Closed marde16 closed 7 months ago
This script is for the playbook to disable anonymous access. Therefore, the everyone role is set to "no". We'll review the related documentation to more accurately describe anonymous access. Thanks for feedback.
The everyone roles are needed to display the login form. If you set everyone to no, no login is possible!
To disable anonymous access, you have to set reader to authenticated.
From documentation:
You want to set reader, do not touch Everyone!
It is important, that the role reader should be changed from Everyone to Authenticated, but the everyone role has to be Everyone, or Login breaks. Even OIDC will break, because the forward rules end in 404.
We have been using this playbook for internal deployments including OIDC that's why I'd like the documentation to be reviewed to understand more about the discrepancy between automation requirements and documentation.
Closing this per pervious comments, the documentation to be reviewed to understand more about the discrepancy between automation requirements and documentation
The playbook
connections-restrict-access.yml
modifies for role everyone the default mapping fromeveryone
toAll Authenticated in Application's Realm
The Connections documentation (https://help.hcltechsw.com/connections/v7/admin/admin/r_admin_common_user_roles.html) says about the Everyone role:
Therefore the setting for everyone should be
yes
and the allauth variables should be empty.https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/f23269a34de6c3233941cc1d76b3e395fcfeb899/roles/hcl/connections/set_all_auth_role/tasks/main.yml#L14-L31