ENTERPRISE: Role based access controls are available for Sensu Enterprise users only.

RBAC for GitLab (driver)

Reference Documentation

What is RBAC for GitLab?

The Sensu Enterprise Dashboard offers support for built-in Role Based Access Controls (RBAC), which depends on using some external source of truth for authentication. The Sensu Enterprise Dashboard RBAC for GitHub driver provides support for using GitLab for RBAC authentication.

RBAC for GitLab configuration

Example RBAC for GitLab definition

{
  "dashboard": {
    "host": "0.0.0.0",
    "port": 3000,
    "...": "",
    "gitlab": {
      "applicationId": "6141d36e5ea48103bc39bb3eb5eede8735f0dd8f9788d8b30255dbf4d218628f",
      "secret": "7d419a3b2f7b92edab30f963d7c0a4d1841f0dc46b4403b11146b4f1d5cb3a4e",
      "server": "https://gitlab.com",
      "redirecturl": "https://sensu.example.org/login/callback",
      "roles": [
        {
          "name": "guests",
          "members": [
            "myorganization/guests"
          ],
          "datacenters": [
            "us-west-1"
          ],
          "subscriptions": [
            "webserver"
          ],
          "readonly": true
        },
        {
          "name": "operators",
          "members": [
            "myorganization/operators"
          ],
          "datacenters": [],
          "subscriptions": [],
          "readonly": false
        }
      ]
    }
  }
}

RBAC for GitLab definition specification

gitlab attributes

applicationid
description
The GitLab OAuth Application “Application Id” NOTE: requires registration of an OAuth application in GitLab.
required
true
type
String
example
"applicationid": "6141d36e5ea48103bc39bb3eb5eede8735f0dd8f9788d8b30255dbf4d218628f"
secret
description
The GitLab OAuth Application “Secret” NOTE: requires registration of an OAuth application in GitLab.
required
true
type
String
example
"secret": "7d419a3b2f7b92edab30f963d7c0a4d1841f0dc46b4403b11146b4f1d5cb3a4e"
server
description
The location of the GitLab server you wish to authenticate against.
required
true
type
String
example
"server": "https://gitlab.com"`
redirecturl
description
The GitLab OAuth Application “Callback url” NOTE: requires registration of an OAuth application in GitLab.
required
true
type
String
example
"redirecturl": "https://sensu.example.org/login/callback"
roles
description
An array of roles definitions.
required
true
type
Array
example
"roles": [
  {
    "name": "guests",
    "members": [
      "guests"
    ],
    "datacenters": [
      "us-west-1"
    ],
    "subscriptions": [
      "webserver"
    ],
    "readonly": true
  },
  {
    "name": "operators",
    "members": [
      "operators"
    ],
    "datacenters": [],
    "subscriptions": [],
    "readonly": false
  }
]

roles attributes

Please see the RBAC definition specification for information on how to configure RBAC roles.

Register an OAuth Application in GitLab

To use GitLab for authentication requires registration of your Sensu Enterprise Dashboard as a GitLab “application”. Please note the following instructions:

  1. To register a GitLab OAuth application, please navigate to your GitLab profile section and selection “Applications” => “New application”.

  2. Give your application a name (e.g. “Sensu Enterprise Dashboard”)

  3. Provide the Authorization callback URL (e.g. {HOSTNAME}/login/callback)

    NOTE: this URL does not need to be publicly accessible - as long as a user has network access to both GitLab and the callback URL, s/he will be able to authenticate; for example, this will allow users to authenticate to a Sensu Enterprise Dashboard service running on a private network as long as the user has access to the network (e.g. locally or via VPN).

  4. Select “Submit” and note the application Application Id and Secret.

Start your FREE trial today.

Already using Sensu Core? Upgrade to Sensu Enterprise today to take advantage of its enterprise console, added-value features, built-in integrations, FREE annual training, and enterprise-class support.