Merge pull request #65 from kristinnardal2/kristinnardal2/generic-oidc

Kristinnardal2/generic oidc

Merge pull request #65 from kristinnardal2/kristinnardal2/generic-oidc
21c78bc2 · David McKay · GitHub · 6f68a67f · 599d5d95 · 21c78bc2
Unverified Commit 21c78bc2 authored May 21, 2020 by David McKay Committed by GitHub May 21, 2020
4 changed files
--- a/charts/chronograf/Chart.yaml
+++ b/charts/chronograf/Chart.yaml
 apiVersion: v1
 name: chronograf
-version: 1.1.12
+version: 1.1.13
 appVersion: 1.8.0
 description: Open-source web application written in Go and React.js that provides
  the tools to visualize your monitoring data and easily create alerting and automation

--- a/charts/chronograf/templates/deployment.yaml
+++ b/charts/chronograf/templates/deployment.yaml
@@ -32,6 +32,15 @@ spec:
            secretKeyRef:
              name: {{ template "chronograf.fullname" . }}
              key: token_secret
+{{- if .Values.oauth.use_id_token }}
+        - name: USE_ID_TOKEN
+          value: "true"
+        - name: JWKS_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: jwks_url
+{{- end }}
 {{- if .Values.oauth.github.enabled }}
        - name: GH_CLIENT_ID
          valueFrom:
@@ -88,6 +97,56 @@ spec:
              name: {{ template "chronograf.fullname" . }}
              key: go_public_url
 {{- end }}
+{{- if .Values.oauth.generic.enabled }}
+{{- if .Values.oauth.generic.name }}
+        - name: GENERIC_NAME
+          value: {{ quote .Values.oauth.generic.name }}
+{{- end }}
+{{- if .Values.oauth.generic.domains }}
+        - name: GENERIC_DOMAINS
+          value: {{ quote .Values.oauth.generic.domains }}
+{{- end }}
+        - name: GENERIC_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_client_id
+        - name: GENERIC_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_client_secret
+        - name: GENERIC_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_api_key
+        - name: GENERIC_SCOPES
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_scopes
+        - name: PUBLIC_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_public_url
+        - name: GENERIC_AUTH_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_auth_url
+        - name: GENERIC_TOKEN_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_token_url
+        - name: GENERIC_API_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_api_url
+{{- end }}
 {{- end }}
 {{- if .Values.envFromSecret }}
        envFrom:

--- a/charts/chronograf/templates/secret.yaml
+++ b/charts/chronograf/templates/secret.yaml
@@ -6,6 +6,9 @@ metadata:
 type: Opaque
 data:
  token_secret: {{ .Values.oauth.token_secret | b64enc | quote }}
+{{- if .Values.oauth.jwks_url }}
+  jwks_url: {{ .Values.oauth.jwks_url | b64enc | quote }}
+{{- end }}
 {{- if .Values.oauth.github.enabled }}
  gh_client_id: {{ .Values.oauth.github.client_id | b64enc | quote }}
  gh_client_secret: {{ .Values.oauth.github.client_secret | b64enc | quote }}
@@ -22,4 +25,14 @@ data:
  he_client_secret: {{ .Values.oauth.heroku.client_secret | b64enc | quote }}
  he_orgs: {{ .Values.oauth.heroku.heroku_orgs | b64enc | quote }}
 {{- end }}
+{{- if .Values.oauth.generic.enabled }}
+  gen_client_id: {{ .Values.oauth.generic.client_id | b64enc | quote }}
+  gen_client_secret: {{ .Values.oauth.generic.client_secret | b64enc | quote }}
+  gen_api_key: {{ .Values.oauth.generic.api_key | b64enc | quote }}
+  gen_scopes: {{ .Values.oauth.generic.scopes | b64enc | quote }}
+  gen_public_url: {{ .Values.oauth.generic.public_url | b64enc | quote }}
+  gen_auth_url: {{ .Values.oauth.generic.auth_url | b64enc | quote }}
+  gen_token_url: {{ .Values.oauth.generic.token_url | b64enc | quote }}
+  gen_api_url: {{ .Values.oauth.generic.api_url | b64enc | quote }}
+{{- end }}
 {{- end }}
--- a/charts/chronograf/values.yaml
+++ b/charts/chronograf/values.yaml
@@ -75,27 +75,44 @@ oauth:
  # Need to set to true to use any of the oauth options
  enabled: false
  # Used for JWT to support running multiple copies of Chronograf
-  token_secret: CHANGE_ME
+  # token_secret: CHANGE_ME
+  # Set if the OAuth provider implements oidc with RS256 signature
+  # use_id_token: true
+  # jwks_url: ""
  github:
    enabled: false
-    client_id: CHANGE_ME
+    # client_id: CHANGE_ME
-    client_secret: CHANGE_ME
+    # client_secret: CHANGE_ME
    # This is a comma separated list of GH organizations (OPTIONAL)
    gh_orgs: ""
  google:
    enabled: false
-    client_id: CHANGE_ME
+    # client_id: CHANGE_ME
-    client_secret: CHANGE_ME
+    # client_secret: CHANGE_ME
    # eg. http://chronograf.foobar.com
    public_url: ""
    # This is a comma separated list of Google Apps domains (OPTIONAL)
    domains: ""
  heroku:
    enabled: false
-    client_id: CHANGE_ME
+    # client_id: CHANGE_ME
-    client_secret: CHANGE_ME
+    # client_secret: CHANGE_ME
    # This is a comma separated list of Heroku organizations (OPTIONAL)
    he_orgs: ""
+  generic:
+    enabled: false
+    # client_id: CHANGE_ME
+    # client_secret: CHANGE_ME
+    api_key: ""
+    scopes: ""
+    # eg. http://chronograf.foobar.com
+    public_url: ""
+    auth_url: ""
+    token_url: ""
+    api_url: ""
+    # optional
+    # name: "generic"
+    # domains: ""
 ## Extra environment variables that will be passed onto deployment pods
 env: