diff --git a/docs/helmchart.md b/docs/helmchart.md index 4fee529adb10d0d4f46edde25b4859c38bad4521..b2fd90f0e22695ed2c38ba43bb0949602597290b 100644 --- a/docs/helmchart.md +++ b/docs/helmchart.md @@ -28,22 +28,63 @@ This table lists the variables you are most likely to change. Take a look at the | Parameter | Description | Default | | ------------------------------------ | ------------------------------------------------------- | ------------------------- | -| `consentProvider.image.repository` | Name of image repository to be used for consent provider| open.greenhost.net:4567/stackspin/single-sign-on/consent_provider | -| `consentProvider.image.tag` | Release version of consent provider image | main | -| `loginProvider.image.repository` | Name of image repository to be used for login provider | open.greenhost.net:4567/stackspin/single-sign-on/login_provider | -| `loginProvider.image.tag` | Release version of login provider image | main | +| `login.image.repository` | Name of image repository to be used for login provider | open.greenhost.net:4567/stackspin/single-sign-on/login | +| `login.image.tag` | Release version of login provider image | main | +| `login.login` | Username of user to create during installation | admin@example.com | +| `login.password` | Password of user to create during installation | ThisIsNotASecurePassword | +| `login.db.user` | Database user for backend | stackspin | +| `login.db.password` | Database password for backend | stackspin | +| `login.db.database` | Database name for backend | stackspin | +| `login.db.user` | Database user for backend | stackspin | | `singleSignOnHost` | **FQDN of the openID Connect / oAuth2 server** | **sso.stackspin.example.net** | -| `userpanel.ingress.host` | **FQDN of the userpanel** | **admin.stackspin.example.net** | -| `userbackend.username` | Username of the admin user | admin | -| `userbackend.password` | Password of the admin user | YouReallyNeedToChangeThis | -| `userbackend.email` | Email address of the admin user | admin@example.net | -| `userbackend.postgres.password` | Root pw of the psql DB | postgres | | `hydra.hydra.config.urls.self.issuer`| **Base URI of the oAuth server** | **https://sso.stackspin.example.net** | | `hydra.hydra.config.urls.login` | **URI that will be used for the login page** | **https://sso.stackspin.example.net/login** | | `hydra.hydra.config.urls.consent` | **URI that will be used for permission checks** | **https://sso.stackspin.example.net/consent** | | `hydra.hydra.config.secrets.system` | Secret that is used to generate secure tokens | YouReallyNeedToChangeThis | | `oAuthClients` | A list of clients that need to be registered after installation. See [Registering clients](#registering-clients) for more info | user-panel configuration (**Change the `clientSecret`**!) | + +### Manupulating user database + +Normally one would use the backend panel to manage users. However, it is also possible to +use the command line with `kubectl` + +``` +kubectl -n stackspin get pods +``` + +This will get a list of pods, we need the pod which is called `single-sign-on-login-xxxx`, +once you found the name you can interact with the flask app: + +List users: + +``` +# kubectl exec single-sign-on-login-xxxx -- flask user list +[2021-12-07 12:18:37,065] INFO in app: Listing users +"Stackspin Admin" <admin@stackspin.net> +"Joe" <joe@stackspin.net> +"Liao" <liao@stackspin.net> +``` + +For all commands, please type: +``` +# kubectl exec single-sign-on-login-xxxx -- flask user --help +Usage: flask user [OPTIONS] COMMAND [ARGS]... + +Options: + --help Show this message and exit. + +Commands: + create Create a user in the kratos database. + delete Delete an user from the database :param email: Email... + list Show a list of users in the database + recover Get recovery link for a user, to manual update the... + setpassword Set a password for an account :param email: email address... + show Show user details. + update Update an user object. +``` + + ### Registering clients To use OpenID Connect or oAuth you need to set up an oAuth Client for every