groups doc
This commit is contained in:
@@ -35,7 +35,8 @@ docker-compose -f docker-compose.yml up --build
|
||||
On kdoorpi override `KDOORPI_API_ALLOWED`, `KDOORPI_API_LONGPOLL` environment variables
|
||||
to redirect requests to your dev instance.
|
||||
|
||||
# Slack bot
|
||||
# Deployment
|
||||
## Slack credentials
|
||||
1. https://api.slack.com/apps → Create new app → From scratch
|
||||
1. Verification Token as `SLACK_VERIFICATION_TOKEN`
|
||||
1. App home → Bot user
|
||||
@@ -47,3 +48,6 @@ to redirect requests to your dev instance.
|
||||
<!-- `incoming-webhook` -->
|
||||
1. Add commands. Request URL `https://doorboy-proxy.k-space.ee/slack-open`
|
||||
1. Incoming Webhooks → assign to channel -> Webhook URL as `SLACK_DOORLOG_CALLBACK`
|
||||
|
||||
## OIDC groups
|
||||
Assumes `k-space:floor` and `k-space:workshop`, same in inventory-app.
|
||||
|
||||
@@ -21,8 +21,6 @@ monitor(app).expose_endpoint()
|
||||
DOORBOY_SECRET_FLOOR = os.environ["DOORBOY_SECRET_FLOOR"]
|
||||
# API key for godoor controllers authenticating to k-space:workshop
|
||||
DOORBOY_SECRET_WORKSHOP = os.environ["DOORBOY_SECRET_WORKSHOP"]
|
||||
FLOOR_ACCESS_GROUP = os.getenv("FLOOR_ACCESS_GROUP", "k-space:floor")
|
||||
WORKSHOP_ACCESS_GROUP = os.getenv("WORKSHOP_ACCESS_GROUP", "k-space:workshop")
|
||||
|
||||
MONGO_URI = os.environ["MONGO_URI"]
|
||||
|
||||
@@ -61,9 +59,9 @@ async def view_doorboy_uids(request):
|
||||
# authorize
|
||||
key = request.headers.get("KEY")
|
||||
if key == DOORBOY_SECRET_FLOOR:
|
||||
users = kube.users_with_group(FLOOR_ACCESS_GROUP)
|
||||
users = kube.users_with_group("k-space:floor")
|
||||
elif key == DOORBOY_SECRET_WORKSHOP:
|
||||
users = kube.users_with_group(WORKSHOP_ACCESS_GROUP)
|
||||
users = kube.users_with_group("k-space:workshop")
|
||||
else:
|
||||
print("WARN: unknown door token in /allowed")
|
||||
return "unknown doorboy secret token", 403
|
||||
|
||||
@@ -3,7 +3,7 @@ from typing import List, Tuple
|
||||
|
||||
from kubernetes import client, config
|
||||
|
||||
OIDC_USERS_NAMESPACE = os.getenv("OIDC_USERS_NAMESPACE")
|
||||
OIDC_USERS_NAMESPACE = os.environ["OIDC_USERS_NAMESPACE"]
|
||||
|
||||
|
||||
def users_with_group(group: str) -> List[str]:
|
||||
|
||||
@@ -21,10 +21,10 @@ services:
|
||||
|
||||
doorboy_proxy:
|
||||
environment:
|
||||
OIDC_USERS_NAMESPACE: passmower
|
||||
DOORBOY_SECRET_FLOOR: "0123456789"
|
||||
DOORBOY_SECRET_WORKSHOP: "9999999999"
|
||||
FLOOR_ACCESS_GROUP: "k-space:floor"
|
||||
WORKSHOP_ACCESS_GROUP: "k-space:workshop"
|
||||
SLACK_VERIFICATION_TOKEN: DEV
|
||||
SLACK_DOORLOG_CALLBACK: DEV
|
||||
SLACK_CHANNEL_ID: CDL9H8Q9W
|
||||
env_file: .env
|
||||
|
||||
Reference in New Issue
Block a user