Gitiles
Code Review Sign In
code.v1.dodo.cloud / helm-charts / 4ec4c0232ca1681e96dc0cd0f6e1de32c72e5ea0^! / . / charts / openproject / templates / secret_oidc.yaml
commit4ec4c0232ca1681e96dc0cd0f6e1de32c72e5ea0[log] [tgz]
authorGiorgi Lekveishvili <lekva@gl-mbp-m1-max.local>Sat Aug 17 15:09:24 2024 +0400
committerGiorgi Lekveishvili <lekva@gl-mbp-m1-max.local>Sat Aug 17 15:09:24 2024 +0400
treeb43c5f4e56145b66c2cbc4eb20fbc11b84eef105
parent924c61fd74046934228aa1fd58b88b3156cfdb29 [diff] [blame]
update

diff --git a/charts/openproject/templates/secret_oidc.yaml b/charts/openproject/templates/secret_oidc.yaml
new file mode 100644
index 0000000..03a16a8
--- /dev/null
+++ b/charts/openproject/templates/secret_oidc.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.openproject.oidc.enabled }}
+---
+apiVersion: "v1"
+kind: "Secret"
+metadata:
+  name: "{{ include "common.names.fullname" . }}-oidc"
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+stringData:
+  # OpenID Connect settings
+  {{ $oidc_prefix := printf "OPENPROJECT_OPENID__CONNECT_%s" (upper .Values.openproject.oidc.provider) }}
+  {{ $oidc_prefix }}_DISPLAY__NAME: {{ .Values.openproject.oidc.displayName | quote }}
+  {{ $oidc_prefix }}_HOST: {{ .Values.openproject.oidc.host | quote }}
+  {{/* Fall back to '_' as secret name if the name is not given. This way `lookup` will return null (since secrets with this name will and cannot exist) which it doesn't with an empty string. */}}
+  {{ $secret := (lookup "v1" "Secret" .Release.Namespace (default "_" .Values.openproject.oidc.existingSecret)) | default (dict "data" dict) -}}
+  {{ $oidc_prefix }}_IDENTIFIER: {{
+    default .Values.openproject.oidc.identifier (get $secret.data .Values.openproject.oidc.secretKeys.identifier | b64dec) | quote
+  }}
+  {{ $oidc_prefix }}_SECRET: {{
+    default .Values.openproject.oidc.secret (get $secret.data .Values.openproject.oidc.secretKeys.secret | b64dec) | quote
+  }}
+  {{ $oidc_prefix }}_AUTHORIZATION__ENDPOINT: {{ .Values.openproject.oidc.authorizationEndpoint | quote }}
+  {{ $oidc_prefix }}_TOKEN__ENDPOINT: {{ .Values.openproject.oidc.tokenEndpoint | quote }}
+  {{ $oidc_prefix }}_USERINFO__ENDPOINT: {{ .Values.openproject.oidc.userinfoEndpoint | quote }}
+  {{ $oidc_prefix }}_END__SESSION__ENDPOINT: {{ .Values.openproject.oidc.endSessionEndpoint | quote }}
+  {{ $oidc_prefix }}_SCOPE: {{ .Values.openproject.oidc.scope | quote }}
+  {{- range $key, $value := .Values.openproject.oidc.attribute_map }}
+  {{ $mapping_key := printf "%s_ATTRIBUTE__MAP_%s" $oidc_prefix (upper $key) }}
+  {{ $mapping_key }}: {{ $value | quote }}
+  {{- end }}
+...
+{{- end }}