Security refactoring documentation and example infinispan#122

galderz · Sep 5, 2019 · 98bd891 · 98bd891
1 parent ac2e5b7
commit 98bd891
Show file tree

Hide file tree

Showing 12 changed files with 30 additions and 41 deletions.
diff --git a/deploy/cr/connect_secret.yaml b/deploy/cr/connect_secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: connect-secret
+type: Opaque
+stringData:
+  identities.yaml: |-
+    credentials
+    - username: developer
+      password: changeme
diff --git a/deploy/cr/cr_minimal_with_auth.yaml b/deploy/cr/cr_minimal_with_auth.yaml
@@ -4,7 +4,5 @@ metadata:
   name: example-infinispan
 spec:
   replicas: 2
-  connector:
-    authentication:
-      type: Credentials
-      secretName: connect-secret
+  security:
+    endpointSecret: connect-secret
diff --git a/documentation/asciidoc/topics/cmd_examples/cat_connect_secret.adoc b/documentation/asciidoc/topics/cmd_examples/cat_connect_secret.adoc
@@ -5,6 +5,8 @@ metadata:
   name: connect-secret
 type: Opaque
 stringData:
-  username: developer
-  password: changeme
+  identities.yaml: |-
+    credentials
+    - username: developer
+      password: changeme
 EOF
diff --git a/documentation/asciidoc/topics/cmd_examples/cat_cr_auth.adoc b/documentation/asciidoc/topics/cmd_examples/cat_cr_auth.adoc
@@ -5,8 +5,6 @@ metadata:
   name: {example_crd_name}
 spec:
   replicas: 2
-  connector:
-    authentication:
-      type: Credentials
-      secretName: connect-secret
+  security:
+    endpointSecret: connect-secret
 EOF
diff --git a/documentation/asciidoc/topics/cmd_examples/oc_get_app_secret.adoc b/documentation/asciidoc/topics/cmd_examples/oc_get_app_secret.adoc
@@ -1,2 +1 @@
-$ oc get secret {example_crd_name}-app-generated-secret \
--n my_namespace -o jsonpath="{.data.password}" | base64 --decode
+$ oc get secret {example_crd_name}-generated-secret -n my_namespace
diff --git a/documentation/asciidoc/topics/cmd_examples/oc_get_app_secret_jp.adoc b/documentation/asciidoc/topics/cmd_examples/oc_get_app_secret_jp.adoc
@@ -1,7 +1,6 @@
-$ oc get secret {example_crd_name}-app-generated-secret \
--n my_namespace -o json | jq '.data | map_values(@base64d)'
+$ oc get secret {example_crd_name}-generated-secret \
+-n my_namespace -o jsonpath="{.data.identities\.yaml}" | base64 -D
 
-{
-  "password": "tUElqbfoJmT,NJVN",
-  "username": "developer"
-}
+credentials:
+- username: developer
+  password: dIRs5cAAsHIeeRIL
diff --git a/documentation/asciidoc/topics/cmd_examples/oc_logs_clusterview.adoc b/documentation/asciidoc/topics/cmd_examples/oc_logs_clusterview.adoc
@@ -1,9 +1,9 @@
 $ oc logs {example_crd_name}-0 | grep ISPN000094
 
 INFO  [org.infinispan.CLUSTER] (MSC service thread 1-2) \
-ISPN000094: Received new cluster view for channel cluster: \
+ISPN000094: Received new cluster view for channel infinispan: \
 [{example_crd_name}-0|0] (1) [{example_crd_name}-0]
 
 INFO  [org.infinispan.CLUSTER] (jgroups-3,{example_crd_name-0) \
-ISPN000094: Received new cluster view for channel cluster: \
+ISPN000094: Received new cluster view for channel infinispan: \
 [{example_crd_name}-0|1] (2) [{example_crd_name}-0, {example_crd_name}-1]
diff --git a/documentation/asciidoc/topics/cmd_examples/oc_logs_grep_dns_ping.adoc b/documentation/asciidoc/topics/cmd_examples/oc_logs_grep_dns_ping.adoc
diff --git a/documentation/asciidoc/topics/cmd_examples/oc_logs_grep_kube_ping.adoc b/documentation/asciidoc/topics/cmd_examples/oc_logs_grep_kube_ping.adoc
diff --git a/documentation/asciidoc/topics/proc_create_cluster_auth.adoc b/documentation/asciidoc/topics/proc_create_cluster_auth.adoc
@@ -14,7 +14,7 @@ include::cmd_examples/cat_connect_secret.adoc[]
 The secret must:
 +
 * Be `type: Opaque`.
-* Have `username` and `password` fields.
+* `identities.yaml` field containing a YAML-formatted list of application user credentials.
 +
 [IMPORTANT]
 ====
@@ -39,7 +39,7 @@ include::cmd_examples/cat_cr_auth.adoc[]
 ----
 +
 * `replicas` specifies the number of nodes in the {brandname} cluster.
-* `connector` configures how users connect to {brandname} nodes to store and retrieve data.
+* `security.endpointSecret` configures how users connect to {brandname} nodes to store and retrieve data.
 +
 endif::productized[]
 . Apply the custom resource `yaml`.

diff --git a/documentation/asciidoc/topics/proc_get_cluster_credentials.adoc b/documentation/asciidoc/topics/proc_get_cluster_credentials.adoc
@@ -6,13 +6,11 @@ If you do not create secrets and credentials when you create clusters, the {ispn
 
 Default usernames::
 +
-* Management user is `admin`.
 * Application user is `developer`.
 
 Default credentials secrets::
 +
-* `{example_crd_name}-mgmt-generated-secret` contains credentials for the management user.
-* `{example_crd_name}-app-generated-secret` contains credentials for the application user.
+* `{example_crd_name}-generated-secret` contains credentials for the application user.
 
 .Procedure
 * Get the credentials from the secret. For example, to get the password for the application user from the default secret:
@@ -24,7 +22,7 @@ include::cmd_examples/oc_get_app_secret.adoc[]
 +
 [TIP]
 ====
-Use the `jp` JSON processor to retrieve credentials as follows:
+Retrieve credentials as follows:
 
 [source,options="nowrap",subs=attributes+]
 ----

diff --git a/documentation/asciidoc/topics/proc_verify_cluster.adoc b/documentation/asciidoc/topics/proc_verify_cluster.adoc
@@ -28,13 +28,6 @@ include::yaml_examples/cluster_view_message.yaml[]
 ----
 endif::productized[]
 ifdef::productized[]
-. Verify that the {brandname} nodes can discover each other, for example:
-+
-[source,options="nowrap",subs="attributes"]
-----
-include::cmd_examples/oc_logs_grep_dns_ping.adoc[]
-----
-+
 . Verify that the nodes have received a clustered view. Do either of the following:
 
 ** Retrieve the cluster view from the pod log files.