Adds support for Keycloak / Generic Auth Providers (#976)

nucleuscloud · Dec 27, 2023 · 1055779 · 1055779 · vercel · Dec 27, 2023
1 parent 4f6686e
commit 1055779
Show file tree

Hide file tree

Showing 41 changed files with 3,203 additions and 336 deletions.
diff --git a/README.md b/README.md
@@ -45,16 +45,6 @@ Our mission is to help developers build better, more resilient applications whil
 2. A platform that can anonymize sensitive data or automatically generate synthetic data from a schema and sync that across all environments
 3. An open source approach that allows you to keep your most sensitive data in your infrastructure
 
-## Table of Contents
-
-- [Features](#features)
-- [Getting Started](#get-started-for-free)
-- [Running Neosync Locally](#run-neosync-locally)
-- [Resources](#docs-and-support)
-- [Contributing](#contributing)
-- [Licensing](#licensing)
-- [Triggering a Release](#triggering-a-release)
-
 ## Features
 
 - Automatically generate synthetic data based on your schema
@@ -210,6 +200,16 @@ Work to be done:
 
 - inherit the temporal compose inside of the neosync compose, separate with compose profiles.
 
+#### Running Compose with Authentication
+
+Note, a compose file with authentication pre-configured can be found [here](./compose/compose-auth.yml).
+This will stand up Keycloak with a pre-configured realm that will allow logging in to Neosync with a standard username and password, competely offline!
+
+```
+$ docker compose -f temporal/compose.yml up -d
+$ docker compose -f compose/compose-auth.yml up -d
+```
+
 ## Resources
 
 Some resources to help you along the way:

diff --git a/backend/charts/api/templates/api-env-vars.yaml b/backend/charts/api/templates/api-env-vars.yaml
@@ -34,6 +34,10 @@ stringData:
     AUTH_BASEURL: {{ .Values.auth.baseUrl }}
     {{- end }}
 
+    {{- if and .Values.auth .Values.auth.expectedIss }}
+    AUTH_EXPECTED_ISS: {{ .Values.auth.expectedIss }}
+    {{- end }}
+
     {{- if and .Values.auth .Values.auth.audience }}
     AUTH_AUDIENCE: {{ .Values.auth.audience }}
     {{- end }}
@@ -50,6 +54,10 @@ stringData:
     AUTH_CLI_AUDIENCE: {{ .Values.auth.cliAudience }}
     {{- end }}
 
+   {{- if and .Values.auth .Values.auth.signatureAlgorithm }}
+    AUTH_SIGNATURE_ALGORITHM: {{ .Values.auth.signatureAlgorithm }}
+    {{- end }}
+
     {{- if and .Values.temporal .Values.temporal.url }}
     TEMPORAL_URL: {{ .Values.temporal.url }}
     {{- end }}

diff --git a/backend/dev/helm/api/values.yaml b/backend/dev/helm/api/values.yaml
@@ -37,7 +37,7 @@ servicePort: 80
 containerPort: 8080
 
 auth:
-  baseUrl: https://auth.nucleuscloud.dev
+  baseUrl: https://auth.nucleuscloud.dev/
   audience: https://api.nucleuscloud.com
 
 temporal:

diff --git a/backend/gen/go/protos/mgmt/v1alpha1/auth.pb.go b/backend/gen/go/protos/mgmt/v1alpha1/auth.pb.go