salt: Use csc framework to configure shell UI

Refs: #3175
scality · Mar 12, 2021 · 480e0d9 · 480e0d9
1 parent a53588f
commit 480e0d9
Show file tree

Hide file tree

Showing 6 changed files with 193 additions and 19 deletions.
diff --git a/buildchain/buildchain/salt_tree.py b/buildchain/buildchain/salt_tree.py
@@ -365,6 +365,7 @@ def _get_parts(self) -> Iterator[str]:
     Path("salt/metalk8s/addons/ui/deployed/dependencies.sls"),
     Path("salt/metalk8s/addons/ui/deployed/ingress.sls"),
     Path("salt/metalk8s/addons/ui/deployed/init.sls"),
+    Path("salt/metalk8s/addons/ui/config/metalk8s-shell-ui-config.yaml.j2"),
     Path("salt/metalk8s/addons/ui/config/metalk8s-ui-config.yaml"),
     targets.TemplateFile(
         task_name="salt/metalk8s/addons/ui/config/metalk8s-theme.yaml",

diff --git a/docs/developer/architecture/configurations.rst b/docs/developer/architecture/configurations.rst
@@ -47,6 +47,8 @@ customize on-site in order to match with my environment specificities:
   deployments
 - Changing the path on which the metalk8s ui is deployed
 - Adapting UI theme to custom colors
+- Modifying OIDC provider, client ID or scopes
+- Adding custom menu entries
 
 .. note::
 

diff --git a/docs/operation/cluster_and_service_configuration.rst b/docs/operation/cluster_and_service_configuration.rst
@@ -114,6 +114,20 @@ The default theme for Metalk8s UI are specified below:
 
 See :ref:`csc-ui-theme-customization` to override these defaults.
 
+Shell UI Default Configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+MetalK8s shell UI provides a set of features available to Metalk8s UI and
+solutions UIs.
+It includes authentication through OIDC and menu items management.
+
+The default Shell UI configuration values are specified below:
+
+.. literalinclude:: ../../salt/metalk8s/addons/ui/config/metalk8s-shell-ui-config.yaml
+   :language: yaml
+   :lines: 3-
+
+See :ref:`csc-shell-ui-config-customization` to override these defaults.
 
 Service Configurations Customization
 ------------------------------------
@@ -765,6 +779,111 @@ Once the theme edited, you would need to apply your changes by running :
                          salt-master-bootstrap -- salt-run state.sls \\
                          metalk8s.addons.ui.deployed saltenv=metalk8s-|version|
 
+.. _csc-shell-ui-config-customization:
+
+Metalk8s Shell UI Configuration Customization
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Default configuration for MetalK8s Shell UI can be overridden by editing its
+Cluster and Service ConfigMap ``metalk8s-shell-ui-config`` in namespace
+``metalk8s-ui`` under the key ``data.config\.yaml``:
+
+  .. code-block:: shell
+
+    root@bootstrap $ kubectl --kubeconfig /etc/kubernetes/admin.conf \
+                        edit configmap -n metalk8s-ui \
+                        metalk8s-shell-ui-config
+
+Changing UI OIDC configuration
+""""""""""""""""""""""""""""""
+
+Sometimes you may want to adapt client id or scopes used to retrieve an OIDC
+token in the UI.
+In order to do this UI OIDC Configuration can be changed by modifying Shell
+UI configuration.
+
+For example, in order to define "ui" as a the new client id instead of
+metalk8s-ui by default you have to follow these steps:
+
+#. Edit the configmap
+
+.. code-block:: shell
+
+    root@bootstrap $ kubectl --kubeconfig /etc/kubernetes/admin.conf \
+                    edit configmap -n metalk8s-ui \
+                    metalk8s-shell-ui-config
+
+#. Add the following entry
+
+.. code-block:: yaml
+
+    apiVersion: v1
+    kind: ConfigMap
+    data:
+      config.yaml: |-
+        apiVersion: addons.metalk8s.scality.com
+        kind: Metalk8sShellUIConfig
+        spec:
+          # [...]
+          oidc:
+            # [...]
+            clientId: "ui"
+
+#. Apply your changes by running :
+
+.. parsed-literal::
+
+      root\@bootstrap $ kubectl exec -n kube-system -c salt-master \\
+                         --kubeconfig /etc/kubernetes/admin.conf \\
+                         salt-master-bootstrap -- salt-run state.sls \\
+                         metalk8s.addons.ui.deployed saltenv=metalk8s-|version|
+
+You can similarly edit the requested scopes through the "scopes" attribute or
+the OIDC provider url through the "providerUrl" attribute.
+
+Changing UI menu entries
+""""""""""""""""""""""""
+
+You can edit UI menu entries by following these steps :
+
+#. Edit the configmap
+
+.. code-block:: shell
+
+    root@bootstrap $ kubectl --kubeconfig /etc/kubernetes/admin.conf \
+                    edit configmap -n metalk8s-ui \
+                    metalk8s-shell-ui-config
+
+#. Edit the options entry, for example here we add a Scality entry
+in the main menu pointing to scality website :
+
+.. code-block:: yaml
+
+    apiVersion: v1
+    kind: ConfigMap
+    data:
+      config.yaml: |-
+        apiVersion: addons.metalk8s.scality.com
+        kind: Metalk8sShellUIConfig
+        spec:
+          # [...]
+          options:
+            # [...]
+            main:
+              # [...]
+              https://www.scality.com/:
+                en: "Scality"
+                fr: "Scality"
+
+#. Apply your changes by running :
+
+.. parsed-literal::
+
+      root\@bootstrap $ kubectl exec -n kube-system -c salt-master \\
+                          --kubeconfig /etc/kubernetes/admin.conf \\
+                          salt-master-bootstrap -- salt-run state.sls \\
+                          metalk8s.addons.ui.deployed saltenv=metalk8s-|version|
+
 Replicas Count Customization
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

diff --git a/salt/metalk8s/addons/ui/config/metalk8s-shell-ui-config.yaml.j2 b/salt/metalk8s/addons/ui/config/metalk8s-shell-ui-config.yaml.j2
@@ -0,0 +1,28 @@
+#!jinja|yaml
+
+# Defaults for shell UI configuration
+apiVersion: addons.metalk8s.scality.com
+kind: Metalk8sShellUIConfig
+spec:
+  oidc:
+    providerUrl: "/oidc"
+    redirectUrl: "https://{{ grains.metalk8s.control_plane_ip }}:8443/"
+    clientId: "metalk8s-ui"
+    responseType: "id_token"
+    scopes: "openid profile email groups offline_access audience:server:client_id:oidc-auth-client"
+  userGroupsMapping:
+    admin@metalk8s.invalid:
+      - admin
+  options:
+    main:
+      https://{{ grains.metalk8s.control_plane_ip }}:8443/:
+        en: "Platform"
+        fr: "Plateforme"
+      https://{{ grains.metalk8s.control_plane_ip }}:8443/alerts:
+        en: "Alerts"
+        fr: "Alertes"
+    subLogin:
+      https://{{ grains.metalk8s.control_plane_ip }}:8443/docs:
+        en: "Documentation"
+        fr: "Documentation"
+
diff --git a/salt/metalk8s/addons/ui/deployed/ui-configuration.sls b/salt/metalk8s/addons/ui/deployed/ui-configuration.sls
@@ -17,6 +17,14 @@ include:
   )
 %}
 
+{%- set metalk8s_shell_ui_config = salt.metalk8s_kubernetes.get_object(
+        kind='ConfigMap',
+        apiVersion='v1',
+        namespace='metalk8s-ui',
+        name='metalk8s-shell-ui-config',
+  )
+%}
+
 {%- if metalk8s_ui_config is none %}
 
 Create metalk8s-ui-config ConfigMap:
@@ -63,3 +71,26 @@ metalk8s-theme ConfigMap already exist:
   test.succeed_without_changes: []
 
 {%- endif %}
+
+{%- if metalk8s_shell_ui_config is none %}
+
+Create metalk8s-shell-ui-config ConfigMap:
+  metalk8s_kubernetes.object_present:
+    - manifest:
+        apiVersion: v1
+        kind: ConfigMap
+        metadata:
+          name: metalk8s-shell-ui-config
+          namespace: metalk8s-ui
+        data:
+          config.yaml: |-
+            apiVersion: addons.metalk8s.scality.com
+            kind: Metalk8sShellUIConfig
+            spec: {}
+
+{%- else %}
+
+metalk8s-theme ConfigMap already exist:
+  test.succeed_without_changes: []
+
+{%- endif %}
diff --git a/salt/metalk8s/addons/ui/deployed/ui.sls.in b/salt/metalk8s/addons/ui/deployed/ui.sls.in
@@ -27,6 +27,16 @@ include:
     )
 %}
 
+{%- set metalk8s_shell_ui_defaults = salt.slsutil.renderer(
+        'salt://metalk8s/addons/ui/config/metalk8s-shell-ui-config.yaml.j2', saltenv=saltenv
+    )
+%}
+
+{%- set metalk8s_shell_ui_config = salt.metalk8s_service_configuration.get_service_conf(
+        'metalk8s-ui', 'metalk8s-shell-ui-config', metalk8s_shell_ui_defaults
+    )
+%}
+
 Create metalk8s-ui deployment:
   metalk8s_kubernetes.object_present:
     - name: salt://{{ slspath }}/files/metalk8s-ui-deployment.yaml
@@ -82,25 +92,8 @@ Create shell-ui ConfigMap:
           name: shell-ui
           namespace: metalk8s-ui
         data:
-          config.json: |
-            {
-              "oidc": {
-                "providerUrl": "/oidc",
-                "redirectUrl": "https://{{ ingress_control_plane }}/",
-                "clientId": "metalk8s-ui",
-                "responseType": "id_token",
-                "scopes": "openid profile email groups offline_access audience:server:client_id:oidc-auth-client"
-              },
-              "options": {
-                "main": {
-                    "https://{{ ingress_control_plane }}/":{ "en": "Platform", "fr": "Plateforme" },
-                    "https://{{ ingress_control_plane }}/alerts":{ "en": "Alerts", "fr": "Alertes" }
-                },
-                "subLogin": {
-                    "https://{{ ingress_control_plane }}/docs":{ "en": "Documentation", "fr": "Documentation" }
-                }
-              }
-            }
+          config.json: |-
+            {{ metalk8s_shell_ui_config.spec | tojson }}
 
 Create ui-branding ConfigMap:
   metalk8s_kubernetes.object_present: