diff --git a/src/.vitepress/routes/sidebar/admin.ts b/src/.vitepress/routes/sidebar/admin.ts index 910f9ce6..c96281bd 100644 --- a/src/.vitepress/routes/sidebar/admin.ts +++ b/src/.vitepress/routes/sidebar/admin.ts @@ -11,26 +11,26 @@ export const adminRoutes = [ text: 'Hub', collapsed: true, items: [ - {text: 'Realms', link: '/realms'}, - {text: 'Identity Providers', link: '/identity-providers'}, - {text: 'Robots', link: '/robots'}, - {text: 'Users', link: '/users'}, - {text: 'Roles', link: '/roles'}, - {text: 'Permissions', link: '/permissions'}, - {text: 'Nodes', link: '/node-management'}, - {text: 'Project Review', link: '/project-review'}, - {text: 'Analysis Review', link: '/analysis-review'}, + { text: 'Realms', link: '/realms' }, + { text: 'Identity Providers', link: '/identity-providers' }, + { text: 'Clients', link: '/clients' }, + { text: 'Users', link: '/users' }, + { text: 'Roles', link: '/roles' }, + { text: 'Permissions', link: '/permissions' }, + { text: 'Nodes', link: '/node-management' }, + { text: 'Project Review', link: '/project-review' }, + { text: 'Analysis Review', link: '/analysis-review' }, ] }, { text: 'Node', collapsed: true, items: [ - {text: 'Bucket Setup for Data Store', link: '/bucket-setup-for-data-store'}, - {text: 'Data Store Management', link: '/data-store-management'}, - {text: 'Analysis Execution', link: '/analysis-execution'}, - {text: 'Keycloak & Access Control', link: '/keycloak-access-control'}, - {text: 'Analysis Definition in k8s', link: '/analysis-definition'}, + { text: 'Bucket Setup for Data Store', link: '/bucket-setup-for-data-store' }, + { text: 'Data Store Management', link: '/data-store-management' }, + { text: 'Analysis Execution', link: '/analysis-execution' }, + { text: 'Keycloak & Access Control', link: '/keycloak-access-control' }, + { text: 'Analysis Definition in k8s', link: '/analysis-definition' }, ] }, ] diff --git a/src/getting-started/components.md b/src/getting-started/components.md index 04460e42..6e0d6dcf 100644 --- a/src/getting-started/components.md +++ b/src/getting-started/components.md @@ -34,7 +34,7 @@ Hub components/services are individual packages/services within one monorepo. | **RabbitMQ** | [rabbitmq/rabbitmq-server](https://github.com/rabbitmq/rabbitmq-server) | Starlark | | **Vault** | [hashicorp/vault](https://github.com/hashicorp/vault) | Go/JavaScript | -* `Authup` - Identity and Access Management (IAM) to manage users, roles, robots, permissions, ... +* `Authup` - Identity and Access Management (IAM) to manage users, roles, clients, permissions, ... * `Harbor` - Harbor is a docker registry to distribute images. In the context of the PrivateAim it is used for train distribution across multiple locations. * `RabbitMQ` - RabbitMQ is a message broker. It is used for the communication between microservices. * `Vault` - Vault is a secret storage service for managing and storing sensitive information. diff --git a/src/guide/admin/robots.md b/src/guide/admin/clients.md similarity index 57% rename from src/guide/admin/robots.md rename to src/guide/admin/clients.md index 69dd3c67..c1ffaf34 100644 --- a/src/guide/admin/robots.md +++ b/src/guide/admin/clients.md @@ -1,32 +1,32 @@ -# Robots +# Clients ::: info Notice In order to manage your identity-providers, nodes, ... you need to get an organization. Please contact us, such we can provide you a realm in which you can manage all your nodes, users and identity providers. For more details on realms click [here](/guide/admin/realms). ::: -Robots may be freely created and edited by the admin. They are pseudo-users, which are handled directly +Clients may be freely created and edited by the admin. They are pseudo-users, which are handled directly by the API, meaning that you will not be able to login in the central App with their credentials. -This allows for slightly faster automatized pipeline executions for the PHT's functions. +This allows for slightly faster automatized pipeline executions for the PHT's functions. -1. Within the admin area (top left), you need to select **Robots** within the left navigation. +1. Within the admin area (top left), you need to select **Clients** within the left navigation. [![image](/images/ui_images/hub_robots.png)](/images/ui_images/hub_robots.png) -2. **View** existing robots (Optional: Use the search bar at the top). -3. **See/Edit details** for each robot by clicking the blue triple-bar button on the right. - Doing so shows the general description of the robot. +2. **View** existing clients (Optional: Use the search bar at the top). +3. **See/Edit details** for each client by clicking the blue triple-bar button on the right. + Doing so shows the general description of the client. [![image](/images/ui_images/hub_robots_details.png)](/images/ui_images/hub_robots_details.png) You may also specify realms of other users if you wish to make it accessible for them.\ - You can furthermore specify the roles and associated permissions of the robot with the tabs on - top under its name to ensure it does not have any authorities beyond the ones necessary for its + You can furthermore specify the roles and associated permissions of the client with the tabs on + top under its name to ensure it does not have any authorities beyond the ones necessary for its functionalities. For this, roles describe a rough outline specifically targeted at the admin's own realm.\ [![image](/images/ui_images/hub_robots_roles.png)](/images/ui_images/hub_robots_roles.png)\ - If the robot is shared though, it is useful to declare the underlying permissions in + If the client is shared though, it is useful to declare the underlying permissions in order to ensure it is working in other realms as well (as the permissions of their roles may vary).\ [![image](/images/ui_images/hub_robots_permissions.png)](/images/ui_images/hub_robots_permissions.png)\ - Adding either roles or permissions to the robot is done by clicking the green plus-symbol on the right. - Vice-versa, roles and permissions can be removed from the robot by clicking the red trashcan-button there. -4. **Delete** robots by clicking the red thrash can button on the right. -5. **Add** robots by clicking the grey plus button on the left of the overview. For this, a name and description of the - robot have to be given. + Adding either roles or permissions to the client is done by clicking the green plus-symbol on the right. + Vice-versa, roles and permissions can be removed from the client by clicking the red trashcan-button there. +4. **Delete** clients by clicking the red thrash can button on the right. +5. **Add** clients by clicking the grey plus button on the left of the overview. For this, a name and description of the + client have to be given. [![image](/images/ui_images/hub_robots_add.png)](/images/ui_images/hub_robots_add.png) 6. **Refresh** this list anytime by clicking the black refresh button on the top right. diff --git a/src/guide/admin/index.md b/src/guide/admin/index.md index 87ff99a5..a20aea54 100644 --- a/src/guide/admin/index.md +++ b/src/guide/admin/index.md @@ -14,7 +14,7 @@ Administrators have the following tasks in FLAME, either in the central App or i local node setup: **`Hub`** -- [Realm-](/guide/admin/realms), [identity provider-](/guide/admin/identity-providers), [robot-](/guide/admin/robots), [user-](/guide/admin/users) & [role-management](/guide/admin/roles) +- [Realm-](/guide/admin/realms), [identity provider-](/guide/admin/identity-providers), [client-](/guide/admin/clients), [user-](/guide/admin/users) & [role-management](/guide/admin/roles) - [Viewing and assigning permissions](/guide/admin/permissions) - [Registering and managing the local node](/guide/admin/node-management) - [Reviewing proposals](/guide/admin/project-review) diff --git a/src/guide/admin/realms.md b/src/guide/admin/realms.md index b0b33e87..54b66c8f 100644 --- a/src/guide/admin/realms.md +++ b/src/guide/admin/realms.md @@ -1,7 +1,7 @@ # Realms Normal administrators can create realms freely after being assigned an initial realm. The developers of the [FLAME hub interface](https://privateaim.net) provide these. Please contact us, such we can provide you with a realm in which you can manage all your -identity providers, robots, users, roles, and nodes.\ +identity providers, clients, users, roles, and nodes.\ Realms are areas where those things are registered for one organization. You can access, view and manage all registered items by activating a realm.\ Usually, you should only have access to the initial realm assigned to you and all other realms you created afterward. @@ -17,5 +17,5 @@ Usually, you should only have access to the initial realm assigned to you and al [![image](/images/ui_images/hub_realms_add.png)](/images/ui_images/hub_realms_add.png) 6. **Refresh** this list anytime by clicking the black refresh button on the top right. 7. **Activate** another realm than your current one by clicking the blue check button on the right.\ -**Note:** This will change the contents in the "Identity Providers"-, "Robots"-, "Users"-, and "Roles"-tabs in the left +**Note:** This will change the contents in the "Identity Providers"-, "Clients"-, "Users"-, and "Roles"-tabs in the left sidebar to the ones associated with the selected realm. diff --git a/src/guide/deployment/node-installation.md b/src/guide/deployment/node-installation.md index 18534893..942bdac2 100644 --- a/src/guide/deployment/node-installation.md +++ b/src/guide/deployment/node-installation.md @@ -4,9 +4,9 @@ This section will provide instructions for deploying the FLAME node software on **These instructions assume that you have done the following:** -- [Node has been registered in the Hub UI](./node-registration#creating-a-node-in-the-hub) -- [Credentials for your node's robot were generated and saved](./node-registration#client-credentials) -- [A keypair was generated](./node-registration#crypto) and the private key was saved as `private_key.pem` +- [Node has been registered in the Hub UI](./node-registration#creating-a-node-in-the-hub) +- [Credentials for your node's client were generated and saved](./node-registration#client-credentials) +- [A keypair was generated](./node-registration#crypto) and the private key was saved as `private_key.pem` ## Requirements @@ -40,9 +40,9 @@ This label is required so that analysis pods can resolve internal service names Kubernetes distributions — including microk8s, kubeadm, EKS, GKE, AKS, and k3s — use this label by default. You can verify this with: - ```bash - kubectl get pods -n kube-system -l k8s-app=kube-dns - ``` + ```bash + kubectl get pods -n kube-system -l k8s-app=kube-dns + ``` If this returns no pods, your DNS provider uses a non-standard label and network policy enforcement for analysis pods will not work correctly.The following distributions have been tested for use with the Node software: @@ -51,6 +51,8 @@ will not work correctly.The following distributions have been tested for use wit - [minikube](https://minikube.sigs.k8s.io/docs/start/?arch=%2Fwindows%2Fx86-64%2Fstable%2F.exe+download) - [Kubernetes](https://kubernetes.io/docs/setup/) +The FLAME Node is designed to work with an NGINX Ingress Controller. Compatibility with other Ingress Controllers is not guaranteed. + #### Helm The FLAME Node software package is a compilation of multiple services working together which require several @@ -67,8 +69,13 @@ In order to deploy a node, you will need the following pieces of information fro 2. Client Secret (not hashed!) 3. Private Key -With this information, you can either edit the `values.yaml` file included with the FLAME Node helm chart or create -your own values template file to be used during deployment. Here is a minimal example of a values file: +With this information, you can provide the required Helm configuration values in two ways: + +If you are using the GitHub repository, a sample `values.yaml` file is included in the `charts/flame-node/` directory. It can be edited as needed. Alternatively, you may create a new `values.yaml` file. + +If you are installing via the Helm repository, you need to create your own `values.yaml` file (e.g. `my-values.yaml`). This file is not provided automatically and can be stored anywhere locally. It is passed to Helm using the `-f` option. + +Here is a minimal example of a `values.yaml` file: ```yaml expose: diff --git a/src/guide/deployment/node-registration.md b/src/guide/deployment/node-registration.md index 04c6141c..e5c0e7f5 100644 --- a/src/guide/deployment/node-registration.md +++ b/src/guide/deployment/node-registration.md @@ -35,7 +35,7 @@ node. ## Credentials for Deployment -Once the node is created, admins can access the "Robot" and "Crypto" tabs which contain needed credentials and keys +Once the node is created, admins can access the "Crypto" and "Client" tabs which contain needed credentials and keys for deploying the node software on their server. ### Crypto @@ -44,7 +44,7 @@ To encrypt data that needs to be sent between different nodes, each node needs a to encrypt/decrypt the information. The "Crypto" tab allows the admin to generate a crytopgraphic key pair for this purpose. -![Hub Crypto](/images/ui_images/hub_crypto.png) +![Hub Crypto](/images/ui_images/hub_node_crypto.png) Navigate to the "Crypto" tab and click on the "Generate" button at the bottom of the window. A public and private key pair will be generated. The user should copy the contents of the "PrivateKey" section to a **local file and save it**. We will need this key during installation and will no longer be accessible in your browser after you navigate away from the Crypto tab. @@ -64,11 +64,10 @@ key used during deployment will not be from the same pair. This page contains two pieces of information required for the deploying the FLAME Node: the client ID and secret. Because the secret was automatically created when the node was registered and then hashed, we need to generate a new -one. Click the "generate" button below the secret text field to create a new secret and copy this string somewhere -for later. Then click "update" and you will see a green text box appear indicating that the client secret +one. Click the regenerate icon (two circular arrows) next to the secret text field to generate a new secret. Be sure to copy and save the generated string for future use. Then click "update" and you will see a green text box appear indicating that the client secret for this node was successfully updated. -[![Getting Client Credentials](/images/ui_images/hub_node_robot_credentials.png)](/images/ui_images/hub_node_robot_credentials.png) +[![Getting Client Credentials](/images/ui_images/hub_client.png)](/images/ui_images/hub_client.png) ::: warning Don't Copy the Hashed Secret! If you see "hashed" next to the word secret above the text field, this means the value in the box below is hashed and diff --git a/src/public/images/ui_images/hub_client.png b/src/public/images/ui_images/hub_client.png new file mode 100644 index 00000000..250ffcb3 Binary files /dev/null and b/src/public/images/ui_images/hub_client.png differ diff --git a/src/public/images/ui_images/hub_node_crypto.png b/src/public/images/ui_images/hub_node_crypto.png new file mode 100644 index 00000000..d1463e65 Binary files /dev/null and b/src/public/images/ui_images/hub_node_crypto.png differ