MockIDP

MockIDP is used for testing and development so that you can run Pachyderm and experiment with permissions locally without having to set up an external identity provider.

warning icon Warning

Do not use mockIDP for clusters that will be deployed into production. If you do upgrade a cluster with mockIDP enabled, you must revoke the default mockIDP admin user by running the following command:

pachctl auth revoke --user kilgore@kilgore.trout

Before You Start

  • You must have Enterprise enabled on your cluster

How to Install Pachyderm with MockIDP Activated

  1. Run the following command with your Enterprise License Key provided to enable MockIDP:

    helm install pach pachyderm/pachyderm \
      --set deployTarget=LOCAL \
      --set proxy.enabled=true \
      --set proxy.service.type=LoadBalancer \
      --set pachd.enterpriseLicenseKey=<yourkey> \
      --set proxy.host=localhost \
      --set oidc.issuerURI=http://pachd:30658/dex \
      --set oidc.userAccessibleOauthIssuerHost=http://localhost/dex
  2. Connect:

    pachctl connect grpc://localhost:80
  3. Log in via the browser at localhost or via the CLI:

    pachctl auth login
    • user: admin
    • password: password
  4. Verify that you are logged in:

    pachctl auth whoami
    You are "user:kilgore@kilgore.trout"
     session expires: 21 Sep 23 18:07 UTC
  5. List your projects to view your permissions/access level:

    pachctl list projects
    ACTIVE PROJECT           ACCESS_LEVEL                 CREATED           DESCRIPTION
    default                 [clusterAdmin projectWriter]    3 days ago        -
    * batch-inference-1     [clusterAdmin projectOwner]     About an hour ago -

You can now test and develop locally with MockIDP and Console enabled.

Troubleshooting

Error: No Authentication Providers are Configured

If you are seeing the error no authentication providers are configured, it’s likely that you activated enterprise via pachCTL instead of having your license details in your values.yaml file.