-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathauthentication_pe.yml
150 lines (140 loc) · 4.31 KB
/
authentication_pe.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
pe_creds: &pe_creds
pe_credential: pe_user # credential reference from "vaults" in global.yml file
#Create
ad_config: &ad_config
directory_services:
directory_type: ACTIVE_DIRECTORY # only ACTIVE_DIRECTORY is supported, port 389 will be used for LDAP
ad_name: name
ad_domain: eng.company.com
ad_directory_url: valid-ad-directory-url # e.g., ldap://10.1.4.111:389
service_account_credential: service_account_credential # credential reference from "vaults" in global.yml file
role_mappings:
- role_type: ROLE_USER_ADMIN # one of 'ROLE_CLUSTER_ADMIN', 'ROLE_USER_ADMIN', 'ROLE_CLUSTER_VIEWER', 'ROLE_BACKUP_ADMIN'
entity_type: GROUP # one of GROUP, OU, USER
values:
- john_doe
- john_smith
clusters:
# configure the below clusters in the site
valid-cluster-01-ip:
# Use global pe creds for authentication
<<: *pe_creds
# Use global ad config
<<: *ad_config
valid-cluster-02-ip:
# can be defined locally as well
pe_credential: pe_user # credential reference from "vaults" in global.yml file
# can be defined locally as well
directory_services:
directory_type: ACTIVE_DIRECTORY # only ACTIVE_DIRECTORY is supported, port 389 will be used for LDAP
ad_name: name1
ad_domain: eng.company-1.com
ad_directory_url: valid-ad-directory-url # e.g., ldap://10.1.4.111:389-1
service_account_credential: service_account_credential # credential reference from "vaults" in global.yml file
role_mappings:
- role_type: ROLE_USER_ADMIN # one of 'ROLE_CLUSTER_ADMIN', 'ROLE_USER_ADMIN', 'ROLE_CLUSTER_VIEWER', 'ROLE_BACKUP_ADMIN'
entity_type: GROUP # one of GROUP, OU, USER
values:
- john_doe
- john_smith
#Delete
clusters:
# configure the below clusters in the site
valid-cluster-01-ip:
pe_credential: pe_user
directory_services:
ad_name: name1
role_mappings:
- role_type: ROLE_USER_ADMIN # one of 'ROLE_CLUSTER_ADMIN', 'ROLE_USER_ADMIN', 'ROLE_CLUSTER_VIEWER', 'ROLE_BACKUP_ADMIN'
entity_type: GROUP # one of GROUP, OU, USER
######################################## SCHEMA DOCUMENTATION ########################################
### ---CREATE SCHEMA --- ###
# directory_services:
# type: dict
# required: false
# schema:
# directory_type:
# type: string
# required: true
# allowed:
# - ACTIVE_DIRECTORY
# empty: false
# ad_name:
# type: string
# required: true
# empty: false
# ad_domain:
# type: string
# required: true
# empty: false
# ad_directory_url:
# type: string
# required: true
# empty: false
# service_account_credential:
# type: string
# required: true
# empty: false
# role_mappings:
# type: list
# required: false
# dependencies:
# - ad_name
# schema:
# type: dict
# schema:
# role_type:
# required: true
# type: string
# allowed:
# - ROLE_CLUSTER_ADMIN
# - ROLE_USER_ADMIN
# - ROLE_CLUSTER_VIEWER
# - ROLE_BACKUP_ADMIN
# entity_type:
# required: true
# type: string
# allowed:
# - GROUP
# - OU
# - USER
# values:
# required: true
# type: list
# schema:
# type: string
#
### ---DELETE SCHEMA --- ###
# directory_services:
# type: dict
# required: false
# schema:
# ad_name:
# type: string
# required: true
# empty: false
# role_mappings:
# type: list
# required: false
# dependencies:
# - directory_services.ad_name
# schema:
# type: dict
# schema:
# role_type:
# required: true
# type: string
# allowed:
# - ROLE_CLUSTER_ADMIN
# - ROLE_USER_ADMIN
# - ROLE_CLUSTER_VIEWER
# - ROLE_BACKUP_ADMIN
# entity_type:
# required: true
# type: string
# allowed:
# - GROUP
# - OU
# - USER
#
####################################################################################################