5e7fc110b2
The idp_groups is list of groups IdP user belongs to that is returning
in the OIdC providers token response. The flow of Idp Group mapping is
as follows:
OIdC Provider (OP) return custom claim with groups in a token when
authentication event
|
The value of custom claim is mapped to `idp_groups` of identity
traint using JsonNet mapper.
|
On inserting/updating/deleting `identities` table, Postgresql
sends a pg_notification with
`PG_OPERATION,IDENTITY_ID,IDENTITY_TRAIN` as a payload.
|
The `pkg/service/user.UserService.UpdateIdpUserGroupPolicy` update
the casbin policies for each notification based on payload received.
Rcloud Base
This repository contains all the rcloud-system components that are the backbone for ztka and gitops.
Prerequisites
- Postgres: Primary database
- Ory Kratos: API for user management
- Elasticsearch: Storage for audit logs
You can use the bitnami/charts for postgres and elastic/helm-charts for elasticsearch.
Development setup
Using docker-compose
Run following Docker Compose command to setup all requirements like Postgres db, Kratos etc. for the rcloud-base.
This will start up postgres and elasticsearch as well as kratos and run the kratos migrations. It will also run all the necessary migrations. It also starts up a mail slurper for you to use Kratos.
docker-compose --env-file ./env.example up -d
Start rcloud-base:
go run github.com/RafayLabs/rcloud-base
Manual
Start databases
Postgres
docker run --network host \
--env POSTGRES_HOST_AUTH_METHOD=trust \
-v pgdata:/var/lib/postgresql/data \
-it postgres
Elasticsearch
docker run --network host \
-v elastic-data:/usr/share/elasticsearch/data \
-e "discovery.type=single-node" \
-e "xpack.security.enabled=false" \
-it docker.elastic.co/elasticsearch/elasticsearch:8.0.0
Create the initial db and user
create database admindb;
CREATE ROLE admindbuser WITH LOGIN PASSWORD '<your_password>';
GRANT ALL PRIVILEGES ON DATABASE admindb to admindbuser;
Ory Kratos
Install Ory Kratos using the installation guide from Kratos documentation.
Perform the Kratos migrations:
export DSN='postgres://<user>:<pass>@<host>:<port>/admindb?sslmode=disable'
kratos -c <kratos-config> migrate sql -e --yes
Start the Ory Kratos server using kratos config provided in _kratos directory.
Run application migrations
We use golang-migrate to perform migrations.
Install golang-migrate
go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@latest
-tags 'postgres' is important as otherwise it compiles without postgres support
You can refer to the guide for full details.
Run migrations
It is required to perform Kratos migrations before this step.
export POSTGRESQL_URL='postgres://<user>:<pass>@<host>:<port>/admindb?sslmode=disable'
migrate -path ./persistence/migrations/admindb -database "$POSTGRESQL_URL" up
See cli-usage for more info.
Start application
Start rcloud-base:
go run github.com/RafayLabs/rcloud-base