groups doc

2025-08-08 05:40:45 +03:00
parent f5cfb3454a
commit cb1f84f60b
3 changed files with 7 additions and 7 deletions
--- a/README.md
+++ b/README.md
@@ -35,7 +35,8 @@ docker-compose -f docker-compose.yml up --build
 On kdoorpi override `KDOORPI_API_ALLOWED`, `KDOORPI_API_LONGPOLL` environment variables
 to redirect requests to your dev instance.

-# Slack bot
+# Deployment
+## Slack credentials
 1. https://api.slack.com/apps → Create new app → From scratch
 1. Verification Token as `SLACK_VERIFICATION_TOKEN`
 1. App home → Bot user
@@ -47,3 +48,6 @@ to redirect requests to your dev instance.
  <!-- `incoming-webhook` -->
 1. Add commands. Request URL `https://doorboy-proxy.k-space.ee/slack-open`
 1. Incoming Webhooks → assign to channel -> Webhook URL as `SLACK_DOORLOG_CALLBACK`
+
+## OIDC groups
+Assumes `k-space:floor` and `k-space:workshop`, same in inventory-app.
--- a/app/doorboy-proxy.py
+++ b/app/doorboy-proxy.py
@@ -21,8 +21,6 @@ monitor(app).expose_endpoint()
 DOORBOY_SECRET_FLOOR = os.environ["DOORBOY_SECRET_FLOOR"]
 # API key for godoor controllers authenticating to k-space:workshop
 DOORBOY_SECRET_WORKSHOP = os.environ["DOORBOY_SECRET_WORKSHOP"]
-FLOOR_ACCESS_GROUP = os.getenv("FLOOR_ACCESS_GROUP", "k-space:floor")
-WORKSHOP_ACCESS_GROUP = os.getenv("WORKSHOP_ACCESS_GROUP", "k-space:workshop")

 MONGO_URI = os.environ["MONGO_URI"]

@@ -61,9 +59,9 @@ async def view_doorboy_uids(request):
    # authorize
    key = request.headers.get("KEY")
    if key == DOORBOY_SECRET_FLOOR:
-        users = kube.users_with_group(FLOOR_ACCESS_GROUP)
+        users = kube.users_with_group("k-space:floor")
    elif key == DOORBOY_SECRET_WORKSHOP:
-        users = kube.users_with_group(WORKSHOP_ACCESS_GROUP)
+        users = kube.users_with_group("k-space:workshop")
    else:
        print("WARN: unknown door token in /allowed")
        return "unknown doorboy secret token", 403
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,8 +23,6 @@ services:
    environment:
      DOORBOY_SECRET_FLOOR: "0123456789"
      DOORBOY_SECRET_WORKSHOP: "9999999999"
-      FLOOR_ACCESS_GROUP: "k-space:floor"
-      WORKSHOP_ACCESS_GROUP: "k-space:workshop"
      SLACK_DOORLOG_CALLBACK: DEV
      SLACK_CHANNEL_ID: CDL9H8Q9W
    env_file: .env