update readme

ibm-cloud-security · Jun 28, 2019 · bd82c54 · bd82c54
1 parent 6615838
commit bd82c54
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -12,7 +12,6 @@
 
 
 With the App Identity and Access Adapter for Istio Mixer, you can manage authentication and access management across your service mesh. The Adapter can be configured with any OIDC or OAuth 2.0 compliant identity provider, which enables it to seamlessly control authentication and authorization policies in many heterogeneous environments, including frontend and backend applications.
-{: shortdesc}
 
 
 ## Architecture
@@ -220,7 +219,7 @@ By default, logs are styled as JSON and provided at an `info` visbility level to
 To see the Adapter logs, you can use `kubectl` or access the pod from the `appidentityandaccessadapter` pod from the Kubernetes console.
 
 ```bash
-$ export adapter_logs=kubectl -n istio-system logs -f $(kubectl -n istio-system get pods -lapp=appidentityandaccessadapter -o jsonpath='{.items[0].metadata.name}')
+$ alias adapter_logs="kubectl -n istio-system logs -f $(kubectl -n istio-system get pods -lapp=appidentityandaccessadapter -o jsonpath='{.items[0].metadata.name}')"
 $ adapter_logs | jq
 ```
 
@@ -229,8 +228,8 @@ $ adapter_logs | jq
 If the Adapter does not appear to recieve requests, check the Mixer logs to ensure that it is successfully connected to the Adapter.
 
 ```bash
-$ export mixer_logs=kubectl -n istio-system logs -f $(kubectl -n istio-system get pods -lapp=telemetry -o jsonpath='{.items[0].metadata.name}') -c mixer
-$ mixer_logs
+$ alias mixer_logs="kubectl -n istio-system logs -f $(kubectl -n istio-system get pods -lapp=telemetry -o jsonpath='{.items[0].metadata.name}') -c mixer"
+$ mixer_logs | jq
 ```
 
 ## License

diff --git a/samples/crds/samplejwtconfig.yaml b/samples/crds/samplejwtconfig.yaml
@@ -1,7 +1,7 @@
 apiVersion: "security.cloud.ibm.com/v1"
 kind:       JwtConfig
 metadata:
-  name:      samplejwtconfig
+  name:      jwt-config
   namespace: sample-app
 spec:
-  jwksUrl: https://us-south.appid.cloud.ibm.com/oauth/v4/<<Tenant Id>>/publickeys
+  jwksUrl: https://us-south.appid.cloud.ibm.com/oauth/v4/<tenant-ID>/publickeys
diff --git a/samples/crds/sampleoidcconfig.yaml b/samples/crds/sampleoidcconfig.yaml
@@ -1,10 +1,10 @@
 apiVersion: "security.cloud.ibm.com/v1"
 kind:       OidcConfig
 metadata:
-  name:      sampleoidcconfig
+  name:      oidc-provider-config
   namespace: sample-app
 spec:
   authMethod:   client_secret_basic
-  clientId:     clientid
-  discoveryUrl: https://us-south.appid.cloud.ibm.com/oauth/v4/<<Tenant Id>>/.well-known/openid-configuration
-  clientSecret: clientSecret
+  discoveryUrl: https://us-south.appid.cloud.ibm.com/oauth/v4/<tenant-ID>/oidc-discovery/.well-known
+  clientId:     <client-id>
+  clientSecret: <client-secret>
diff --git a/samples/crds/sampleoidcconfigwithsecretref.yaml b/samples/crds/sampleoidcconfigwithsecretref.yaml
@@ -1,12 +1,12 @@
 apiVersion: "security.cloud.ibm.com/v1"
 kind:       OidcConfig
 metadata:
-  name:      sampleoidcconfigwithsecretref
+  name:      oidc-provider-config-with-secret-ref
   namespace: sample-app
 spec:
   authMethod:   client_secret_basic
-  clientId:     clientId
-  discoveryUrl: https://us-south.appid.cloud.ibm.com/oauth/v4/<<Tenant Id>>/.well-known/openid-configuration
+  discoveryUrl: https://us-south.appid.cloud.ibm.com/oauth/v4/<tenant-ID>/oidc-discovery/.well-known
+  clientId:     <client-id>
   clientSecretRef:
-    name:   oidcconfigsecret
-    key:    secret
+    name:  oidc-config-secret 	# <name-of-my-kube-secret>
+    key:   secret 				# <key-in-my-kube-secret>
diff --git a/samples/crds/samplepolicy.yaml b/samples/crds/samplepolicy.yaml
@@ -6,32 +6,30 @@ metadata:
 spec:
   targets:
     -
-      serviceName: svc-sample-app
+      serviceName: <svc-sample-app>
       paths:
         - exact: /web/home
           method: ALL
           policies:
             - policyType: oidc
-              config: sampleoidcconfig
+              config: <oidc-provider-config>
               rules:
                 - claim: scope
                   match: ALL
                   source: access_token
                   values:
-                    - appid_default
                     - openid
                 - claim: amr
                   match: ANY
                   source: id_token
                   values:
-                    - cloud_directory
                     - google
 
         - exact: /web/user
           method: GET
           policies:
             - policyType: oidc
-              config: sampleoidcconfigwithsecretref
+              config: <oidc-provider-config-with-secret-ref>
               redirectUri: https://github.com/ibm-cloud-security/app-identity-and-access-adapter
         - prefix: /
           method: ALL

diff --git a/samples/crds/secret.yaml b/samples/crds/secret.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: oidcconfigsecret
+  name: oidc-config-secret
   namespace: sample-app
 type: Opaque
 data:
-  secret: <<secret in base64 format>>
+  secret: c2VjcmV0 # <secret-in-base64-format>