webbnh
commented
1 year ago
- The
axios.getcall in the express mirror server needs to either load certificates or disable validation. (The latter seems easier since it's only for local dev mode.)
I can make my peace with disabling the TLS validation, but you should know that you have another option when running out of a Git checkout: the required CA is available from ./server/pbenchinacan/etc/pki/tls/certs/pbench_CA.crt...if it's obvious how to access that file from the Axios context (I know basically nothing about Axios...).
- Login requires that the Keycloak be configured with the address of the dashboard code, which in this mode is
http://localhost:3000. We need to figure out how to get Keycloak and React on the same page here[...]
- We could hardcode the additional address (in three places) in setting up the Keycloak pbench client (valid redirect, valid post logout, web origins) unconditionally... ugly, and we don't want it for staging
- We could add another option to the functional test deployment to add them only for a
runlocal- We could just document how to do it manually ...
I'm OK with hardcoding the additional address. You won't see the ugliness once we commit it to code. 😁 Using localhost seems restrictive enough that I'm not worried about it in the general case; nevertheless, I don't think we'll be using the Keycloak Pbench Client for Staging, so I don't think that plays into it.
Adding more options to deployment, on the other hand, is unappealing to me. (And, I think requiring it to be configured manually is a Bad Idea™...that's gonna end up scripted (I hope), and so we might as well bake it in somewhere upstream.)
So, let's just add it to our canned Keycloak.
dbutenhof
PBENCH-1203
The shift to HTTPS and Keycloak has broken our dashboard local dev mode hack in two ways:
axios.getcall in the express mirror server needs to either load certificates or disable validation. This adds the CI private CA key.http://localhost:3000. This adds that redirect to the Keycloak configuration