Revert "Undo 18"

Author: desimone

README.md

@@ -8,7 +8,7 @@ Pomerium's documentation is built using [Docusaurus 2](https://docusaurus.io/).
 
 See [Contributing](https://pomerium.com/docs/community/contributing) for more information on contributing to this project.
 
-The steps below detail installation of this site locally for development.
+The steps below detail the installation of this site locally for development.
 
 ### Installation
 

content/docs/enterprise/external-data.mdx

@@ -0,0 +1,9 @@
+---
+title: External Data Sources
+sidebar_label: External Data
+description: Extend your authorization policies with data from external sources.
+---
+
+Pomerium Enterprise Console's external data feature allows you to collect data from sources other than your identity provider (**IdP**) to make context-aware policy decisions. Pomerium provides several data sources as examples, but we encourage you to create (and share with the community) your own integrations to expand your data-driven policies.
+
+See the pages in this section for more information on our example data sources, or learn how to create your own by reviewing our [datasource](https://github.com/pomerium/datasource) repository.

content/docs/enterprise/external-data/bamboohr.mdx

@@ -0,0 +1,132 @@
+---
+title: BambooHR
+description: Configure the BambooHR external data provider to extend your access policies.
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+The BambooHR integration provides integration with HR data such as group memberships, employment status, out of the office, location, etc.
+
+:::caution
+The external data sources we provide are meant to be examples and inspiration for users to create their own data sources. We won't maintain these integrations in perpituity, and changes to the APIs they interact with may break them in the future.
+
+The [datasource](https://github.com/pomerium/datasource) project is open-source, and if the community wishes to provide contributions to keep it working in the future, we will shepherd those updates.
+:::
+
+## Install
+
+1. Create new BambooHR API key by navigating to **Your profile** → **API Keys**, and adding a new API Key. 
+
+1. In order to correctly parse dates returned by BambooHR API you will need to provide a time zone - either an `UTC` or [IANA Time Zone] database name, i.e. `America/New_York`. 
+
+<Tabs>
+<TabItem value="compose" label="Docker Compose">
+
+These instructions assume a local testing environment using [Docker Compose]. Adjust as needed for your deployment environment.
+
+1. Add the datasource docker image to Docker Compose:
+
+  ```yaml showLineNumbers
+  version: "3"
+  services:
+    bamboohr:
+      image: docker.cloudsmith.io/pomerium/datasource/datasource:main
+      command:
+        - bamboohr
+        - --bamboohr-api-key=$YOUR_API_KEY
+        - --bamboohr-subdomain=$YOUR_BAMBOOHR_SUBDOMAIN
+        - --bamboohr-time-zone=America/New_York
+        - --address=:8080
+      container_name: bamboohr
+      restart: always
+      expose:
+        - 8080
+  ```
+
+1. Bring up the new container.
+
+</TabItem>
+<TabItem value="binary" label="Binary">
+
+These instructions assume a local testing environment. Adjust as needed for your deployment environment.
+
+1. Download the latest [release] of the [Pomerium datasource] project and extract it.
+
+1. Change directory and run the binary:
+
+  ```sh
+  cd pomerium-datasource-*
+  ./pomerium-datasource bamboohr --bamboohr-api-key=$YOUR_API_KEY --bamboohr-subdomian=$YOUR_BAMBOOHR_SUBDOMAIN --bamboohr-time-zone=America/New_York
+  ```
+
+  The output should resemble:
+
+  ```sh
+  {"level":"info","message":"ready"}
+  ```
+
+</TabItem>
+</Tabs>
+
+## Configure Configure External Data Source
+
+BambooHR data connector exposes two API endpoints: 
+
+- `/employees/all` returns all employees 
+- `/employees/available` returns employees that are not currently out of the office due to vacation or other leave reasons. 
+
+To create new external data record:
+
+1. In the Pomerium Enterprise Console, navigate to **CONFIGURE** → **External Data** and click **+ ADD EXTERNAL DATA SOURCE**.
+
+1. Fill out the following fields:
+
+  | Field       | Content                                    | Notes                                                                             |
+  | :---------- | :----------------------------------------- | :-------------------------------------------------------------------------------- |
+  | URL         | `http://bamboohr:8080/employees/available` | Adjust for the endpoint you'll write policies against.                            |
+  | Record type | `pomerium.io/BambooHRAvailable`            | As above, adjust to somethinglike pomerium.io/BambooHRAll for the other endpoint. |
+  | Foreign Key | `user.email`                               | Pomerium uses the users's email to associate IdP and Bamboo user entries.         |
+
+1. Click **SAVE EXTERNAL DATA SOURCE**.
+
+1. Define a new policy. The example policy below only allows access to the persons in the *Marketing* department and only when they are not on vacation.
+
+  <Tabs>
+  <TabItem value="builder" label="Builder">
+
+  ![Example BambooHR Policy in the Builder view](./img/bamboohr-policy.png)
+
+  </TabItem>
+  <TabItem value="editor" label="Editor">
+
+  ```yaml showLineNumbers
+  allow:
+    and:
+      - record:
+          field: department
+          is: Marketing
+          type: pomerium.io/BambooHRAvailable
+  ```
+
+  </TabItem>
+  </Tabs>
+
+## Reference
+
+The BambooHR data source provides the following record details; see [BambooHR Field Reference] for details.
+
+- `department`
+- `division`
+- `status`
+- `first_name`
+- `last_name`
+- `country`
+- `state`
+
+[datasource]: https://github.com/pomerium/pomerium
+[Docker Compose]: https://docs.docker.com/compose/
+[IANA Time Zone]: https://www.iana.org/time-zones
+[BambooHR Field Reference]: https://documentation.bamboohr.com/docs/list-of-field-names
+[release]: https://github.com/pomerium/datasource/releases
+[Pomerium datasource]: https://github.com/pomerium/datasource

content/docs/enterprise/external-data/geoip.mdx

@@ -0,0 +1,134 @@
+---
+title: GeoIP
+description: Configure the GeoIP external data provider to extend your access policies.
+---
+
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
+
+The GeoIP integration provides provides a list of IP address ranges and their country of origin. This data provider could allow an administrator to restrict, or allow access based on a users' known GeoIP fingerprint.
+
+```json title="Example"
+[
+  {
+    "$index": { "cidr": "1.0.0.0/24" },
+    "id": "1.0.0.0/24",
+    "country": "US",
+    "state": "",
+    "city": "",
+    "zip": "",
+    "timezone": ""
+  },
+  {
+    "$index": { "cidr": "1.0.1.0/24" },
+    "id": "1.0.1.0/24",
+    "country": "CN",
+    "state": "",
+    "city": "",
+    "zip": "",
+    "timezone": ""
+  }
+]
+```
+
+:::caution
+The external data sources we provide are meant to be examples and inspiration for users to create their own data sources. We won't maintain these integrations in perpituity, and changes to the APIs they interact with may break them in the future.
+
+The [datasource](https://github.com/pomerium/datasource) project is open-source, and if the community wishes to provide contributions to keep it working in the future, we will shepherd those updates.
+:::
+
+## Install
+
+<Tabs>
+<TabItem value="compose" label="Docker Compose">
+
+These instructions assume a local testing environment using [Docker Compose]. Adjust as needed for your deployment environment.
+
+1. Download the IP2Location CSV GeoIP database from [ip2location.com].
+2. Add the datasource docker image to Docker Compose:
+
+   ```yaml title="docker-compose.yaml"
+   services:
+     ip2location:
+       image: docker.cloudsmith.io/pomerium/datasource/datasource:main
+       container_name: ip2location
+       command:
+         - ip2location
+         - /var/ip2location.csv.zip
+       ports:
+         - 8080:8080
+       volumes:
+         - ${PWD}/IP2LOCATION-LITE-DB1.CSV.ZIP:/var/ip2location.csv.zip
+   ```
+
+3. Bring up the new container.
+
+</TabItem>
+<TabItem value="binary" label="Local Binary">
+
+1. Download the latest [release] of the [Pomerium datasource] project and extract it.
+2. Change directory and run the binary:
+
+   ```sh
+   cd pomerium-datasource-*
+   ./pomerium-datasource ip2location ../IP2LOCATION-LITE-DB1.CSV.ZIP
+   ```
+
+   The output should resemble:
+
+   ```sh
+   <nil> INF starting ip2location http server address=:8080 file=../IP2LOCATION-LITE-DB1.CSV.ZIP
+   ```
+
+</TabItem>
+</Tabs>
+
+## Configure External Data Source
+
+Create an external data source:
+
+1. In the Pomerium Enterprise Console, navigate to **CONFIGURE** → **External Data** and click **+ ADD EXTERNAL DATA SOURCE**.
+2. Fill out the following fields:
+   | Field | Content | Notes |
+   | :---------- | :-------------------- | :--------------------------------------------------------------------------------------------------- |
+   | URL | http://localhost:8080 | If you configured the service in Docker Compose with a set container name, you can use that instead. |
+   | Record type | pomerium.io/GeoIP | |
+   | Foreign Key | request.ip | |
+
+3. Click **SAVE EXTERNAL DATA SOURCE**.
+
+## Configure Pomerium Enterprise Console
+
+An example policy to restrict access to IP addresses within the United States would look something like this:
+
+<Tabs>
+<TabItem value="builder" label="Builder">
+
+![GeoIP Policy in the Builder view](./img/geoip-policy.png)
+
+</TabItem>
+<TabItem value="editor" label="Editor">
+
+```yaml showLineNumbers
+allow:
+  and:
+    - record:
+        field: country
+        is: US
+        type: pomerium.io/GeoIP
+```
+
+</TabItem>
+</Tabs>
+
+This policy looks at the `country`, and allows access only from IP addresses purportedly in the US.
+
+## Reference
+
+- The ip2location datasource expects one argument when running the binary, the path to the GeoIP database.
+- It has an optional flag `--address`, to change the listening port from the default `:8080`.
+
+[docker compose]: https://docs.docker.com/compose/
+[ip2location.com]: https://www.ip2location.com/
+[pomerium datasource]: https://github.com/pomerium/datasource
+[release]: https://github.com/pomerium/datasource/releases