-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into renovate/zarf
- Loading branch information
Showing
1 changed file
with
37 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# UDS-CORE Groups | ||
|
||
UDS Core deploys Keycloak which has some preconfigured groups that applications inherit from SSO and IDP configurations. | ||
|
||
## Applications | ||
### Grafana | ||
Grafana [maps the groups](https://github.com/defenseunicorns/uds-core/blob/49cb11a058a9209cee7019fa552b8c0b2ef73368/src/grafana/values/values.yaml#L37) from Keycloak to it's internal `Admin` and `Viewer` groups. | ||
|
||
| Keycloak Group | Mapped Grafana Group | | ||
|----------------|----------------------| | ||
| `Admin` | `Admin` | | ||
| `Auditor` | `Viewer` | | ||
|
||
If a user doesn't belong to either of these Keycloak groups the user will be unauthorized when accessing Grafana. | ||
|
||
### Neuvector | ||
Neuvector [maps the groups](https://github.com/defenseunicorns/uds-core/blob/main/src/neuvector/chart/templates/uds-package.yaml#L31-L35) from Keycloak to it's internal `admin` and `reader` groups. | ||
|
||
| Keycloak Group | Mapped Neuvector Group | | ||
|----------------|------------------------| | ||
| `Admin` | `admin` | | ||
| `Auditor` | `reader` | | ||
|
||
## Keycloak | ||
> [!IMPORTANT] | ||
> All groups are under the Uds Core parent group. Frequently a group will be referred to as Uds Core/Admin or Uds Core/Auditor. In the Keycloak UI this requires an additional click to get down to the sub groups. | ||
### Identity Providers ( IDP ) | ||
|
||
UDS Core ships with a [templated](https://github.com/defenseunicorns/uds-identity-config/blob/main/src/realm.json#L1712-L1813) Google SAML IDP, more documentation to configure the `realmInitEnv` values in [uds-identity-config](https://github.com/defenseunicorns/uds-identity-config/blob/main/docs/CUSTOMIZE.md#customizing-realm). | ||
|
||
Configuring your own IDP can be achieved via: | ||
* Custom uds-identity-config with a templated realm.json | ||
|
||
* Keycloak Admin UI and click ops | ||
|
||
* Custom [realm.json](https://github.com/defenseunicorns/uds-identity-config/blob/main/src/realm.json#L1712-L1813) for direct import in Keycloak |