Add Identity environment variables for multi-tenancy and clients #5339
Conversation
|
👋 🤖 🤔 Hello, @conceptualshark! Did you make your changes in all the right places? These files were changed only in versioned_docs/version-8.7/. You might want to duplicate these changes in docs/.
You may have done this intentionally, but we wanted to point it out in case you didn't. You can read more about the versioning within our docs in our documentation guidelines. |
conceptualshark
added
component:identity
There was a problem hiding this comment.
@FarkasRabai @Ben-Sheppard @akeller I've left some comments here with my questions for areas I had to fill in or couldn't find an answer for. The preview environment page is available here: https://preview.docs.camunda.cloud/pr-5339/docs/8.7/self-managed/identity/deployment/configuration-variables/#multi-tenancy
Also, is there any standard around what is allowed in an ID? It would be nice to add to the descriptions.
Should this go into 8.8 as well, assuming it will still be valid for non-Orchestration cluster Identity?
| | -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | | ||
| | `IDENTITY_TENANTS_0_NAME` | A human-readable name for the tenant. | Default | | ||
| | `IDENTITY_TENANTS_0_TENANTID` | The tenant ID. The `<default>` tenant is automatically created during Identity startup. | `<default>` | | ||
| | `IDENTITY_TENANTS_0_MEMBERS_0_TYPE` | The type of member to add to the tenant, one of `GROUP`, `USER`, or `APPLICATION`. Additional members can be added by incrementing the second `0` value (for example, `IDENTITY_TENANTS_0_MEMBERS_1_TYPE`.) | `APPLICATION` | |
There was a problem hiding this comment.
I had to backward engineer this a bit. Are these the only available types?
| | `IDENTITY_TENANTS_0_MEMBERS_0_USERNAME` | If adding a **user** as a member of the tenant, the username. If additional members have been added to the tenant, ensure the second `0` value matches that of its type (for example, `IDENTITY_TENANTS_0_MEMBERS_1_USERNAME`). | `user-name` | | ||
| | `IDENTITY_TENANTS_0_MEMBERS_0_GROUPNAME` | If adding a **group** as a member of the tenant, the name of the group. If additional members have been added to the tenant, ensure the second `0` value matches that of its type (for example, `IDENTITY_TENANTS_0_MEMBERS_1_GROUPNAME`). | `group-name` | |
There was a problem hiding this comment.
Same as above, are these the only other configurable options for users and groups added as tenant members?
| | `IDENTITY_ENVIRONMENT_TENANTS_0_NAME` | Needs description. | Default | | ||
| | `IDENTITY_ENVIRONMENT_TENANTS_0_TENANTID` | Needs description. | `<default>` | |
There was a problem hiding this comment.
I could not find any description for the ENVIRONMENT variables.
|
|
||
| ## Configure clients | ||
|
|
||
| The following variables can be used to configure [clients](/self-managed/identity/user-guide/additional-features/incorporate-applications.md). To add additional clients, increment the `0` value for each variable (for example, `KEYCLOAK_CLIENTS_1_NAME`). |
There was a problem hiding this comment.
Is this the appropriate link? Is a client any of these applications?
| | `KEYCLOAK_CLIENTS_0_NAME` | A human-readable name for the client. | zeebe | | ||
| | `KEYCLOAK_CLIENTS_0_ID` | The client ID. | `${ZEEBE_CLIENT_ID}` | | ||
| | `KEYCLOAK_CLIENTS_0_SECRET` | The client secret. | `${ZEEBE_CLIENT_SECRET}` | | ||
| | `KEYCLOAK_CLIENTS_0_TYPE` | The type of client, one of `CONFIDENTIAL`, `PUBLIC`, or `M2M`. | `M2M` | |
There was a problem hiding this comment.
The initial ticket only specified M2M, but it seems like all of these are available.
| ``` | ||
| keycloak: | ||
| clients: | ||
| - name: "Test Application" | ||
| id: test-application | ||
| secret: your-secret | ||
| type: M2M | ||
| permissions: | ||
| - resource-server-id: : zeebe-api | ||
| definition: write:* | ||
| ``` |
There was a problem hiding this comment.
I had to backward engineer this. Can someone verify this is valid?
|
The preview environment relating to the commit 9aabe8f has successfully been deployed. You can access it at https://preview.docs.camunda.cloud/pr-5339/index.html |
Description
Resolves #3446
Adds environment variables around configuring multi-tenancy options to the Identity configuration. Will backport to 8.6 when the content is technically accurate.
This is a draft, as I am unsure if this list is complete or if these descriptions are accurate. Looking for feedback on that!
When should this change go live?
bugorsupportlabel)available & undocumentedlabel)holdlabel)low priolabel)PR Checklist
/docsdirectory (version 8.8)./versioned_docs/version-8.7/directory (version 8.7)./versioned_docsdirectory.@camunda/tech-writersunless working with an embedded writer.