You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
* Remove oatuh2 setup for gitopsRemoved toc entries for OAuth2 setup for gitops and updated Manage Git PATS article with conditions as needed* Update git-tokens.md* Update oauth-setup.md* Update manage-runtimes.md
Copy file name to clipboardExpand all lines: _docs/administration/user-self-management/manage-pats.md
+42-9Lines changed: 42 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ toc: true
8
8
##Git user token management
9
9
As a user in Codefresh, you must authorize access to your Git provider accounts and authenticate Git-based actions from Codefresh clients, per provisioned GitOps Runtime. This is done through the Git user token, which is an access token unique to each user. For more details, including required scopes and how the Git user token differs from the Git Runtime token, see[Git tokens in Codefresh]({{site.baseurl}}/docs/security/git-tokens/).
10
10
11
-
11
+
{% if page.collection != site.gitops_collection %}
12
12
The authorization mode depends on the authorization method set up by your account admin:
13
13
***OAuth2**
14
14
If your admin has set up authentication with OAuth2, you can authorize access using OAuth2.
@@ -27,18 +27,14 @@ If you have access to more than one GitOps Runtime in the same or in different a
27
27
For OAuth2, the administrator pre-configures the permissions and expiry date. Once you supply your credentials for authorization, you are automatically directed to the Git Personal Tokens page.
28
28
29
29
#####Before you begin
30
-
{% if page.collection != site.gitops_collection %}
31
30
Make sure you have:
32
31
* For Bitbucket only, your Bitbucket account username
33
32
* If needed, a_user access token_ from your Git provider with the required scopes:
* Make sure you have a_user access token_ with the required scopes for[GitHub](#generate-github-user-access-tokens)
41
-
{% endif %}
42
38
43
39
#####How to
44
40
1. In the Codefresh UI, on the toolbar, click your avatar, and then select**Git Personal Access Token**.
@@ -50,9 +46,7 @@ Make sure you have:
50
46
1. Complete the verification if required, as when two-factor authentication is configured, for example.
51
47
* For**Git user tokens**:
52
48
1. Expand**Advanced authorization options**.
53
-
{% if page.collection != site.gitops_collection %}
54
49
1. For Bitbucket, enter your**Bitbucket username**.
55
-
{% endif %}
56
50
1. In the**Personal Access Token** field, paste the token you generated.
57
51
58
52
{%
@@ -69,15 +63,54 @@ max-width="50%"
69
63
{:start="4"}
70
64
1. Click**Add Token**.
71
65
In the Git Personal Access Tokens list, you can see that the new token is assigned to the GitOps Runtime.
66
+
{% endif %}
67
+
68
+
69
+
{% if page.collection == site.gitops_collection %}
70
+
>**NOTE**
71
+
Codefresh GitOps does not officially support fine-grained tokens, or tokens with custom scopes. If you are using such tokens, make sure you turn off validation for Git tokens in the`values.yaml` file, as described in[Skipping token values.yaml]({{site.baseurl}}/docs/security/git-tokens#skipping-token-validation-in-valuesyaml).
72
+
73
+
##Authorize Git access to GitOps Runtimes
74
+
Authorize Git access to GitOps Runtimes through Git user access tokens from your Git provider.
75
+
76
+
If you have access to more than one GitOps Runtime in the same or in different accounts, you can use the same Git user token for all the Runtimes you have access to._You must however authorize access for each GitOps Runtime individually_.
77
+
78
+
79
+
#####Before you begin
80
+
81
+
* Make sure you have a_user access token_ with the required scopes for[GitHub](#generate-github-user-access-tokens)
82
+
83
+
#####How to
84
+
1. In the Codefresh UI, on the toolbar, click your avatar, and then select**Git Personal Access Token**.
85
+
1. Select the GitOps Runtime to authenticate to, and then click**Add Token**.
86
+
1. For**Git user tokens**:
87
+
1. Expand**Advanced authorization options**.
88
+
1. In the**Personal Access Token** field, paste the token you generated.
alt="Authorize access to GitOps Runtime with OAuth/Git user token"
97
+
caption="Authorize access to GitOps Runtime with OAuth/Git user token"
98
+
max-width="50%"
99
+
%}
100
+
101
+
{:start="4"}
102
+
1. Click**Add Token**.
103
+
In the Git Personal Access Tokens list, you can see that the new token is assigned to the GitOps Runtime.
104
+
{% endif %}
72
105
73
106
##Manage Git user tokens for GitOps Runtimes
74
-
Once you authorize access to one or more GitOps Runtimes through OAuth or Git user tokens, the GitOps Runtimes and their associated tokens are listed in the Git Personal Access Tokens page.
107
+
Once you authorize access to one or more GitOps Runtimes through{% if page.collection != site.gitops_collection %}OAuth or{% endif %} Git user tokens, the GitOps Runtimes and their associated tokens are listed in the Git Personal Access Tokens page.
75
108
76
109
#####Manage Git user access tokens
77
110
You can manage Git user tokens for any GitOps Runtime, without affecting the GitOps Runtime at the account-level. Deleting the Git user token for a GitOps Runtime will deny_you_ access to the Git repositories, Git Sources and other resources associated with that Runtime, while the Runtime itself is not affected.
78
111
79
112
#####Notifications for GitOps Runtimes
80
-
If you have turned on notifications for GitOps Runtimes, Codefresh alerts you toGitOps Runtimes with invalid or expired Git personal access tokens.
113
+
If you have turned on notifications for GitOps Runtimes, Codefresh alerts you tothose Runtimes with invalid or expired Git personal access tokens.
81
114
You can turn off these notifications for selectively for Runtimes for which these alerts are less critical.
Copy file name to clipboardExpand all lines: _docs/installation/gitops/manage-runtimes.md
+31-2Lines changed: 31 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -255,17 +255,21 @@ Otherwise, you have to update Git tokens in the following situations:
255
255
* Invalid, revoked, or expired tokens<br>
256
256
Codefresh automatically flags Runtimes with such tokens. It is mandatory to update the Git tokens to continue working with the platform.
257
257
258
+
{% if page.collection != site.gitops_collection %}
258
259
**Update methods**<br>
259
260
The methods for updating any Git token are the same regardless of the reason for the update:
260
261
* OAuth2 authorization, if your admin has registered an OAuth Application for Codefresh.
261
-
* Git access token authentication, by generating a Git Runtime token in your Git provider account with the correct scopes.
262
-
You can update your Git Runtime token in the UI or through the CLI.
262
+
* Git access token authentication, by generating a Git user token in your Git provider account with the correct scopes.
263
+
You can update your Git token in the UI or through the CLI.
264
+
{% endif %}
265
+
263
266
264
267
### Update Git Runtime credentials in Codefresh UI
265
268
266
269
**Before you begin**
267
270
* To authenticate through a Git Runtime token, make sure your token is valid and has the [required scopes]({{site.baseurl}}/docs/security/git-tokens/#git-runtime-token-scopes)
268
271
272
+
{% if page.collection != site.gitops_collection %}
269
273
**How to**
270
274
1. In the Codefresh UI, on the toolbar, click the **Settings** icon.
271
275
1. From the sidebar, select **GitOps Runtimes**.
@@ -310,6 +314,31 @@ The methods for updating any Git token are the same regardless of the reason for
310
314
{:start="7"}
311
315
1. For Git token authentication, paste the generated token in the **Git runtime token** field.
312
316
1. Click **Update Credentials**.
317
+
{% endif %}
318
+
319
+
{% if page.collection == site.gitops_collection %}
320
+
**How to**
321
+
1. In the Codefresh UI, on the toolbar, click the **Settings** icon.
322
+
1. From the sidebar, select **GitOps Runtimes**.
323
+
1. Switch to the **List View**.
324
+
1. Do one of the following:
325
+
* To the right of the row with the Runtime to update, click the context menu and select **Update Git Runtime Credentials**.
326
+
* Click the Runtime name, click the context-menu on the top-right, and then select **Update Git Runtime Credentials**.
Copy file name to clipboardExpand all lines: _docs/security/git-tokens.md
-2Lines changed: 0 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -36,8 +36,6 @@ Codefresh needs access to Git repositories for reading and writing to configurat
36
36
###GitOps Runtime token and secret
37
37
The Git Runtime token is the personal access token provided during Runtime installation and is automatically converted to a secret. The secret for the Runtime repository is stored in the`runtime-repo-creds-secret` secret, labeled with`argocd.argoproj.io/secret-type: repo-creds`.
38
38
39
-
This label
40
-
The Runtime uses the same credentials
41
39
42
40
The secret:
43
41
* Allows Argo CD to use the credentials to clone and pull data from the repositories it syncs from for read-only operations.