Bearer auth documentation #460
Conversation
shawn-hurley
force-pushed
the
bearer-auth-documentation
branch
from
5e10554
to
d437055
Compare
docs/auth.md
Outdated
| **Note: When using OpenShift 3.6 the only option for authentication is Basic Auth. Basic Auth must be enabled to true.** | ||
|
|
||
| ### Basic Auth | ||
| The below section will focus on the imlementation of basic auth. |
There was a problem hiding this comment.
TYPO: imlementation -> implementation
| Typically the broker is configured via a | ||
| [ConfigMap](https://docs.openshift.com/container-platform/3.5/dev_guide/configmaps.html) in a deployment template. | ||
| ##### Deployment template | ||
| Typically the broker is configured via a [ConfigMap](https://docs.openshift.com/container-platform/3.5/dev_guide/configmaps.html) in a deployment template. |
There was a problem hiding this comment.
What changed in this line?
There was a problem hiding this comment.
I stopped the new line. It was creating a new line at via a I put them on the same line. I thought it looked really odd.
| @@ -123,7 +124,7 @@ spec: | |||
| name: asb-auth-secret | |||
| ``` | |||
|
|
|||
| Starting wtih v0.0.17 of the service catalog the broker resource configuration changes. | |||
| Starting with v0.0.17 of the service catalog the broker resource configuration changes. | |||
| The below section will focus on the bearer token auth. | ||
|
|
||
| #### Configuration | ||
| By default, if no authentication is specified the broker will use bearer token auth. The bearer token authentication will use delegated auth from the [kubernetes apiserver](https://github.com/kubernetes/apiserver) library. |
docs/auth.md
Outdated
| #### Configuration | ||
| By default, if no authentication is specified the broker will use bearer token auth. The bearer token authentication will use delegated auth from the [kubernetes apiserver](https://github.com/kubernetes/apiserver) library. | ||
|
|
||
| The configuration is to grant access, through [kubernetes RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) roles and role-bindings, to the url prefix. The broker has added a configuration option `cluster_url` to specify the url_prefx. This value will default to `ansible-service-broker`. |
There was a problem hiding this comment.
I'd wrap the line better but the important one is 👍
TYPO: url_prefx -> url_prefix
docs/auth.md
Outdated
| ``` | ||
|
|
||
| #### Deployment template and secrets | ||
| Here is an example of creating a secret that the service catalog can use, from the above role that will grant access. From the [deployment template](https://github.com/openshift/ansible-service-broker/blob/master/templates/deploy-ansible-service-broker.template.yaml#L224-L248): |
There was a problem hiding this comment.
I'm having a hard time parsing the first sentence.
Here is an example of creating a secret that the service catalog can use, from the above role that will grant access.
the last part feels confusing: from the above role that will grant access
See if you can reword that a little more clearly. Right now I'm struggling coming up with a better way to phrase it though.
| ## Developer section | ||
|
|
||
| ### Auth design | ||
| ### Basic Auth design | ||
|
|
||
| The authentication system is built with a set of interfaces to allow for easily | ||
| adding new methods of authentication. The 3 core interfaces are: Provider, |
|
Excellent job failing travis with a document change :) @rthallisey is this the same CI problem we've been seeing lately? |
docs/auth.md
Outdated
|
|
||
| Bearer auth is using the [kubernetes apiserver](https://github.com/kubernetes/apiserver) to do delegated authentication and authorization. Kubernetes team will keep this library up to date. | ||
|
|
||
| The first thing that you need to do when setting up the generic api server is to tell it the cert, key, port, and address to listen on. You are going to use the [`SecureServingOptions`](https://github.com/kubernetes/apiserver/blob/master/pkg/server/options/serving.go#L38) to set these values. |
There was a problem hiding this comment.
I think you should use a permalink for the kubernetes link.
There was a problem hiding this comment.
I see a handful of other references to master, I think they should all be permalinks.
Source: have read a doc that pointed to master and it was no longer the line that they had intended in the doc.
Describe what this PR does and why we need it:
Follow on PR for #445 for the documentation
Changes proposed in this pull request
Does this PR depend on another PR (Use this to track when PRs should be merged)
depends-on
N/A
Which issue this PR fixes (This will close that issue when PR gets merged)
N/A