You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _docs/administration/account-user-management/oauth-setup.md
+26-75Lines changed: 26 additions & 75 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,12 +7,11 @@ toc: true
7
7
---
8
8
9
9
##OAuth2 authentication for GitOps
10
-
Codefresh integrates with the Git provider defined for the GitOps Runtime to sync repositories to your clusters, implementing Git-based operations when creating resources such as applications, and enriching images with valuable information.
10
+
Codefresh integrates withGitHub Cloud asthe Git provider defined for the GitOps Runtime to sync repositories to your clusters, implementing Git-based operations when creating resources such as applications, and enriching images with valuable information.
11
11
12
12
As the account administrator, you can select the authentication method for the account associated with the Runtime.
13
-
Users in the account can then authorize access to the Git provider through the defined mechanism.
13
+
Users in the account can then authorize access toGitHub asthe Git provider through the defined mechanism.
14
14
15
-
{% if page.collection != site.gitops_collection %}
16
15
{% include
17
16
image.html
18
17
lightbox="true"
@@ -26,30 +25,15 @@ Users in the account can then authorize access to the Git provider through the d
26
25
Codefresh supports OAuth2 or personal access tokens (PATs) for authentication:
27
26
28
27
***OAuth2 with Codefresh OAuth Application or custom OAuth2 Application**
29
-
OAuth2 is the preferred authentication mechanism, supported forpopular Git providers such asGitHub, GitHub Enterprise, GitLab Cloud and Server, and Bitbucket Cloud and Server.
28
+
OAuth2 is the preferred authentication mechanism, supported for GitHub.
30
29
You have the option to use the default predefined Codefresh OAuth Application, or a custom Oauth2 Application for Codefresh in your Git provider account.
31
30
32
-
To use a custom Oauth2 Application for Codefresh, first create the application in yourGit provider account, then create a secret on your K8s cluster, and finally configure OAuth2 access for the custom application in Authentication > Settings. <br>
31
+
To use a custom Oauth2 Application for Codefresh, first create the application in yourGitHub account, then create a secret on your K8s cluster, and finally configure OAuth2 access for the custom application in Authentication > Settings. <br>
33
32
See[Create a custom OAuth2 Application for Git provider](#create-a-custom-oauth2-application-for-git-provider) in this article.
34
33
35
34
***Token-based authentication using PAT**
36
-
With token-based authentication, users must generate personal access tokensfrom theirGit providers with the required scopes and enter their personal access tokens when prompted to authorize access.<br>
35
+
With token-based authentication, users must generate personal access tokensfor theirGitHub accounts with the required scopes and enter their personal access tokens when prompted to authorize access.<br>
37
36
See[Authorize Git access in Codefresh]({{site.baseurl}}/docs/administration/user-self-management/user-settings/#git-provider-private-access).
38
-
{% endif %}
39
-
40
-
{% if page.collection == site.gitops_collection %}
41
-
Codefresh supports OAuth2 or personal access tokens (PATs) for authentication:
42
-
43
-
***OAuth2 with Codefresh OAuth Application or custom OAuth2 Application**
44
-
OAuth2 is the preferred authentication mechanism for GitHub. You have the option to use the default predefined Codefresh OAuth Application, or a custom Oauth2 Application for Codefresh in your Git provider account.
45
-
46
-
To use a custom Oauth2 Application for Codefresh, first create the application in your Git provider account, then create a secret on your K8s cluster, and finally configure OAuth2 access for the custom application in Authentication > Settings. <br>
47
-
See[Create a custom OAuth2 Application for Git provider](#create-a-custom-oauth2-application-for-git-provider) in this article.
48
-
49
-
***Token-based authentication using PAT**
50
-
With token-based authentication, users must generate personal access tokens with the required scopes in their GitHub accounts, and enter their personal access tokens when prompted to authorize access.<br>
51
-
See[Authorize Git access in Codefresh]({{site.baseurl}}/docs/administration/user-self-management/user-settings/#git-provider-private-access).
52
-
{% endif %}
53
37
54
38
55
39
##Authentication for Git providers and Runtime accounts
@@ -72,16 +56,7 @@ As the account administrator, you can change the authentication method for a Git
72
56
73
57
74
58
##Create a custom OAuth2 Application for Git provider
75
-
Create a custom OAuth2 Application for Codefresh in your Git provider account with the correct scopes, and set up authentication for the same within Codefresh. Users can then authorize access to the Git provider using OAuth2, instead of a personal access token.
76
-
77
-
{% if page.collection != site.gitops_collection %}
78
-
Supported Git providers:
79
-
* GitHub and GitHub Enterprise
80
-
* GitLab Cloud and GitLab Server
81
-
* Bitbucket Cloud (hosted) and Bitbucket Data Center (hybrid)
82
-
{% endif %}
83
-
84
-
<br>
59
+
Create a custom OAuth2 Application for Codefresh in your GitHub account with the correct scopes, and set up authentication for the same within Codefresh. Users can then authorize access using OAuth2, instead of a personal access token.
85
60
86
61
87
62
To set up OAuth2 authorization in Codefresh, you must:
@@ -94,48 +69,27 @@ To set up OAuth2 authorization in Codefresh, you must:
94
69
###Step 1: Create a custom OAuth2 Application in Git
95
70
Create and register an OAuth App under your organization to authorize Codefresh.
96
71
97
-
1. Follow the step-by-step instructions for your Git provider:
`<ingressHost>` is the IP address or URL of the ingress host in the runtime cluster.
122
-
123
-
>**NOTE**
124
-
OAuth2 is not supported for hybrid runtimes with Bitbucket Cloud as the Git provider. Users can authorize access with their[Git personal access tokens]({{site.baseurl}}/docs/administration/user-self-management/user-settings/#authorize-git-access-in-codefresh) in such cases.
125
-
{% endif %}
72
+
{:start="1"}
73
+
1. For[GitHub](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app){:target="\_blank"}, do the following:
74
+
* For**Authorization callback URL**, enter this value:
`<ingressHost>` is the IP address or URL of the ingress host in the Runtime cluster as defined in your`values.yaml`. <br>
78
+
For tunnel-based access modes, run the command`codefresh runtime list` to retrieve the correct host.
79
+
* Make sure**Enable Device Flow** is_not_ selected.
80
+
* Select**Register application**.<br>
81
+
The client ID is automatically generated, and you are prompted to generate the client secret.
82
+
* Select**Generate a new client secret**, and copy the generated secret.
126
83
127
84
{:start="2"}
128
-
1. Note down the following, as you will need them to create the K8s secret for the Git OAuth2 application:
129
-
* GitHub: Application ID from the URL, Client ID, and the client secret
130
-
* GitLab Cloud and Server: Application ID and Secret
131
-
* Bitbucket Data Center: Key and Secret
132
-
85
+
1. Note down the following, as you will need them to create the K8s secret for the Git OAuth2 application:<br>
86
+
* Application ID from the URL, Client ID, and the client secret
133
87
134
88
<br>
135
89
136
90
137
91
###Step 2: Create a K8s secret resource in the runtime cluster
138
-
Create a K8s secret in theruntime cluster, using the example below as a guideline. You must define the application ID (`appId`), client ID (`clientId`) and the client secret (`clientSecret`) from the OAuth2 Application you created in yourGit provider, and the Git URL (`url`).
92
+
Create a K8s secret in theRuntime cluster, using the example below as a guideline. You must define the application ID (`appId`), client ID (`clientId`) and the client secret (`clientSecret`) from the OAuth2 Application you created in yourGitHub account, and the Git URL (`url`).
139
93
140
94
>**NOTE**
141
95
All fields in the secret_must be_ encoded in`base64`.
@@ -145,11 +99,8 @@ Create a K8s secret in the runtime cluster, using the example below as a guideli
145
99
#####Before you begin
146
100
147
101
Make sure you have the following handy:
148
-
* GitHub: Application ID from the URL, Client ID, and the client secret
149
-
{% if page.collection != site.gitops_collection %}
150
-
* GitLab Cloud and Server: Application ID and Secret
151
-
* Bitbucket Data Center: Key and Secret
152
-
{% endif %}
102
+
* Application ID from the URL, Client ID, and the client secret
103
+
153
104
154
105
#####How to
155
106
@@ -199,7 +150,7 @@ The values for all the settings in the ConfigMap are the `keys` in the secret fi
199
150
If you have managed clusters registered to the selected Runtime, the authentication account is available to all the clusters.
200
151
{{site.data.callout.end}}
201
152
202
-
The settings pageis opened in **Form** mode.
153
+
The settings pageopens in **Form** mode.
203
154
204
155
{% include
205
156
image.html
@@ -211,7 +162,7 @@ The values for all the settings in the ConfigMap are the `keys` in the secret fi
211
162
max-width="50%"
212
163
%}
213
164
214
-
{:start="4"}
165
+
{:start="5"}
215
166
1. Configure the settings for the **Git OAuth2 Application**, either in **Form** or in **YAML** modes:
216
167
* **Secret Name**: The name of the K8s secret file you created in the runtime cluster.
217
168
* **Secret Namespace**: The namespace in the runtime cluster where you created the K8s secret.
@@ -220,7 +171,7 @@ The values for all the settings in the ConfigMap are the `keys` in the secret fi
220
171
* **Client Secret**: The `key` representing the client secret in the K8s secret. For example, `clientSecret`.
221
172
* **URL**: The `key` representing the Git provider URL in the K8s secret. For example, `url`.
222
173
223
-
{:start="5"}
174
+
{:start="6"}
224
175
1. Click **Commit**.
225
176
The Commit Changes panel shows a summary of the settings and the final version of the YAML manifest in read-only mode.
226
177
@@ -234,7 +185,7 @@ The values for all the settings in the ConfigMap are the `keys` in the secret fi
234
185
max-width="50%"
235
186
%}
236
187
237
-
{:start="6"}
188
+
{:start="7"}
238
189
1. From the **Select Git Source** list, select the Git Source in which to store the manifest for the `ConfigMap` you are creating.
239
190
The list displays all the Git Sources created for the selected runtime.