You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: catch up on user-facing changes from the last week
Cover OIDC/Keycloak gateway authentication, compute driver auto-detection,
the new server `--drivers` and `--oidc-*` flags, and the Debian package
release artifacts that landed in the last seven days.
Co-authored-by: Cursor <cursoragent@cursor.com>
This stores the gateway with `auth_mode = plaintext`, skips mTLS certificate extraction, and does not open the browser login flow.
82
89
90
+
### OIDC
91
+
92
+
OIDC authentication validates a JSON Web Token bearer on every gRPC request against an external OpenID Connect provider. Use OIDC when you want centralized identity, role-based access control, or fine-grained scope enforcement on a shared gateway. The transport stays the same as the gateway's TLS configuration, so OIDC layers on top of mTLS, plaintext, or an edge-terminated TLS deployment.
93
+
94
+
Register an OIDC gateway by passing the issuer URL:
The CLI fetches `/auth/oidc-config` on the gateway to discover the audience and remaining OIDC parameters, then stores `auth_mode = oidc` in metadata. Pass `--oidc-client-id` and `--oidc-audience` when the audience differs from the client ID, which is common with Microsoft Entra ID:
The CLI runs Authorization Code with PKCE against the issuer, stores the resulting access and refresh tokens in `oidc_token.json` with `0600` permissions, and silently refreshes the access token on subsequent commands. If a refresh fails, run `openshell gateway login` again to re-authenticate.
117
+
118
+
For CI and other non-interactive environments, set `OPENSHELL_OIDC_CLIENT_SECRET` before running `openshell gateway login`. The CLI uses the Client Credentials grant instead of opening a browser.
119
+
120
+
#### Server-side validation
121
+
122
+
`openshell gateway start` exposes the matching server-side flags. The default values target Keycloak realms with `realm_access.roles`:
|`--oidc-client-id`|`openshell-cli`| Client ID stored in gateway metadata for CLI login. |
129
+
|`--oidc-roles-claim`|`realm_access.roles`| Dot-separated path to the roles claim in the JWT. |
130
+
|`--oidc-admin-role`|`openshell-admin`| Role required for admin operations like provider mutation and global policy updates. |
131
+
|`--oidc-user-role`|`openshell-user`| Role required for sandbox and read operations. |
132
+
|`--oidc-scopes-claim`| (none) | Claim path for scopes. Setting this enables fine-grained scope enforcement on top of roles. |
133
+
|`--oidc-scopes`| (none) | Scopes the CLI requests during login. Stored in gateway metadata. |
134
+
135
+
Setting both `--oidc-admin-role` and `--oidc-user-role` to empty strings switches the gateway into authentication-only mode. Any token the issuer signs for the configured audience is accepted, regardless of role claims. This mode supports providers that do not emit roles in their JWTs (such as GitHub Actions OIDC). Combine it with `--oidc-scopes-claim` and a narrow audience to reduce the blast radius of a leaked token.
136
+
137
+
#### Method classification
138
+
139
+
The gateway classifies every gRPC method into one of three groups:
140
+
141
+
-**Unauthenticated** — health probes and gRPC reflection accept requests without auth.
142
+
-**Sandbox-secret** — the sandbox supervisor uses the SSH handshake secret to fetch its policy, push logs, and resolve inference routes. The supervisor never holds an OIDC token.
143
+
-**Bearer or dual-auth** — CLI calls present `authorization: Bearer <jwt>`. The server validates the signature against the cached JWKS, checks `iss`, `aud`, and `exp`, then enforces the configured roles and scopes.
144
+
145
+
For full method-to-role mapping, scope definitions, JWKS caching, and provider-specific examples, refer to `architecture/oidc-auth.md` in the repository.
146
+
147
+
#### Logout
148
+
149
+
To remove the stored OIDC tokens for the active gateway, run:
150
+
151
+
```shell
152
+
openshell gateway logout
153
+
```
154
+
155
+
This deletes `oidc_token.json` but keeps the gateway registration. The next `openshell` command prompts for re-authentication.
156
+
83
157
## File Layout
84
158
85
159
All gateway credentials and metadata are stored under `~/.config/openshell/`:
@@ -95,5 +169,6 @@ openshell/
95
169
tls.crt # Client certificate
96
170
tls.key # Client private key
97
171
edge_token # Edge auth JWT (cloud gateways)
172
+
oidc_token.json # OIDC access and refresh tokens (oidc gateways)
These artifacts are attached to GitHub releases. `openshell gateway start` continues to use the published cluster and gateway container images.
33
33
34
+
## Debian Packages
35
+
36
+
OpenShell publishes Debian packages for Linux amd64 and arm64. Tagged releases attach `openshell_*.deb` artifacts to the GitHub release alongside the standalone binaries. The `dev` rolling tag carries the latest development build, which you can install with the `install-dev.sh` helper:
37
+
38
+
```shell
39
+
curl -fLsS https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install-dev.sh | sh
40
+
```
41
+
42
+
The package installs the CLI, gateway binary, and a `systemd` unit that runs the gateway as a service. Debian packaging is currently limited to Linux amd64 and arm64.
43
+
34
44
## Software Prerequisites
35
45
36
46
The following software must be installed on the host before using the OpenShell CLI:
Copy file name to clipboardExpand all lines: docs/sandboxes/manage-gateways.mdx
+9Lines changed: 9 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -163,8 +163,17 @@ openshell gateway info --name my-remote-cluster
163
163
|`--gpu`| Enable NVIDIA GPU passthrough. Requires NVIDIA drivers and the Container Toolkit on the host. OpenShell auto-selects CDI when enabled on the daemon and falls back to Docker's NVIDIA GPU request path (`--gpus all`) otherwise. |
164
164
| `--plaintext` | Listen on HTTP instead of mTLS. Use behind a TLS-terminating reverse proxy. |
165
165
| `--disable-gateway-auth` | Skip mTLS client certificate checks. Use when a reverse proxy cannot forward client certs. |
166
+
| `--drivers` | Compute driver to use for sandboxes. Accepts `kubernetes`, `podman`, `docker`, or `vm`. When unset, the gateway auto-detects in priority order: Kubernetes (when `KUBERNETES_SERVICE_HOST` is set), Podman, then Docker. The VM driver is never auto-detected and must be selected explicitly. |
166
167
| `--registry-username` | Username for registry authentication. Defaults to `__token__` when `--registry-token` is set. Only needed for private registries. Also configurable with `OPENSHELL_REGISTRY_USERNAME`. |
167
168
| `--registry-token` | Authentication token for pulling container images. For GHCR, a GitHub PAT with `read:packages` scope. Only needed for private registries. Also configurable with `OPENSHELL_REGISTRY_TOKEN`. |
169
+
| `--oidc-issuer` | OIDC issuer URL. Setting this enables JWT validation on the gateway. |
170
+
| `--oidc-audience` | Expected `aud` claim in validated JWTs. Defaults to `openshell-cli`. |
171
+
| `--oidc-roles-claim` | Dot-separated JWT claim path that holds the user's roles. Defaults to `realm_access.roles`. |
172
+
|`--oidc-admin-role`| Role required for admin operations such as provider mutation and global policy updates. Defaults to `openshell-admin`. |
173
+
|`--oidc-user-role`| Role required for sandbox and read operations. Defaults to `openshell-user`. |
174
+
|`--oidc-scopes-claim`| JWT claim path for scopes. Setting this layers fine-grained scope enforcement on top of roles. |
175
+
176
+
For the full OIDC configuration reference and provider-specific examples, refer to [Gateway Authentication](/reference/gateway-auth#oidc).
0 commit comments