-
Notifications
You must be signed in to change notification settings - Fork 9
/
env-template
71 lines (48 loc) · 2.07 KB
/
env-template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
### Bumblebee instance config
# Enable the use of OIDC with Keycloak
USE_OIDC=True
# OIDC claim that represents a users groups
OIDC_CLAIM_GROUPS_KEY=groups
# Restrict access based on OIDC claims. Empty implies no group restriction.
#OIDC_ALLOW_GROUPS=
# Friendly name for the current environment.
ENVIRONMENT_NAME=development
# Names/addresses under which Bumblebee is accessible. Comma-separated.
ALLOWED_HOSTS="*"
# Full URL to the entry point to Bumblebee.
# https SITE_URL assumes there is a proxy in front
SITE_URL=http://bumblebee:8080
### Bumblebee Guacamole integration config
# GUACAMOLE_URL_TEMPLATE uses three variables on templating:
# env=settings.ENVIRONMENT_NAME
# zone=self.boot_volume.zone.lower()
# path=guac_utils.get_connection_path(self.guac_connection)
# e.g. GUACAMOLE_URL_TEMPLATE=http://{env}-guacamole-{zone}.example.com/{path}
GUACAMOLE_URL_TEMPLATE=http://guacamole:9000/guacamole
### Bumblebee OpenID Connect integration config
OIDC_SERVER_URL=http://keycloak:8090/realms/bumblebee/protocol/openid-connect
OIDC_RP_CLIENT_ID=bumblebee
OIDC_RP_CLIENT_SECRET=00000000-0000-0000-0000-000000000000
# OIDC_RP_SCOPES should include a scope that serves the `roles` claim
# in the ID token, with an array of user's roles.
OIDC_RP_SCOPES=openid email roles
OIDC_OP_AUTHORIZATION_ENDPOINT=${OIDC_SERVER_URL}/auth
OIDC_OP_TOKEN_ENDPOINT=${OIDC_SERVER_URL}/token
OIDC_OP_USER_ENDPOINT=${OIDC_SERVER_URL}/userinfo
OIDC_OP_JWKS_ENDPOINT=${OIDC_SERVER_URL}/certs
### Guacamole OpenID Connect integration config
# Guacamole requires a non-confidential OIDC client with implicit flow enabled.
OPENID_AUTHORIZATION_ENDPOINT=${OIDC_SERVER_URL}/auth
OPENID_JWKS_ENDPOINT=${OIDC_SERVER_URL}/certs
OPENID_ISSUER=http://keycloak:8090/realms/bumblebee
OPENID_CLIENT_ID=guacamole
OPENID_REDIRECT_URI=http://guacamole:9000/guacamole
### Keycloak config
KEYCLOAK_FRONTEND_URL=http://keycloak:8090/
### Bumblebee OpenStack integration config
# You'll need to provide these for your cloud
OS_AUTH_URL=
OS_APPLICATION_CREDENTIAL_ID=
OS_APPLICATION_CREDENTIAL_SECRET=
OS_KEYNAME=
OS_SECGROUPS=