The Legend Operators package the core FINOS Legend components for quick and easy deployment of a Legend stack.
This repository contains a Juju Charm for deploying a service which exposes a pre-existing GitLab endpoint for the other Legend components.
The full Legend solution can be installed with the dedicated Legend bundle.
The Legend Gitlab Integrator can be deployed by running:
$ juju deploy finos-legend-gitlab-integrator-k8s --channel=edgeThe standalone Integrator will initially be blocked, and will require being related to the Legend components for it be ready to be configured with GitLab Creds:
# Relate to the legend services:
$ juju relate finos-legend-gitlab-integrator-k8s finos-legend-sdlc-k8s
$ juju relate finos-legend-gitlab-integrator-k8s finos-legend-engine-k8s
$ juju relate finos-legend-gitlab-integrator-k8s finos-legend-studio-k8sPrerequisites:
- a private GitLab deployment configured to use HTTPS
- a personal access token for the GitLab
juju config finos-legend-gitlab-integrator-k8s \
gitlab-host=10.107.2.9 gitlab-port=443 access-token="CqVrcbHOMeU="Prerequisites:
- access to the portal of gitlab.com or the private GitLab
- application creation rights on said account
- login to Gitlab
- Go top-left to User Settings > Applications
- Create a new application with the following:
- Name: "Legend Demo"
- Confidential: yes
- Scopes: openid, profile, api
- Redirect URI: set it to http://localhost:8080/callback
- Save the Client ID and Secret for later
# NOTE: one may optionally add the following, else it defaults to gitlab.com:
# api-scheme=http gitlab-host=10.107.2.9 gitlab-port 443
juju config finos-legend-gitlab-integrator-k8s \
bypass-client-id=<cliend id> \
bypass-client-secret=<client secret>Once the finos-legend-gitlab-integrator-k8s becomes active:
user@ubuntu:~$ juju status | grep gitlab
finos-legend-gitlab-integrator-k8s/0* active idle 10.1.184.238
user@ubuntu:~$ juju run-action finos-legend-gitlab-integrator-k8s/0 get-redirect-uris
Action queued with id: "2"
user@ubuntu:~$ juju show-action-output 2
UnitId: finos-legend-gitlab-integrator-k8s/0
id: "2"
results:
result: |-
http://10.1.184.224:6060/api/callback
http://10.1.184.236:7070/api/auth/callback
http://10.1.184.236:7070/api/pac4j/login/callback
http://10.1.184.241:8080/studio/log.in/callback
status: completed
timing:
completed: 2021-09-27 18:50:39 +0000 UTC
enqueued: 2021-09-27 18:50:38 +0000 UTC
started: 2021-09-27 18:50:38 +0000 UTC- log back into your GitLab portal
- go to the application created previously
- edit the Redirect URI setting of the application
- paste the output of the
resultfield from thejuju show-action-outputcommand run previously
Due to intentional security-minded limitations in the GitLab APIs, the client ID and secret of existing applications cannot be queried programatically, and can only be known if creating an application on the spot.
In this sense, reusing GitLab applications upon redeploying the integrator will require taking one of the following options:
- reusing an existing GitLab application can be achieved by reconfiguring the
charm using the
bypass-client-idandbypass-client-secretconfiguration options with the client ID/secret which can be obtained from the GitLab Web user interface as described in section .B above. - manually deleting the application and having the integrator create a new one on the next run
- reconfiguring the integrator with the
application-nameconfig option to create a new application with a different name. Note that this does NOT clean up/replace the old app.
Visit Legend Contribution Guide to learn how to contribute to Legend.
Copyright (c) 2021-present, Canonical
Distributed under the Apache License, Version 2.0.
SPDX-License-Identifier: Apache-2.0