Merge pull request #65 from kristinnardal2/kristinnardal2/generic-oidc

charts/chronograf/Chart.yaml

 apiVersion: v1
 name: chronograf
-version: 1.1.12
+version: 1.1.13
 appVersion: 1.8.0
 description: Open-source web application written in Go and React.js that provides
   the tools to visualize your monitoring data and easily create alerting and automation

charts/chronograf/templates/deployment.yaml

@@ -32,6 +32,15 @@ spec:
             secretKeyRef:
               name: {{ template "chronograf.fullname" . }}
               key: token_secret
+{{- if .Values.oauth.use_id_token }}
+        - name: USE_ID_TOKEN
+          value: "true"
+        - name: JWKS_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: jwks_url
+{{- end }}
 {{- if .Values.oauth.github.enabled }}
         - name: GH_CLIENT_ID
           valueFrom:
@@ -88,6 +97,56 @@ spec:
               name: {{ template "chronograf.fullname" . }}
               key: go_public_url
 {{- end }}
+{{- if .Values.oauth.generic.enabled }}
+{{- if .Values.oauth.generic.name }}
+        - name: GENERIC_NAME
+          value: {{ quote .Values.oauth.generic.name }}
+{{- end }}
+{{- if .Values.oauth.generic.domains }}
+        - name: GENERIC_DOMAINS
+          value: {{ quote .Values.oauth.generic.domains }}
+{{- end }}
+        - name: GENERIC_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_client_id
+        - name: GENERIC_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_client_secret
+        - name: GENERIC_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_api_key
+        - name: GENERIC_SCOPES
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_scopes
+        - name: PUBLIC_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_public_url
+        - name: GENERIC_AUTH_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_auth_url
+        - name: GENERIC_TOKEN_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_token_url
+        - name: GENERIC_API_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_api_url
+{{- end }}
 {{- end }}
 {{- if .Values.envFromSecret }}
         envFrom:

charts/chronograf/templates/secret.yaml

@@ -6,6 +6,9 @@ metadata:
 type: Opaque
 data:
   token_secret: {{ .Values.oauth.token_secret | b64enc | quote }}
+{{- if .Values.oauth.jwks_url }}
+  jwks_url: {{ .Values.oauth.jwks_url | b64enc | quote }}
+{{- end }}
 {{- if .Values.oauth.github.enabled }}
   gh_client_id: {{ .Values.oauth.github.client_id | b64enc | quote }}
   gh_client_secret: {{ .Values.oauth.github.client_secret | b64enc | quote }}
@@ -22,4 +25,14 @@ data:
   he_client_secret: {{ .Values.oauth.heroku.client_secret | b64enc | quote }}
   he_orgs: {{ .Values.oauth.heroku.heroku_orgs | b64enc | quote }}
 {{- end }}
-{{- end }}
\ No newline at end of file
+{{- if .Values.oauth.generic.enabled }}
+  gen_client_id: {{ .Values.oauth.generic.client_id | b64enc | quote }}
+  gen_client_secret: {{ .Values.oauth.generic.client_secret | b64enc | quote }}
+  gen_api_key: {{ .Values.oauth.generic.api_key | b64enc | quote }}
+  gen_scopes: {{ .Values.oauth.generic.scopes | b64enc | quote }}
+  gen_public_url: {{ .Values.oauth.generic.public_url | b64enc | quote }}
+  gen_auth_url: {{ .Values.oauth.generic.auth_url | b64enc | quote }}
+  gen_token_url: {{ .Values.oauth.generic.token_url | b64enc | quote }}
+  gen_api_url: {{ .Values.oauth.generic.api_url | b64enc | quote }}
+{{- end }}
+{{- end }}

charts/chronograf/values.yaml

@@ -75,27 +75,44 @@ oauth:
   # Need to set to true to use any of the oauth options
   enabled: false
   # Used for JWT to support running multiple copies of Chronograf
-  token_secret: CHANGE_ME
+  # token_secret: CHANGE_ME
+  # Set if the OAuth provider implements oidc with RS256 signature
+  # use_id_token: true
+  # jwks_url: ""
   github:
     enabled: false
-    client_id: CHANGE_ME
-    client_secret: CHANGE_ME
+    # client_id: CHANGE_ME
+    # client_secret: CHANGE_ME
     # This is a comma separated list of GH organizations (OPTIONAL)
     gh_orgs: ""
   google:
     enabled: false
-    client_id: CHANGE_ME
-    client_secret: CHANGE_ME
+    # client_id: CHANGE_ME
+    # client_secret: CHANGE_ME
     # eg. http://chronograf.foobar.com
     public_url: ""
     # This is a comma separated list of Google Apps domains (OPTIONAL)
     domains: ""
   heroku:
     enabled: false
-    client_id: CHANGE_ME
-    client_secret: CHANGE_ME
+    # client_id: CHANGE_ME
+    # client_secret: CHANGE_ME
     # This is a comma separated list of Heroku organizations (OPTIONAL)
     he_orgs: ""
+  generic:
+    enabled: false
+    # client_id: CHANGE_ME
+    # client_secret: CHANGE_ME
+    api_key: ""
+    scopes: ""
+    # eg. http://chronograf.foobar.com
+    public_url: ""
+    auth_url: ""
+    token_url: ""
+    api_url: ""
+    # optional
+    # name: "generic"
+    # domains: ""
 
 ## Extra environment variables that will be passed onto deployment pods
 env: