From 9cf591fcde96e3647cb6c4c45d65c4044d0cc52e Mon Sep 17 00:00:00 2001 From: Csaky Date: Fri, 19 Apr 2024 13:53:35 -0700 Subject: [PATCH] rename Configuration.md --- docs/Authentication.md | 8 ++++---- docs/Buckets.md | 2 +- docs/{configuration.md => Config.md} | 0 docs/Hosted-Service-Onboarding.md | 2 +- docs/Hosting-Considerations.md | 4 ++-- docs/Metadata-Tag.md | 2 +- docs/Permissions.md | 2 +- docs/Self-Hosting-COMS.md | 4 ++-- mkdocs.yml | 2 +- 9 files changed, 13 insertions(+), 13 deletions(-) rename docs/{configuration.md => Config.md} (100%) diff --git a/docs/Authentication.md b/docs/Authentication.md index 347ea8f..6e7fe3b 100644 --- a/docs/Authentication.md +++ b/docs/Authentication.md @@ -1,10 +1,10 @@ -This page describes how to authenticate requests to the COMS API. The [Authentication Modes](Configuration.md#authentication-modes) must be enabled in the COMS configuration. +This page describes how to authenticate requests to the COMS API. The [Authentication Modes](Config.md#authentication-modes) must be enabled in the COMS configuration. **Note:** The BC Gov Hosted COMS service only allows OIDC Authentication using JWT's issued by the [Pathfinder SSO `standard` keycloak realm](https://github.com/bcgov/sso-keycloak/wiki#standard-service)). ## OIDC Authentication -With [OIDC mode](Configuration.md#oidc-keycloak) enabled, requests to the COMS API can be authenticated using a **User ID token** (JWT) issued by an OIDC authentication realm. The JWT should be added in an Authorization header (type `Bearer` token). +With [OIDC mode](Config.md#oidc-keycloak) enabled, requests to the COMS API can be authenticated using a **User ID token** (JWT) issued by an OIDC authentication realm. The JWT should be added in an Authorization header (type `Bearer` token). COMS will only accept JWT's issued by one OIDC realm (specified in the COMS config). JWT's are typically issued to an application and saved to a user's browser when he/she signs-in to a website through the [Authorization Code Flow](https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth). Both the website (client app) and the instance of COMS must be [configured to use the same OIDC authentication realm](https://github.com/bcgov/common-object-management-service/blob/master/app/README.md#keycloak-variables) in order for the JWT to be valid. @@ -31,7 +31,7 @@ COMS uses the redirect flow by default because it avoids unnecessary network hop ## Basic Auth -If [Basic Auth Mode](Configuration.md#basic-auth) is enabled in your COMS instance, requests to the COMS API can be authenticated using an HTTP Authorization header (type `Basic`) containing the username and password configured in COMS. +If [Basic Auth Mode](Config.md#basic-auth) is enabled in your COMS instance, requests to the COMS API can be authenticated using an HTTP Authorization header (type `Basic`) containing the username and password configured in COMS. This mode offers more direct access for a 'service account' authorized in the scope of the application rather than for a specific user and by-passes the COMS object/bucket permission model. @@ -39,4 +39,4 @@ Basic Auth mode is not available on the BC Gov hosted COMS service. ## Unauthenticated Mode -[Unauthenticated Mode](Configuration.md#unauthenticated-auth) configuration is generally recommended when you expect to run COMS in a highly secured network environment and do not have concerns about access control to objects as you have another application handling that already. +[Unauthenticated Mode](Config.md#unauthenticated-auth) configuration is generally recommended when you expect to run COMS in a highly secured network environment and do not have concerns about access control to objects as you have another application handling that already. diff --git a/docs/Buckets.md b/docs/Buckets.md index 875bf0a..d687c64 100644 --- a/docs/Buckets.md +++ b/docs/Buckets.md @@ -1,7 +1,7 @@ ### Configuring Buckets -- COMS is [configured with a 'default' bucket](Configuration.md#object-storage). Various object management endpoints will use this bucket if no `bucketId` parameter is provided. (**Note:** the default bucket fall-back behaviour is not available in the BC Gov Hosted COMS service.) +- COMS is [configured with a 'default' bucket](Config.md#object-storage). Various object management endpoints will use this bucket if no `bucketId` parameter is provided. (**Note:** the default bucket fall-back behaviour is not available in the BC Gov Hosted COMS service.) - Additional buckets can be added to the COMS system using the [createBucket](https://coms.api.gov.bc.ca/api/v1/docs#tag/Bucket/operation/createBucket) endpoint. diff --git a/docs/configuration.md b/docs/Config.md similarity index 100% rename from docs/configuration.md rename to docs/Config.md diff --git a/docs/Hosted-Service-Onboarding.md b/docs/Hosted-Service-Onboarding.md index 7b93dbe..66dc56a 100644 --- a/docs/Hosted-Service-Onboarding.md +++ b/docs/Hosted-Service-Onboarding.md @@ -19,7 +19,7 @@ Some important aspects of the hosted service to consider: ### Privacy Controls -- The stricter [Privacy Controls](Configuration.md#privacy-controls) setting is enabled in the Hosted service (requires `READ` permission on bucket or object to discover or access the file and related data). This removes the abiility to search for objects that you don't have permissions for. +- The stricter [Privacy Controls](Config.md#privacy-controls) setting is enabled in the Hosted service (requires `READ` permission on bucket or object to discover or access the file and related data). This removes the abiility to search for objects that you don't have permissions for. ### Additional features diff --git a/docs/Hosting-Considerations.md b/docs/Hosting-Considerations.md index 0cd4e8d..c3cb31a 100644 --- a/docs/Hosting-Considerations.md +++ b/docs/Hosting-Considerations.md @@ -11,6 +11,6 @@ Feature Comparison: |   Database Custodians |   Us |   You |   Object Storage Custodians |   You |   You |   Multi-bucket support | | -|   Strict [Privacy mode](Configuration.md#privacy-controls) | |   Configurable -|   [No-Auth mode](Configuration.md#unauthenticated)| |   Configurable +|   Strict [Privacy mode](Config.md#privacy-controls) | |   Configurable +|   [No-Auth mode](Config.md#unauthenticated)| |   Configurable |   Custom configuration options | | diff --git a/docs/Metadata-Tag.md b/docs/Metadata-Tag.md index ee02559..c785762 100644 --- a/docs/Metadata-Tag.md +++ b/docs/Metadata-Tag.md @@ -82,4 +82,4 @@ The search endpoint also allows you to search objects with a specific key withou These metadata and tag selectors can also be combined with other supported query parameters for [the search query endpoint](https://coms-dev.api.gov.bc.ca/api/v1/docs#tag/Object/operation/searchObjects). -Search results can also be scoped to a current user's permissions by enabling the COMS `PrivacyMask` [Privacy Configuration](Configuration#privacy-controls). +Search results can also be scoped to a current user's permissions by enabling the COMS `PrivacyMask` [Privacy Configuration](Config#privacy-controls). diff --git a/docs/Permissions.md b/docs/Permissions.md index 05332d5..ab56492 100644 --- a/docs/Permissions.md +++ b/docs/Permissions.md @@ -169,7 +169,7 @@ The above permission system will only be enforced if your instance of COMS is ru - Both `NOAUTH` and `BASICAUTH` modes will completely ignore permissions as they are not in scope of permission and security enforcement. This applies whether there is a backing database or not. - While running in `FULLAUTH` mode, if the client authenticates with a Basic authorization header, permissions are ignored as basic auth behaves as a system superuser and has "sudo" permissions to the COMS system. This applies whether there is a backing database or not. -For more specific information on COMS deployment modes and how they differ, please take a look at the COMS [Configuration guide](Configuration#authentication-modes). +For more specific information on COMS deployment modes and how they differ, please take a look at the COMS [Configuration guide](Config#authentication-modes). ## Invite Links diff --git a/docs/Self-Hosting-COMS.md b/docs/Self-Hosting-COMS.md index d8a0913..9f9c3c9 100644 --- a/docs/Self-Hosting-COMS.md +++ b/docs/Self-Hosting-COMS.md @@ -7,9 +7,9 @@ To compare with features with the BC Gov Hosted Service, see the [Hosting Consid - Your application uses a custom OIDC realm or has custom integration requirements with other IDPs. - You just need a user-friendly, REST-based S3 client 'wrapper'. - You can configure COMS to suit your needs: - - Refer to the different [Authentication Modes](Configuration#authentication-modes) + - Refer to the different [Authentication Modes](Config#authentication-modes) - Use the default S3 bucket to use for all operations - - Disable the strict [Privacy Controls](Configuration#privacy-controls) to make object metadata searchable + - Disable the strict [Privacy Controls](Config#privacy-controls) to make object metadata searchable - You want to modify COMS source code before running (it's a REST API built with NodeJS and Express) - You want to be the custodians of the COMS database that contains user permissions and document metadata diff --git a/mkdocs.yml b/mkdocs.yml index 754ba2a..896dc59 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -26,7 +26,7 @@ nav: - Overview: Architecture.md - Database: Architecture/#database-structure - Code Design: Architecture/#code-design - - Configuration Options: Configuration.md + - Configuration Options: Config.md - The Hosted Service: - Hosting Considerations: Hosting-Considerations.md - Hosted Service Architecture: Architecture-Hosted.md