Google login

In order to be able to take manual actions in Estafette you need to protect it with a login.

Configure Estafette

To log in to Estafette using Google login first set up the OAuth consent screen in one of your Google Cloud projects at https://console.cloud.google.com/apis/credentials/consent?project=<gcp project id>.

Once that's done you can go to https://console.cloud.google.com/apis/credentials?project=<gcp project id> and click Create credentials and select OAuth client ID. Fill in the form with the following values:

Register OAuth client ID

After creating the application you'll be able to see the Client ID and Client secret. Armed with these details you can update the values used by the Helm installation by updating your values.yaml values file:

api:
  ...
  config:
    files: |
      config.yaml: |
        apiServer:
          baseURL: 'https://<(private) host for the web gui>'
          integrationsHost: 'https://<public host to receive webhooks>'
        
        auth:
          google:
            clientID: '<google oauth client id>'
            clientSecret: '<google oauth client secret>'
            allowedIdentitiesRegex: '<regex to restrict domain for the email address of the user; for example .+@estafette\.io>'
          administrators:
          - [email protected]
          - [email protected]

or override the default config with environment variables like:

api:
  baseHost: '<(private) host for the web gui>'
  integrationsHost: '<public host to receive webhooks>'
  deployment:
    extraEnv:
    - name: ESCI_AUTH_GOOGLE_CLIENTID
      value: '<google oauth client id>'
    - name: ESCI_AUTH_GOOGLE_CLIENTSECRET
      value: '<google oauth client secret>'
    - name: ESCI_AUTH_GOOGLE_ALLOWEDIDENTITIESREGEX
      value: '<regex to restrict domain for the email address of the user; for example .+@estafette\.io>'
    - name: ESCI_AUTH_ADMINISTRATORS
      value: '<comma separate list of admin email addresses, for example [email protected],[email protected]>'

With this in place run

helm upgrade --install estafette-ci estafette/estafette-ci -n estafette-ci --create-namespace --timeout 600s --values values.yaml

Now when navigating to your base host you should be able to see a Google login button and use it to log in to your Estafette setup.