Allow user to provide OIDC_CLIENT_ID and OIDC_CLIENT_SECRET
At the moment configuring all the services requires a lot of manual steps by the user. For the dockerized setup we're looking into automating this process a bit.
To configure oidc-setup right now the following steps would be necessary:
- Start the steering container and initialize the database (with the fixtures too)
- Create the rsa-key via the management-command
creatersakey
- Create the oidc-clients for tank and dashboard via the management-command
create_oidc_client
- Write the client-id and client-secret into the tank-configuration (or at the moment into the run.sh)
- Start the tank container and initialize the database
- Write the client-id into the dashboard-config
- Start dashboard container
Our aim is to provide all necessary configuration via environment-variables to the docker-containers. The current setup requires us to configure all the containers without the OIDC-variables, starting (and initializing) the steering container and only then configure the OIDC-variables for tank and dashboard. It would be preferable to provide those right from the start.
A solution to this could be to add the possibility, to provide the client-id and client-secret to create_oidc_client
and not generate them with the command. If the client-id is already taken (or invalid) the command should fail. This way we can set the variables in the docker-containers from the beginning and don't have to rewrite our config after the fact.
Would this be acceptable behavior for steering, or do the id and secret need to be auto-generated?