Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add allow_oauth_origin discussion to README.md #270

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

sean-horn
Copy link

Oauth between an external Builder and Automate appears to require allow_oauth_origin to be set properly.

Also included troubleshooting.

Signed-off-by: Sean Horn [email protected]

Oauth between an external Builder and Automate appears to require allow_oauth_origin to be set properly.

Also included troubleshooting.

Signed-off-by: Sean Horn <[email protected]>
@@ -95,6 +95,8 @@ To authenticate with Chef Automate, create a patch with the Chef Automate comman
```

1. Edit `bldr.env`:
* You must have version chef/automate-builder-api-proxy/0.1.0/20230111051525 or higher of builder-api-proxy, you can check by viewing the hab package storage area on your system
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If they are using builder-api-proxy via the automate wrapped chef/automate-builder-api-proxy then they are using an integrated automate bundled builder which should have the same origin domain as automate and should not suffer the cross-origin issue. This becomes an issue when using a separate standalone on-prem builder.

@@ -95,6 +95,8 @@ To authenticate with Chef Automate, create a patch with the Chef Automate comman
```

1. Edit `bldr.env`:
* You must have version chef/automate-builder-api-proxy/0.1.0/20230111051525 or higher of builder-api-proxy, you can check by viewing the hab package storage area on your system
* You must set the following setting. Replace AUTOMATE-FQDN with the FQDN of your Automate system: **allow_oauth_origin** should have the value https://AUTOMATE-FQDN/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the on-prem installer should automatically set ALLOW_OAUTH_ORIGIN if you are specifying chef-automate as the oauth provider. However if they simply update their builder-api-proxy package without running the installer then this is a good callout but we should b clear that it should be set under the [nginx] toml table in /hab/user/builder-api-proxy/config/user.toml. Also it needs to be uppercase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants