Add generic oauth options

This will allow us to use generic oauth using the helm chart more easily (this was already possible by using `envFromSecret`). Tested with oauth from Azure.

Add generic oauth options
da7fd2d8 · Kristinn Björgvin Árdal · 142a0526 · da7fd2d8 · da7fd2d8 · da7fd2d8
Unverified Commit da7fd2d8 authored Apr 14, 2020 by Kristinn Björgvin Árdal
Showing with 90 additions and 2 deletions

deployment.yaml charts/chronograf/templates/deployment.yaml +59 -0

secret.yaml charts/chronograf/templates/secret.yaml +14 -2

values.yaml charts/chronograf/values.yaml +17 -0

No files found.
--- a/charts/chronograf/templates/deployment.yaml
+++ b/charts/chronograf/templates/deployment.yaml
@@ -32,6 +32,15 @@ spec:
            secretKeyRef:
              name: {{ template "chronograf.fullname" . }}
              key: token_secret
+{{- if .Values.oauth.use_id_token }}
+        - name: USE_ID_TOKEN
+          value: "true"
+        - name: JWKS_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: jwks_url
+{{- end }}
 {{- if .Values.oauth.github.enabled }}
        - name: GH_CLIENT_ID
          valueFrom:
@@ -88,6 +97,56 @@ spec:
              name: {{ template "chronograf.fullname" . }}
              key: go_public_url
 {{- end }}
+{{- if .Values.oauth.generic.enabled }}
+{{- if .Values.oauth.generic.name }}
+        - name: GENERIC_NAME
+          value: {{ quote .Values.oauth.generic.name }}
+{{- end }}
+{{- if .Values.oauth.generic.domains }}
+        - name: GENERIC_DOMAINS
+          value: {{ quote .Values.oauth.generic.domains }}
+{{- end }}
+        - name: GENERIC_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_client_id
+        - name: GENERIC_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_client_secret
+        - name: GENERIC_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_api_key
+        - name: GENERIC_SCOPES
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_scopes
+        - name: PUBLIC_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_public_url
+        - name: GENERIC_AUTH_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_auth_url
+        - name: GENERIC_TOKEN_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_token_url
+        - name: GENERIC_API_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "chronograf.fullname" . }}
+              key: gen_api_url
+{{- end }}
 {{- end }}
 {{- if .Values.envFromSecret }}
        envFrom:

--- a/charts/chronograf/templates/secret.yaml
+++ b/charts/chronograf/templates/secret.yaml
@@ -6,6 +6,9 @@ metadata:
 type: Opaque
 data:
  token_secret: {{ .Values.oauth.token_secret | b64enc | quote }}
+{{- if .Values.oauth.jwks_url }}
+  jwks_url: {{ .Values.oauth.jwks_url | b64enc | quote }}
+{{- end }}
 {{- if .Values.oauth.github.enabled }}
  gh_client_id: {{ .Values.oauth.github.client_id | b64enc | quote }}
  gh_client_secret: {{ .Values.oauth.github.client_secret | b64enc | quote }}
@@ -22,4 +25,14 @@ data:
  he_client_secret: {{ .Values.oauth.heroku.client_secret | b64enc | quote }}
  he_orgs: {{ .Values.oauth.heroku.heroku_orgs | b64enc | quote }}
 {{- end }}
-{{- end }}
\ No newline at end of file
+{{- if .Values.oauth.generic.enabled }}
+  gen_client_id: {{ .Values.oauth.generic.client_id | b64enc | quote }}
+  gen_client_secret: {{ .Values.oauth.generic.client_secret | b64enc | quote }}
+  gen_api_key: {{ .Values.oauth.generic.api_key | b64enc | quote }}
+  gen_scopes: {{ .Values.oauth.generic.scopes | b64enc | quote }}
+  gen_public_url: {{ .Values.oauth.generic.public_url | b64enc | quote }}
+  gen_auth_url: {{ .Values.oauth.generic.auth_url | b64enc | quote }}
+  gen_token_url: {{ .Values.oauth.generic.token_url | b64enc | quote }}
+  gen_api_url: {{ .Values.oauth.generic.api_url | b64enc | quote }}
+{{- end }}
+{{- end }}
--- a/charts/chronograf/values.yaml
+++ b/charts/chronograf/values.yaml
@@ -75,6 +75,9 @@ oauth:
  enabled: false
  # Used for JWT to support running multiple copies of Chronograf
  token_secret: CHANGE_ME
+  # Set if the OAuth provider implements oidc with RS256 signature
+  # use_id_token: true
+  # jwks_url: ""
  github:
    enabled: false
    client_id: CHANGE_ME
@@ -95,6 +98,20 @@ oauth:
    client_secret: CHANGE_ME
    # This is a comma separated list of Heroku organizations (OPTIONAL)
    he_orgs: ""
+  generic:
+    enabled: false
+    client_id: CHANGE_ME
+    client_secret: CHANGE_ME
+    api_key: ""
+    scopes: ""
+    # eg. http://chronograf.foobar.com
+    public_url: ""
+    auth_url: ""
+    token_url: ""
+    api_url: ""
+    # optional
+    # name: "generic"
+    # domains: ""

 ## Extra environment variables that will be passed onto deployment pods
 env: