Migrate from "Sources" to "Providers" (#518)

- Renames sources to providers
- Move CLI config migrations to one file
- Add secrets to dev config
- Update identity provider config loading to match secrets

README.md

@@ -39,7 +39,7 @@ This example configuration uses Okta and grants the "Everyone" group read-only a
 * Okta API token
 * Cluster name
 
-See [Okta](./docs/sources/okta.md) for detailed Okta configuration steps.
+See [Okta](./docs/providers/okta.md) for detailed Okta configuration steps.
 
 Cluster name is auto-discovered or can be set statically in Helm with `engine.name`.
 
@@ -49,13 +49,12 @@ Also see [secrets.md](./docs/secrets.md) for details on how secrets work.
 # example values.yaml
 ---
 config:
-  sources:
+  providers:
     - kind: okta
       domain: <Okta domain>
-      client-id: <Okta client ID>
-      client-secret: <secret kind>:<Okta client secret name>
-      okta:
-        api-token: <secret kind>:<Okta API token name>
+      clientID: <Okta client ID>
+      clientSecret: <secret kind>:<Okta client secret name>
+      apiToken: <secret kind>:<Okta API token name>
   groups:
     - name: Everyone
       roles:
@@ -162,10 +161,10 @@ See the [Infra CLI reference](./docs/cli.md) for more ways to use `infra`.
 
 ## Next Steps
 
-### Connect Additional Identity Sources
+### Connect Additional Identity Providers
 
-* [Sources](./docs/sources)
-  * [Okta](./docs/sources/okta.md)
+* [Providers](./docs/providers)
+  * [Okta](./docs/providers/okta.md)
 
 ### Connect Additional Infrastructure Destinations
 

docker-desktop.yaml.in

@@ -4,13 +4,15 @@ image:
   pullPolicy: Never
 
 config:
-  sources:
+  secrets:
+    - kind: kubernetes
+      namespace: infrahq
+  providers:
     - kind: okta
       domain: $OKTA_DOMAIN
-      client-id: $OKTA_CLIENT_ID
-      client-secret: $OKTA_SECRET/clientSecret
-      okta:
-        api-token: $OKTA_SECRET/apiToken
+      clientID: $OKTA_CLIENT_ID
+      clientSecret: kubernetes:$OKTA_SECRET/clientSecret
+      apiToken: kubernetes:$OKTA_SECRET/apiToken
 
 engine:
   name: docker-desktop

docs/configuration.md

@@ -15,9 +15,12 @@ First, create a `values.yaml`. If a `values.yaml` already exists, update it to i
 # values.yaml
 ---
 config:
-  sources: [...]
-  groups: [...]
-  users: [...]
+  providers:
+    [...]
+  groups:
+    [...]
+  users:
+    [...]
 ```
 
 See [Helm Chart reference](./helm.md) for a complete list of options configurable through Helm.
@@ -33,9 +36,12 @@ helm -n infrahq upgrade -f values.yaml infra infrahq/infra
 First, create a config file `infra.yaml`:
 
 ```
-sources: [...]
-groups: [...]
-users: [...]
+providers:
+  [...]
+groups:
+  [...]
+users:
+  [...]
 ```
 
 Then, apply it to Infra:
@@ -46,34 +52,34 @@ helm -n infrahq upgrade --set-file=config=infra.yaml infra infrahq/infra
 
 ## Reference
 
-### `sources`
+### `providers`
 
-List of identity sources used to synchronize users and groups.
+List of identity providers used to synchronize users and groups.
 
 | Parameter      | Description                                  |
 |----------------|----------------------------------------------|
-| `kind`         | Source type                                  |
-|                | Additional source-specific parameters        |
+| `kind`         | Provider type                                |
+|                | Additional provider-specific parameters      |
 
-See [Identity Sources](./sources/) for a full list of configurable values.
+See [Identity Providers](./providers/) for a full list of configurable values.
 
 ### `groups`
 
 List of groups to assign access.
 
-| Parameter      | Description                                  |
-|----------------|----------------------------------------------|
-| `name`         | Group name as stored in the identity source  |
-| `roles`        | Roles assigned to the user                   |
+| Parameter      | Description                                   |
+|----------------|-----------------------------------------------|
+| `name`         | Group name as stored in the identity provider |
+| `roles`        | Roles assigned to the user                    |
 
 ### `users`
 
 List of users to assign access.
 
-| Parameter      | Description                                  |
-|----------------|----------------------------------------------|
-| `email`        | User email as stored in the identity source  |
-| `roles`        | Roles assigned to the user                   |
+| Parameter      | Description                                   |
+|----------------|-----------------------------------------------|
+| `email`        | User email as stored in the identity provider |
+| `roles`        | Roles assigned to the user                    |
 
 ### `roles`
 
@@ -99,17 +105,16 @@ See [Infrastructure Destinations](./destinations/) for a full list of configurab
 ## Full Example
 
 ```yaml
-sources:
+providers:
   - kind: okta
     domain: acme.okta.com
-    client-id: 0oapn0qwiQPiMIyR35d6
-    client-secret: kubernetes:infra-okta/clientSecret
-    okta:
-      api-token: kubernetes:infra-okta/apiToken
+    clientID: 0oapn0qwiQPiMIyR35d6
+    clientSecret: kubernetes:infra-okta/clientSecret
+    apiToken: kubernetes:infra-okta/apiToken
 
 groups:
   - name: administrators
-    source: okta
+    provider: okta
     roles:
       - name: cluster-admin
         kind: cluster-role

docs/sources/okta.md → docs/providers/okta.md

@@ -1,27 +1,25 @@
-# Sources / Okta
+# Providers / Okta
 
-## Configure Okta Source
+## Configure Okta Provider
 
-| Parameter       | Field       | Description                  |
-|-----------------|-------------|-----------------------------|
-| `domain`        |             | Okta domain                 |
-| `client-id`     |             | Okta client ID              |
-| `client-secret` |             | Okta client secret          |
-| `okta`          |             | Okta specific configuration |
-| `okta`          | `api-token` | Okta API token              |
+| Parameter       | Description                 |
+|-----------------|-----------------------------|
+| `domain`        | Okta domain                 |
+| `clientID`      | Okta client ID              |
+| `clientSecret`  | Okta client secret          |
+| `apiToken`      | Okta API token              |
 
-## Connect an Okta Source
+## Connect an Okta Provider
 
-This guide will walk you through the process of setting up Okta as an identity provider for Infra. At the end of this process you will have updated your Infra configuration with an Okta source that looks something like this:
+This guide will walk you through the process of setting up Okta as an identity provider for Infra. At the end of this process you will have updated your Infra configuration with an Okta provider that looks something like this:
 
 ```
-sources:
+providers:
   - kind: okta
     domain: acme.okta.com
-    client-id: 0oapn0qwiQPiMIyR35d6
-    client-secret: kubernetes:infra-okta/clientSecret
-    okta:
-      api-token: kubernetes:infra-okta/apiToken
+    clientID: 0oapn0qwiQPiMIyR35d6
+    clientSecret: kubernetes:infra-okta/clientSecret
+    apiToken: kubernetes:infra-okta/apiToken
 ```
 
 ## Create an Okta App
@@ -67,18 +65,17 @@ see [secrets.md](../secrets.md) for further details.
 
 ## Add Okta Information to Infra Configuration
 
-Edit your [Infra configuration](./configuration.md) (e.g. `infra.yaml`) to include an Okta source:
+Edit your [Infra configuration](./configuration.md) (e.g. `infra.yaml`) to include an Okta provider:
 
 ```yaml
 # infra.yaml
 ---
-sources:
+providers:
   - kind: okta
     domain: example.okta.com
-    client-id: 0oapn0qwiQPiMIyR35d6
-    client-secret: kubernetes:infra-okta/clientSecret  # <secret kind>:<secret name>
-    okta:
-      api-token: kubernetes:infra-okta/apiToken
+    clientID: 0oapn0qwiQPiMIyR35d6
+    clientSecret: kubernetes:infra-okta/clientSecret  # <secret kind>:<secret name>
+    apiToken: kubernetes:infra-okta/apiToken
 ```
 
 Then apply this config change:
@@ -93,13 +90,12 @@ Infra configuration can also be added to Helm values:
 # values.yaml
 ---
 config:
-  sources:
+  providers:
     - kind: okta
       domain: example.okta.com
-      client-id: 0oapn0qwiQPiMIyR35d6
-      client-secret: kubernetes:infra-okta/clientSecret  # <secret kind>:<secret name>
-      okta:
-        api-token: kubernetes:infra-okta/apiToken
+      clientID: 0oapn0qwiQPiMIyR35d6
+      clientSecret: kubernetes:infra-okta/clientSecret  # <secret kind>:<secret name>
+      apiToken: kubernetes:infra-okta/apiToken
 ```
 
 Then apply this config change:

helm/charts/infra/templates/NOTES.txt

@@ -28,7 +28,7 @@
 
   Next steps:
 
-    * Connect additional identity sources: https://github.com/infrahq/infra/blob/main/docs/sources/
+    * Connect additional identity providers: https://github.com/infrahq/infra/blob/main/docs/providers/
     * Connect additional infrastructure destinations: https://github.com/infrahq/infra/blob/main/docs/destinations/
 
 *************************************************

helm/charts/infra/templates/configmap.yaml

@@ -20,7 +20,7 @@ data:
 {{- $options := list "config-path" "db-file" "tls-cache" }}
 {{- $options = list "root-api-key" "engine-api-key" | concat $options }}
 {{- $options = list "enable-ui" "ui-proxy" | concat $options }}
-{{- $options = list "sources-sync-interval" "destinations-sync-interval" | concat $options }}
+{{- $options = list "providers-sync-interval" "destinations-sync-interval" | concat $options }}
 {{- $options = list "enable-telemetry" "enable-crash-reporting" | concat $options }}
 {{- range $options }}
   {{- if hasKey $.Values . }}