AppManager: Format cue files
Change-Id: Ia37908797b0227ab3b66e0faab08dcc2379e5282
diff --git a/core/installer/values-tmpl/core-auth.cue b/core/installer/values-tmpl/core-auth.cue
index b3146f8..7765622 100644
--- a/core/installer/values-tmpl/core-auth.cue
+++ b/core/installer/values-tmpl/core-auth.cue
@@ -1,81 +1,81 @@
input: {
- network: #Network
+ network: #Network
subdomain: string
}
-name: "core-auth"
+name: "core-auth"
namespace: "core-auth"
_userSchema: ###"""
-{
- "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
- "$schema": "http://json-schema.org/draft-07/schema#",
- "title": "User",
- "type": "object",
- "properties": {
- "traits": {
+ {
+ "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "User",
"type": "object",
"properties": {
- "username": {
- "type": "string",
- "format": "username",
- "title": "Username",
- "minLength": 3,
- "ory.sh/kratos": {
- "credentials": {
- "password": {
- "identifier": true
+ "traits": {
+ "type": "object",
+ "properties": {
+ "username": {
+ "type": "string",
+ "format": "username",
+ "title": "Username",
+ "minLength": 3,
+ "ory.sh/kratos": {
+ "credentials": {
+ "password": {
+ "identifier": true
+ }
+ }
}
}
- }
+ },
+ "additionalProperties": false
}
- },
- "additionalProperties": false
+ }
}
- }
-}
-"""###
+ """###
out: {
images: {
kratos: {
repository: "oryd"
- name: "kratos"
- tag: "v1.1.0-distroless"
+ name: "kratos"
+ tag: "v1.1.0-distroless"
pullPolicy: "IfNotPresent"
}
hydra: {
repository: "oryd"
- name: "hydra"
- tag: "v2.2.0-distroless"
+ name: "hydra"
+ tag: "v2.2.0-distroless"
pullPolicy: "IfNotPresent"
}
ui: {
repository: "giolekva"
- name: "auth-ui"
- tag: "latest"
+ name: "auth-ui"
+ tag: "latest"
pullPolicy: "Always"
}
postgres: {
repository: "library"
- name: "postgres"
- tag: "15.3"
+ name: "postgres"
+ tag: "15.3"
pullPolicy: "IfNotPresent"
}
}
charts: {
auth: {
- kind: "GitRepository"
+ kind: "GitRepository"
address: "https://code.v1.dodo.cloud/helm-charts"
- branch: "main"
- path: "charts/auth"
+ branch: "main"
+ path: "charts/auth"
}
postgres: {
- kind: "GitRepository"
+ kind: "GitRepository"
address: "https://code.v1.dodo.cloud/helm-charts"
- branch: "main"
- path: "charts/postgresql"
+ branch: "main"
+ path: "charts/postgresql"
}
}
@@ -85,9 +85,9 @@
values: {
fullnameOverride: "postgres"
image: {
- registry: images.postgres.registry
+ registry: images.postgres.registry
repository: images.postgres.imageName
- tag: images.postgres.tag
+ tag: images.postgres.tag
pullPolicy: images.postgres.pullPolicy
}
service: {
@@ -113,7 +113,7 @@
fsGroup: 0
}
containerSecurityContext: {
- enabled: true
+ enabled: true
runAsUser: 0
}
}
@@ -127,7 +127,7 @@
auth: {
chart: charts.auth
dependsOn: [{
- name: "postgres"
+ name: "postgres"
namespace: release.namespace
}]
values: {
@@ -135,36 +135,36 @@
fullnameOverride: "kratos"
image: {
repository: images.kratos.fullName
- tag: images.kratos.tag
+ tag: images.kratos.tag
pullPolicy: images.kratos.pullPolicy
}
service: {
admin: {
enabled: true
- type: "ClusterIP"
- port: 80
- name: "http"
+ type: "ClusterIP"
+ port: 80
+ name: "http"
}
public: {
enabled: true
- type: "ClusterIP"
- port: 80
- name: "http"
+ type: "ClusterIP"
+ port: 80
+ name: "http"
}
}
ingress: {
admin: enabled: false
public: {
- enabled: true
+ enabled: true
className: input.network.ingressClass
annotations: {
"acme.cert-manager.io/http01-edit-in-place": "true"
- "cert-manager.io/cluster-issuer": input.network.certificateIssuer
+ "cert-manager.io/cluster-issuer": input.network.certificateIssuer
}
hosts: [{
host: "accounts.\(input.network.domain)"
paths: [{
- path: "/"
+ path: "/"
pathType: "Prefix"
}]
}]
@@ -187,18 +187,18 @@
}
config: {
version: "v0.7.1-alpha.1"
- dsn: "postgres://kratos:kratos@postgres.\(global.namespacePrefix)core-auth.svc:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4"
+ dsn: "postgres://kratos:kratos@postgres.\(global.namespacePrefix)core-auth.svc:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4"
serve: {
public: {
base_url: "https://accounts.\(input.network.domain)"
cors: {
- enabled: true
- debug: false
+ enabled: true
+ debug: false
allow_credentials: true
allowed_origins: [
"https://\(input.network.domain)",
"https://*.\(input.network.domain)",
- ]
+ ]
}
}
admin: {
@@ -222,7 +222,7 @@
ui_url: "https://accounts-ui.\(input.network.domain)/error"
}
settings: {
- ui_url: "https://accounts-ui.\(input.network.domain)/settings"
+ ui_url: "https://accounts-ui.\(input.network.domain)/settings"
privileged_session_max_age: "15m"
}
recovery: {
@@ -237,7 +237,7 @@
}
}
login: {
- ui_url: "https://accounts-ui.\(input.network.domain)/login"
+ ui_url: "https://accounts-ui.\(input.network.domain)/login"
lifespan: "10m"
after: {
password: {
@@ -247,7 +247,7 @@
}
registration: {
lifespan: "10m"
- ui_url: "https://accounts-ui.\(input.network.domain)/register"
+ ui_url: "https://accounts-ui.\(input.network.domain)/register"
after: {
password: {
hooks: [{
@@ -260,14 +260,14 @@
}
}
log: {
- level: "debug"
- format: "text"
+ level: "debug"
+ format: "text"
leak_sensitive_values: true
}
cookies: {
- path: "/"
+ path: "/"
same_site: "None"
- domain: input.network.domain
+ domain: input.network.domain
}
secrets: {
cookie: ["PLEASE-CHANGE-ME-I-AM-VERY-INSECURE"]
@@ -275,15 +275,15 @@
hashers: {
argon2: {
parallelism: 1
- memory: "128MB"
- iterations: 2
+ memory: "128MB"
+ iterations: 2
salt_length: 16
- key_length: 16
- }
+ key_length: 16
+ }
}
identity: {
schemas: [{
- id: "user"
+ id: "user"
url: "file:///etc/config/identity.schema.json"
}]
default_schema_id: "user"
@@ -303,36 +303,36 @@
fullnameOverride: "hydra"
image: {
repository: images.hydra.fullName
- tag: images.hydra.tag
+ tag: images.hydra.tag
pullPolicy: images.hydra.pullPolicy
}
service: {
admin: {
enabled: true
- type: "ClusterIP"
- port: 80
- name: "http"
+ type: "ClusterIP"
+ port: 80
+ name: "http"
}
public: {
enabled: true
- type: "ClusterIP"
- port: 80
- name: "http"
+ type: "ClusterIP"
+ port: 80
+ name: "http"
}
}
ingress: {
admin: enabled: false
public: {
- enabled: true
+ enabled: true
className: input.network.ingressClass
annotations: {
"acme.cert-manager.io/http01-edit-in-place": "true"
- "cert-manager.io/cluster-issuer": input.network.certificateIssuer
+ "cert-manager.io/cluster-issuer": input.network.certificateIssuer
}
hosts: [{
host: "hydra.\(input.network.domain)"
paths: [{
- path: "/"
+ path: "/"
pathType: "Prefix"
}]
}]
@@ -354,34 +354,34 @@
}
config: {
version: "v1.10.6"
- dsn: "postgres://hydra:hydra@postgres.\(global.namespacePrefix)core-auth.svc:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4"
+ dsn: "postgres://hydra:hydra@postgres.\(global.namespacePrefix)core-auth.svc:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4"
serve: {
cookies: {
same_site_mode: "None"
}
public: {
cors: {
- enabled: true
- debug: false
+ enabled: true
+ debug: false
allow_credentials: true
allowed_origins: [
"https://\(input.network.domain)",
- "https://*.\(input.network.domain)"
- ]
+ "https://*.\(input.network.domain)",
+ ]
}
}
admin: {
cors: {
allowed_origins: [
- "https://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
- ]
+ "https://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local",
+ ]
}
tls: {
allow_termination_from: [
"0.0.0.0/0",
"10.42.0.0/16",
"10.43.0.0/16",
- ]
+ ]
}
}
tls: {
@@ -389,7 +389,7 @@
"0.0.0.0/0",
"10.42.0.0/16",
"10.43.0.0/16",
- ]
+ ]
}
}
urls: {
@@ -398,8 +398,8 @@
issuer: "https://hydra.\(input.network.domain)"
}
consent: "https://accounts-ui.\(input.network.domain)/consent"
- login: "https://accounts-ui.\(input.network.domain)/login"
- logout: "https://accounts-ui.\(input.network.domain)/logout"
+ login: "https://accounts-ui.\(input.network.domain)/login"
+ logout: "https://accounts-ui.\(input.network.domain)/logout"
}
secrets: {
system: ["youReallyNeedToChangeThis"]
@@ -409,29 +409,29 @@
supported_types: [
"pairwise",
"public",
- ]
+ ]
pairwise: {
salt: "youReallyNeedToChangeThis"
}
}
}
log: {
- level: "trace"
+ level: "trace"
leak_sensitive_values: false
}
}
}
}
ui: {
- certificateIssuer: input.network.certificateIssuer
- ingressClassName: input.network.ingressClass
- domain: input.network.domain
- hydra: "hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
+ certificateIssuer: input.network.certificateIssuer
+ ingressClassName: input.network.ingressClass
+ domain: input.network.domain
+ hydra: "hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
enableRegistration: false
- defaultReturnTo: "https://launcher.\(global.domain)"
+ defaultReturnTo: "https://launcher.\(global.domain)"
image: {
repository: images.ui.fullName
- tag: images.ui.tag
+ tag: images.ui.tag
pullPolicy: images.ui.pullPolicy
}
}