trivy-plugin repository: oci://ghcr.io/kyverno/charts/policy-reporter version: 0.0.5 -digest: sha256:a28956d9501662782a76ae16f19bb344292354ecb5f930b04510542834765f58 -generated: "2024-02-07T17:38:17.927313+01:00" +digest: sha256:1a35c9c175c2eee87667e0f2955da34b9503a6d32544b2f26da7a2ba60c5a6bd +generated: "2024-02-18T16:01:19.61184+01:00" diff --git a/charts/policy-reporter/Chart.yaml b/charts/policy-reporter/Chart.yaml index 94dc5067..f71c8985 100644 --- a/charts/policy-reporter/Chart.yaml +++ b/charts/policy-reporter/Chart.yaml @@ -20,7 +20,7 @@ dependencies: condition: monitoring.enabled version: "2.8.1" - name: ui - version: "0.0.18" + version: "0.0.22" repository: "oci://ghcr.io/kyverno/charts/policy-reporter" condition: ui.enabled - name: kyverno-plugin diff --git a/charts/policy-reporter/README.md b/charts/policy-reporter/README.md index 6868e043..49d239a3 100644 --- a/charts/policy-reporter/README.md +++ b/charts/policy-reporter/README.md @@ -348,7 +348,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | | monitoring | 2.8.1 | | oci://ghcr.io/kyverno/charts/policy-reporter | kyverno-plugin | 0.0.3 | | oci://ghcr.io/kyverno/charts/policy-reporter | trivy-plugin | 0.0.5 | -| oci://ghcr.io/kyverno/charts/policy-reporter | ui | 0.0.14 | +| oci://ghcr.io/kyverno/charts/policy-reporter | ui | 0.0.22 | ## Maintainers diff --git a/charts/policy-reporter/charts/ui-0.0.18.tgz b/charts/policy-reporter/charts/ui-0.0.18.tgz deleted file mode 100644 index cae24acf2a205654c527613b1c52f75722cd0c2c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7262 zcmV-k9HHYMiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK5rdX#c(Z6ldw|H0dv*p0-oX&E9dHv~`;%n%K?GP9{@B zBqX7x2o?a9Xl>umeg`j-;6svK$JyRB{;(+$I5>Em2M!K!GSWR>ASQw}TE<^}p4990 zdIzJC`rqsIs{ecYz0p_w(f&d2aM;`L9ema6_YeBRub}st@NrVc1!7EY5sE%^nzXo#pwbC{h=3O9x{>&^=(3960YGbPAL2p-kAxDIEn>2UbZJZH{~7w&T_Tcn$#UL} z>6`{>GWX;gfk=WGAA220kVN2nhLQ{TiOzA1iSYExjCh=8EW|3~h6)>y6zdd^0i|h7 zLL^)7t!xkVf?m*n=6&fg{4*)1|CojspQ(3{$5@PYpCBSkpHNraP-;1UrT za_FRSHYbS(APIsKLD_l?G$fLE79o>lZ7C;|vxrv-$OCYxC9gs-vRdDL1w$_)bIipU z_yP^~560ilM)+Vb{C4_mIvn7GgZ*&-+i5u3M~4T`hWpX<0L=#dX}>oZ;=|c&)SvD5 z4*Q4UFd94?^{432o8tsCBycnaf6yC@I=z0UKRW9ljt9eWe-u31KNueL|EJd<_j>+c zju&L4yFzh>`DauBHq(E9I2={w|Dd=3K>zoW$P&%**aHCAgH8t?bHPY5e*!1+128-% zT(GsGQ2jUtLzx>2Sz4|T_68~225XYVu~s%bfHeOxhLhQADkcnboQT%a0?p007kGxU zSa1*&&b7ol%5|M{ATyv#A_R^+kfp}p`<|yjzQAcr*GrrT*%qk;KuEJhc;?r!{4s{U z=f!kBC&^s)rYafJIp8Fu5lQCiT}nA8(-`M(IUt51qzR`n29!kbJExKz+6-g+u?#cD zD;%pAk!}@`WG06rrt??w+ZcMD$1z)BmLqdiC@>(qU3MpBVhqoE&w4h~%LGkh%;6{u zG3Q_!q#>)O!3@P*A~Qvtgh!cJl;+NlXJ-@m&VGQ5VEiYXmSECs8mfofJi-<7BuBPjtNf0$qNr4)Q{2D+^4p6Vd>|F zQYen;M;yUvNK?!`0InX!@cx4>F=2E?B3vyQ(qu;F8Pl_7MG)k5?*Y$JMZOVS;58q^ zxo+(FQ#iLxDV}w?bFVfa8OcZC1>tFo*1ymQLxk8xHzxCit}El1gIHjAbDATCBS;yZ zVfhf!m@?qu0xvNjZs|gfKmoKw(??N6WSdY7Va5erl7Fii5Fx&pQp6(e>G$8MAF8YN zz^X217%kz*+XGN9c#71*LjJZ?O1Jl+omqSq$8~7{@UV1!XX!Y*SgA&(;Yb zFj|h)-wskQ^X1M)tW2&Zl)^aU0y8yf94M;v+J4uQDFTKKEXBnb=91Z(Vimg4L!h$* zPjN_QBy{H*FP3YjR{SZ9vk1e4Mo-}&KGZqV&t_wyvgM`8bNg~a9 zP4$ZHSCn7HK1{V-bGg!Z|13e+w;hRA{`?c2=FbMhQ!Grg4Qb)1wuC;KoN&+dYIVlh z`7HZ$LFFjPHSD-sm84_E%=c=1PrbPy>DjAOI|^!yF%z=$k-&L2t&y9FQ|%Hxo|`b} zxJw6(kZ!sb$x?!{W7!2H!HNl-cRH$&)D1La z;pc$ZJd;A&tA5J)9K&-dDfE;o>oYS-1N;ds(-;RKU7GKO#F|k$Ma;Y|#FCLRo~wAg zSz*Q`FO`_e@{;1@vs%9>dxXtm`n&GieQ#TvPZd)3&Z(3 z@b*BFT5kQyrkEvIU@lj%5e<1aq)CWV!Mh(RyND@@)GNVg9An12Q4YMjXTf^9np5*r zp|S@ci;!ggtNLhI^AdeJ&Db1EJ=DJVH9;#xVmY2;81?=xKWJmt+cE^xIynSMwwz)n zXBxvR!fn@HV4QmP&5wjjW&Rae5~=lC;y%S;#)w!;J}&Slkxv2BoA&#${w(Jv%aSAh zE5~dM{lRc#-~7O6mYP>)#H0cvhscf_PFAo&jA&(5P?%!*8Al#YR_~BupB|f{uu24P zzdJfE=j{krj#YysSVf)ofxvyyPK@kv6c} z91NrAO%ksqsP9RP`I-y7%z=g|MN<+JL9C357)=YgboA<#*11BuOec)aNNiSnW+r5b zAWLjkM>z+{d(9A~${l#N)UlRQCzEP6DFcGWm4(ewqS~OHAK2WQKxM|bM2#ewGt7B) zXwB<|HltF?7Sz)+%#=)SJD?30EKvvW1L^xRk$0AGHr}0s)(XUWUBD?n0YXc4_ z3@M8w4ub9^nGEssjzNti^R9X9SS$loxwRAgoI_LV-cx0ADCyf0^_*5aiY*v6)q#{z zK|>mk;p})~7?$Q62cyyOOSjST7%fPwyvV8kpBOTpp*UUx!y#QRaS}m7g+xQIDT+0R zyEGCMVvJT;tG0*(QYM~|&`eM2a6u*Ov+`4_p@E)eDCQJMBGopz9u5~M3H5&_xD+~a z`r%|n7)>N8O3hg;ASOZ>15%F4Q{Y*+kk$V}5+XY+fRh=lX$BF6k0^0kQYw}uy0tiUc;0j)i*P_2>QC{>aPO> zbV&*d57SI49X+e0FY!`Y7W;!|zYx>JKQhdBE#d81+LBAdvPBR60ez{syda!qYS;6- zESlqzR&DJN+A^^u30Y=K$aOBM`DjhpEQuy+MI_hH2B0CPV$GNM$ol6G8 zv68Gyk{lIUUB3+(^hqI;C3k~PsZs|SSIIQm(`y=8$*t;3X#|LKGFOw*OK5~otpTIZ zuC0iWpFwJ0+Ey!Qtae{K^Pr`vBudL5W;2o)4NWS}vS8pL^Hx>xrETp0$tfdUftP8F z1m@k>Z_Zwx2I7;r+d8)F{|*O-hn4-G;c)P<|8p;?AHWY-GxL&*1N{2-l@#MFOA;kq z7noy^oF6H(*X3nLGKS!t-a52etYxLw*D41?$sEHYrIL=H*K#Y>P38qCatBK9)NiFc zzr2(cJ*t)!vCP9SFF^|4>+5m1dwHp=QgGq=`tni(D{9bLz3OAkv8*H1i#`s%WMC7@ zgrB2qw1z+~e>6P&N$M)_`pt`%zfIn}J$wG>v6P~rh+&QebUL}E5F{dRaV&*)@H&5c zeGMI|wtFO!&;83lO4~rGNbh?eg2W(k?Ss`>BqWk(JE)(Lz#4&k2;lnqNd>EuNd+ef zk>3h4BJffn#RU=>4^R}zQNZe*`El(l1i}Timcd5`jq#(rms&df6-Ci^D30dO15GC*tiEyDx>vl?U zR3d_}Z#=+!6+-9Z=3)D~7`D@wZ{M99H;kNuvrB~=Yl2S4vU>0@Fa66)LvxQw65&r^ zM>j5Yoh3NvJy9eTD7w7yo!2yD zWdY)Q02cF|FqT+!W|VzIEGnTd>liKRh#cJ19vK(W-{U_G2Rem9B zkmz%m;t)v=#px24?NzFwGlFBY6RhkEIMOyg!r}3Btvcbw>r&88FSl zG>}|?ss7UMh|s&1b``DcJQ8_>ZBw5X(%SZGNyV;i_}T7i{k}_AO9^bAA1SoQ&vzfo z0>``qG?1zo)Ob2CZ-`vVNFrw7|DAXK&ix83UFq&KtNGEHZ>52hbYUD!Lxo{%`)x35PD1G%;3~M&$G-jokvr%YZMm zi|x3oMVe*=x+3S3HN?I$z=G1O2&!Io@>^Yj%Ds1`YEUb31%G5z;7S|oP?jh`a~yT1 z>#?I_*o~y7KC(urO}$iYV5hNmy-D4wHa3*7YU8-35p9~6RR+!NrkdF^*UDH+L(04B zuiMy+n=Q~D0#IS|k6YFlPujpF<#v_m+5+^=Lrw2*1kgmgPFowSwoYRuP1}kZ@&;vd z=jM!#{nKJKLnH>@m{BTo2axOQu|6^slMr!7_&a;^s*Yxl zM5jnSL$MpAd?RdD*V9sGvTm3~D+K))TE=z6o$aNvd%pI>6yf4ksXyvHQeQ?D6&z@o zmPifE(tyZRb~Vd)Hmr)%<>rJ)Y0w_4#V7=425j&h;&_6@0{jLoz;IT5qLOFJ^0Lg< zR_jvN0k@pBwKJbp0p?xW+;1f%t_4i&^!sjeQ5FARP3_U+Q^n|p4Y9MlvD2!~>jj*e zTl)=gsC8w1HCQ9*rUheAhEVf^tz%R4T*dvj8O>r}q5#(^7*5$>;>@O2Tw3tqt;qBT zE@XW=68sWVQLh4fcmS@iyA2=hkw>_`9@jn#G>5CIoy{?m_*E1prGt+(c*Utm7kR|y z-0h1Fuq>&(=@_-`c^9Q=x1?{?@}-oC=ao%8%juR4qiAyVfsV&L@mcv5SPP{0Cf_A5ijZb>1p$D)=&tBJvrbmrgwusbK~eE`{xL zcSYlDiGPvQ>j1PvVc7hP#Mr4$9qpKCtT#;wo=tVGwhY#FJ$F{O2`8&2gzTo@>E!76 zr2|QwQ2(CMWwmpa{r)YURo|O08b4>VRc$y{B$2~`%?X0Kypp`t41+eomixX}&+jl? zJs70}W9?&Lq_xZ6a!2SLS70{LR3Dje#-P^bvP)ipv*W1uXQWN7KI@%VWXb*Y?zEng z&tQ?O>_~XK+P<{TewWEv|5@*JAAPJ+)LWx$!Cqrk0hgcZMF#8 z7*L*>uR1TDtnwz0gpLet}r{M%M>vT{y(1ggZ{Hl&xhc+bo?p! zIh$gmLj^w&VIH46DOPC4F8+9d_|JGwi!Gsi)u$r3yR;ZW1atCS&X-~ z!9mU*;gdBfkLMbS%3&`@H$TtU(CU)Ub)Tioy$=MAfCiHpaOVruF4$>ENuJ+BlD!)OxV?7R-rkUEWI7TJiF>dLve^ zcfi49%@^TYs;l;QJFs9HvgZ)!9j)p z9~|tD9{B%#B*Xt7&y`!JXxwgp0{thBV{chOKAM~u!N7wb5eHv0&hDz;oizDjR%A(@ z+i?zU%+a#kZ>Z&d9TuwD8{JQ3S(gLfy_djk7`a3Ldd1pdG{$#n1Kvjeqr=+ypTmdy zzwakCSb>^-z;nhhMWJIJF4L;|h%&LDjQm?!r)nDFTN>jg#qg#kxLq6)?R>^4!pt)^ zmJXnls7uE97~X&V^#`xA^J;G%;`(m!sd*{+ilwm5|2Mi)8~sm75=jOBF4(|U`9G@3 z|Kad~{_iDy5&Hj5Pp%s~7`ya*OV%N0w{aOLairTJU^&T#mU}##{*FVTIFGK-cdxqi z+bZASf|a{6)DIBZBh|Yxs|x+=O}hKt|LymN)%YKyLGK~{&%LA;|9>?P?n{k^ru{TK z7w>jI%|iVQ`)MNIsA#>r!oB~l$=$7dNrrB(Kx~f1r0Or$A- zT>h7d~(C!pPbKEt#J34cRBs0pENFP7=KU}P1{CpN8(cyn&h~X#j zxA$k&$f{dvkoh~M?7P%))EdxsOJzmDjxLuM+*+;Y?d`z}8fN)@_?~C)n4FO$f(Q#l zVjRIq0ZEzQPD6%q!U0WbCg6LFgu2pMemZup%LkIE8(`i$)f7$I8h-alps>^$i|1Xz z&v*@2p#1BuY_vS}lt=xAEAOf!lm2V}IZx`BcLkMGa#x@O+`tu_`zCy#e-2lbD1%Tg znxCO_3b%(4bl??*bBLv5at_3DAi)xhNhx~{Lm%BM6)qK!-*%2Ns9-urny-MUzvumP z)$Pqe2UR%}j4!Z30$r3$z(9prIRfFX(FdI>Y(&8Vy`F`uq7XU}2vy1Qp}oA&v)(gR zt{Q}}T*6cdS1_eiR(P(09mrzMVF}BH^KgWL4cpW(PA%~Xo8j0vPut-XIh)|*fw&p~ z-5{8u0`5dF%#HA^9kw~3VFN@R!LI?)))AR8j{PBB#LL>jF{}Y}1PyHf}p8w(csmkn+tuXMf6(*Y_3YM{W z-}?YpK-IpCMCA@Kk%)ZmScQ5}Y?ztqfNYL1SO~N7Edx~;_Y}8P zarqR4%KaV&w?}8Yixwn8nRDwNB0_+I;0IT{60qnKcnU~Ttic+dp+CH8=~*o z9;#oXQD$OA_&k5y9}GuN{X8_CexbTxQ=~psk39ijDLS81vRVCh!t^=$H}jOH;C)WuD$5XvlJEjr# zyl>!t+ev8bl_6br+bwB3aq5ELQk+I-L&afA&GW|DK`b z0)C=%9Al-9>G|n(Zj`*EOwc(_RDT#U(<=$P6>j+5`vs1d9Z6KM>IeOP&?{`Ur8Xy& zeWWz{y_;w6notA0Ysx*jTl;@Tx}_^r?-sUA+x-6q{c8NTL2vlr|8XyA7e`Xh7+l9H z60No!I}Q&ugS7VOFt+2ythr%X!q-OAaUM8&(;aXYmxfH%F0As=6=ok95%|aanglnu zlR=@85s5;{yyg_ESl;ZN;*Rr4uH{@`d-mDhwbABdQoW?y1z0w{NuZ_Qe+sab(%08s s>FC3)!8w*vnZ4iD)eJ*0>9Uz7e{00030{{gN3o&cHv0B}q?M*si- diff --git a/charts/policy-reporter/charts/ui-0.0.22.tgz b/charts/policy-reporter/charts/ui-0.0.22.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a5ad508113bc83386d3aaa046c985d1dea375464 GIT binary patch literal 7504 zcmV-W9k1daiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK5rdX#c(Z6ldw|H0fH@!?K-fZuX9Ar>)yG@z`#5b~2e7 zA|VMiNw5H@M74cC`)}|f35t|t$8om5HU6+E5;*7JaUK8;aB|W;oFOKH1xn(tK2PfP zdcD2jQ2p=qdiDRk-QMu4{&071IP4GhhC5&N`u)BB-dE83O!PP@=K`^>dY_D|Ub(+W zLK%6B87DLy!F=GMEGvEvf?m+;pg5bMpuguun1_sHLVY`-F$ouNiZjXtX7KB=H=_w2 z!AyvZkGkE<#T>Jg22&zt`8Xi7o2eolW{Pxj;*n6ovPDeRkS4Zt@t>g&-2{=eOOk0f zrc)YZ>C}^N1R^PBeB^Z?MUsH;8A>nVCpyJ3Cc@J%bK-HDvkcD#s8F&87? zGc?%U8+|(&;=RGnx8vvIodMq4+YNWW9f!kRw7>U!XEz$}p~;{>?)L^ecz-e(_9wf& z{r-Nq6AhjZ`(w24O>v4D5;z)xKj;mHonF7wAD;L3M}wVFe;7R9-P_sg|D)F*^?Lqa zP8Q^(J4bPj`DZi$R`Y*~2cB}lNIHE6$MOR( zJSAMPh2l{CI0D0&D+*a&t}*rsE!zg`B#&clY~9vhC^9#i8GU!xB!m1#0U`*2qu&P%Eb()!rB%BC)p8UBk;Q-$$Za? z>2ylcsq7*JKc-W_X-FfIPSv}Na!$rEF5YrL3`0m$PGbxxjo^1qrHr*1M)qSBW{l@J zRxcvmR6x>+?BkeDU&(JH=y@K;Y>rt$%t2`tf$U4!N0f;XJnud4*-S4}G>$QcgD}LL zgQ<{)tf~eR6mv<;7;zFFZ?ME3WuEH+hXDt3tCc#OhJQz|q+*A$8gPQ~$&ETA8w zwYkr1+k};$D@vg_rXO$wXCcin_W-zh7{R;uw!{gea}wct$&jWKGR>JDb8~{Az`X@L z&y+-o;1VzR2rjDabg>N=wnF8zE`8xGcPcXD@E$r-4yb{x5pzi$0ZP!HG~I?N5iuI8 z|Fe9&t)?7!8>W;_<^KgrBm8k2(4RTONDk-B0DK$)?IXap(JgyFCq>sE5uU|p@e7SG zM2KB>V=|p-Y&pjq#0{Tz<5!r+6kl-E=d|`{Gof^hn0Z|qHpWizTzmM<95W`RsiahvmmDXb)wEhIli4h$&09<3kC{|O zQ3IGs9>+_dl+j2+d=M(Tx!|2chLON<=6sbJM7=H^;W*WiOjV*h=loyQcSy-J*g1Z7r+WjbsRgrw77)khhA9|@OJtyd%=ax!L_`wWLU zBVr-txWFGpF$7F&+V6+@vmBc&PY?L7T$)w=!OqaW`GL_qGp|gKNfSnPk?l8}&S8!i z(bFA4VT|Qx9Cf85#&RK~^>Vl5ai>}y-?$#HX?jX& z$s`#ga}wie)oNA7*@^w|l7}cpdfngVkQV5hG+szh-;)^g1s6CefQBeTV-gcVtd5Ep z%}Tv=@amPexk8#`CyY)=Y!)HRNXSz`5^N^zg#;;D%`m0P9eB3Xq1IBzC-rPn2Lz3C zQ=6m0wL!Z)u(>sZ%8YS^8%a84nDctqn%70|2CegiW0NzC5$8(81j?XBoWCw-xlYzb zN@{u5)=lPjMT4O^P`F2sPD%Q)F{6li2Zf3@+4Ti|uZ&G+D=&3(&6bk1$k(MNgpSeS zN||)5?u%)NVx#6DLt@6Qu2f@5z8OKce5Es;t08eLAxQD1aGn{fu8qp`S7!}Gir67h z>sQ?&4xt?pb4!J;Se4ACI(aD;Qtp~HElbwFW;j)xv@NwgAb4HPru2dmJ(g@il}P)5 z$1_SV6_j&npb#$0Px2UOY7JxgilkFHF(e_C=4zKRNRc3O442P27?KKO2S^IYT6&!b zrwia%!~DEsNF(XAYaTn6%0MBvD@{Ka z(4_gQ*cP*jy)8*Ec(tR%f)P_4IjI&jr11#O4^NE1(sE;OINbTtb+j@@D-x?O3ap>mPs1$uxe@Zhn z(8CPHoB~Ou*(T@1;S8mr{?7!LN=FVqoX!cOsbocIIg1&@L}PD*3}Mkj5mHSy1$Q&eiusB1mzFIY(@kxWnA|WYB@&pQ-OIkkK5;jw!6E!1} z^JfFlFw>z@6w-#txu)a7wcakIfZq~DT2pX$RLC-vBZ7P}43W&*sq{c#% zhO;afc*wj}2)^{zk4ib|3Y=sy5}0>izd3(-7Ko4HesQeX|KAzx@7MPKc6N3i_x~Rx z^#k|;YpGdrae-e?UrBw*@-$UiY=$`oDPoaYU%I;LNDd6%>aAmIE?Sv&bE9%Fluj`` zQMTXc#Zqo%Bgwn~W$r*3c>1kWoL5&8(UW>v5z9RM>I$TWySW*4yH{5lm4XX5H&<60 zScySr_3Do?#}Y@VXIC72DJf1U6MjLmQO|*#XJ~l%qcjTO^_!!Yzn#1}J%91!sZ>{? zh+&EabUMY797sY=aV)iC@Va<=a|0c!cIG6JFZ`=OsmsX#D z`Q+Gtzs+!*Va5ZI-KQ(q8vAcJ9Q14U-*C|1d9?o?B3)f|zwutG9i8T_p}_m5Yb3VW z>ndepr~IIn6awv7rNp0=;MMIQxCX)UG=#k!^+=Mld@>;)!SDDr%gj@RnI+U>{RyN- zTfiSViq-b06gg(0^j}!RR{4d*Aj#)2#vzgtiqiyF7lu?tCj`f4%T-P2aika12#2TR zg=&PO*Jm=XGytUVd=_}eaz?I1mEn(TmOdvZS$S01c$B1~r||%UcqcF_MZ2_k}r&dvFt?EnPz0@Txvz3xkFWkvN!9ss5Y>EHtvXUt(JVGX7vBzga4a< zd&Z$jLQ}Kc(MX*Bq^XgorOkA)dZ0ke6wE3v4AlZv&|8%rOrWGR;ZUs(Q1%tC@SnCi{WXYJWhfiumIm=5J?vM&lJ${ z-VmoD+}wQWru|DKhyP1&uX{ZWwub+A_xii_`Tzd#k^dhgRrw!f8SfTCp!6%etsuCo z1d#LVkv=jOlMr!7`8%873P-c+pHpNxL%AEIoDghQ*QHTsvi^=`Ed>2HO5$b0o$aNn zAG~&X6yfYur9GBgWO*7@BG}U~Et49Ul@5`q>eE&1Y*-Vg%gteoN~b+llTirH4cOp2 z#PJCdGw>U%03%uTiCUf~)oGc>qALD> zn(Cwbr%ur=D`H1^W24o*#7j6!{^PfxVW}yXXM;;D-85kgst}eOPM4`ETdwA3+e~J; zFHwT)lme%^VB(CXR$5x<;jP5<2QFlNIu`tjP*JY}>!lAjH{FJh_Q)&T+>Dk!3p9o6 z`Z}AlOybu`IH??bU4mDhigk%cY|7oX=m5*p+MA9s+g@~0mUS!k)>6KVGV!9esfSsy zr&ngK_|w(9aVA9Oe5myL31zPQZbhJwH2CR(IxRHEDdzly(J^+3kjQ_)webNJ2U6#) zqNYYK!zd!35qjl#QJES>aOu0(K6d9c&J+BLg)+iGw1mh(FzT6bUNELVH48U5}`#KK2;!#SHxG}EUU zoL+0{F`Q&#p^mCw-L$E*s#9HAHOJNNQ`FcJKI>msW+^=G?iEkP>#xjJbp^Z|wl84+ zJM%y5U3Je_fvnsA?e8wl{{}mc^S=j4Ydrbv;_?$IHeQ=8!ZvYIWajfwD)Xw-pW^}4 zvKH^0I#I};rc}UFj*~fNhcw9$!{Gn(ML+02@AP~K4lC!3f}is-Ha1l70}Y`oT?LmZeHCedf~#Hdum>_CYCcQM{-*|n(&ObL}z)#~njog4eEDy3(=P*k+mlsr8gp{!DEUH~- z{D|A~+EZpV9c@Zge3Gr@BWZ10@Tg6y9iuBKf4BB^@q^_tURwu;ID1x3Vp1N@OC&0X zy@K50;9NtkD?Zm{z4gS!^`dr5+tFi>+pQQaPi`?>%2b}?vt*oCeSzCLLZ>kbFL4^x z4gGb3b0bQZr=yhe#F$&vpVjmmSkW9?vd4_aWI|IhwluO|QZ_I4lde|?Z-JJBkiDx{U)sMIzme04qsW)ZF9w_;(x%C3!SL-@Q}PZ$rMq1*>pOSUx~x zk5q3atZMwPH|ZXB|F_@UsmFgA4tkIApB^N&`2VYM@K9znH0`I^v3S4xX%^~d*iRG1 zMn&u074AiIP3~^hOEPqQ1!7YyPU`+*P3~`wi=8{YxXoN*__$R6-;+`=s@A3Y>he=y-f`q_KU#YG~0eqO@6vjD; z)fKiG3NO(V^T0Fr3Y#D+9QX{!F-&7R*6Wufoo)levA#`Mxs83tK3L_SkSrrtOI z-`j$>h!L7|I6ivGy&z*$&g{H^L>P5-c1C~qf;kUqguCA9%Y&m|UIs}NOsPn+_&D zo8UNT3uruCgRCsr(dCMQYtee%))pMmFfT5i_dI*YRM-MptT{wwwQv!dGOz)d8U{j3tjcCMHe%CyIAzWzI7LXU z20*t6Y^i`dkt~Z<{?-Ot9S^YqVl^IP1G%fBUN%6hL^E6utQrZi36_ZsxB(y&9kCV2 znQ70>0G+k9z7B{ed4VYJ?u&Qt8-TcR6q~@T7#_Ebu=ok_H8o*!eB95dQjlzH$EK!s zLvDV0xXlXMPaJj{#vO-SrSRQ{nF4b6;f2;oolhQC8wKrD#N;HXgwkxFr8#=%T_blY zoYfGVOYOHlgr}C`#qsT;_?2&?I{Kq4-;L<#kKXwwH1fCopXk`%_RIK<{`;G4mDwLz z+sMCBl&p?qS*7A#?>$@tRoj%3lzXH^67soYWa>__;f?AYvO2P5Y1>sV-KfKOm=KYQ zmf9VzOT4`@jH80ka1-oGDDB}K3wvXEMYt5+g5^qfH%4=8f>17pE(2K?=CKi8Wrf!n z#cJ@a5C7N%v&Ft^i3h15)ULZ}pk&h+krte}ZDu8;)=-gJI=Z(SEkjxnJMwcxjx@8L zhFh7+*-y_l^oppDwuP2&m8lA`GHjzi>JN5?+kO!eQNK`4uqr~N!eg&@Sd#P`hkw-7 zuKLZivX2`F(hSX2m23;u=#P|Dwe43!F-mbBF`7vse(>s*lGtVZ$D&Aca7TZnLelxw zD3Z>*vSGJs+--;7A9Ih}Q#Yi0i18ZR2UDh7S0&h>Q;rjj^ddnij{zRQopm$UOO@z2R_2 z$^h+5;*b3E!xR7Jy|y5~NRY#ggE%(S*f#%?sQw}q(aNs0^y?gAwb<$_mECp0`-tv$ zi^zWMB)ZowS0zqL;wDP(7W!}Fuzz|qRIeLaZt&F+0QJ&p`1CrrO5Q;(=oF`_Jq(-anS}KWG4k%+497`F zG8N4GLBAhVHkT@OPAU69Y4m%y$lf)PH+a{Sd-kO_(Ej2nC*8^w%AW_vI{)9D{lSv| z$FTRf|N9VW6Gw8-Y&bbiPIePYemDCiBNY-_Z~ZuVm-dsi$CugqY0O&e3rYBT&tp_X za9?#tq@|@Hlik))`RE+84~z)>V{wg&o7>5t$jFH#p|alS6ss*o+L!~5b6R2c-Q0Ng z+1|y|=7UxbV&DR-u0=|qmEWHP*qSXjH(upv)SbaOdlE8>^WxJ$qg-E4qaHQ~^`$xQ aF+HZo^q9VE`kw#*0RR6@!Do5^pa1~cd6*&q literal 0 HcmV?d00001 diff --git a/docs/UI_AUTH.md b/docs/UI_AUTH.md new file mode 100644 index 00000000..c7d25b18 --- /dev/null +++ b/docs/UI_AUTH.md @@ -0,0 +1,104 @@ +# Configure Authentication for Policy Reporter UI + +With Policy Reporter UI v2 it is possible to use either OAuth2 or OpenIDConnect as authentication mechanism. + +Its not possible to reduce or configure view permission based on roles or any other information yet. +Authentication ensures that no unauthorized person is able to open the UI at all. + +## OAuth2 + +Policy Reporter UI v2 supports a fixed set of oauth2 providers. If the provider of your choice is not yet supported, you can submit a feature request for it. + +### Supported OAuth Provider + +* amazon +* gitlab +* github +* apple +* google +* yandex +* azuread + +### Example Configuration (GitHub Provider) + +Since the callback URL depends on your setup, you must explicitly configure it. + +```yaml +ui: + oauth: + enabled: true + clientId: c79c02881aa1... + clientSecret: fb2035255d0bd182c9... + provider: github + callback: http://localhost:8082/callback + scopes: [] +``` + +### Example SecretRef + +Instead of providing the information directly in the values, you can also fetch the information from an existing secret. + +#### Values + +```yaml +ui: + oauth: + enabled: true + callback: http://localhost:8082/callback + scopes: [] + secretRef: 'github-provider' +``` +#### Secret + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: github-provider +data: + clientId: Yzc5YzAyODgxYWEx + clientSecret: ZmIyMDM1MjU1ZDBiZDE4MmM5 + provider: Z2l0aHVi +``` + +## OpenIDConnect + +This authentication mechanism supports all compatible services and systems. + +### Example Configuration (Keycloak) + +```yaml +ui: + openIDConnect: + enabled: true + clientId: policy-reporter + clientSecret: c11cYF9tNtL94w.... + callbackUrl: http://localhost:8082/callback + discoveryUrl: 'https://keycloak.instance.de/realms/timetracker' +``` + +### Example SecretRef + +Instead of providing the information directly in the values, you can also fetch the information from an existing secret. + +#### Values + +```yaml +ui: + openIDConnect: + enabled: true + callback: http://localhost:8082/callback + secretRef: 'keycloak-provider' +``` +#### Secret + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: keycloak-provider +data: + clientId: Yzc5YzAyODgxYWEx + clientSecret: ZmIyMDM1MjU1ZDBiZDE4MmM5 + discoveryUrl: aHR0cHM6Ly9rZXljbG9hay5pbnN0YW5jZS5kZS9yZWFsbXMvdGltZXRyYWNrZXI= +```