Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / d542b734b96290e10786e3936af01b7e379b3814^! / . / core / installer / values-tmpl
commitd542b734b96290e10786e3936af01b7e379b3814[log] [tgz]
authorGiorgi Lekveishvili <giolekva@gmail.com>Mon Mar 25 18:17:39 2024 +0400
committerGitHub <noreply@github.com>Mon Mar 25 18:17:39 2024 +0400
tree7bcd7b68cff4005bcf29d795ebe3bab8502cf82d
parent942c76164eae4f82ea9cfcbe363fa57966c56331 [diff]
welcome: init group memberships for first create (#115)

* rename createAdminAccount to createAccount

* welcome: call memberships init on first user

* auth: add http endpoints to allowed return addresses

* memberships: make init user member of groups as well

---------

Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/core/installer/values-tmpl/core-auth.cue b/core/installer/values-tmpl/core-auth.cue
index 0e9f26f..391f127 100644
--- a/core/installer/values-tmpl/core-auth.cue
+++ b/core/installer/values-tmpl/core-auth.cue

@@ -230,6 +230,8 @@
 							allowed_return_urls: [
 								"https://*.\(global.domain)/",
 								"https://*.\(global.privateDomain)",
+								"http://*.\(global.domain)/", // TODO(gio): configure ingress nginx private to autoredirect
+								"http://*.\(global.privateDomain)",
 						    ]
 							methods: {
 								password: {

diff --git a/core/installer/values-tmpl/memberships.cue b/core/installer/values-tmpl/memberships.cue
index 898cffd..da70026 100644
--- a/core/installer/values-tmpl/memberships.cue
+++ b/core/installer/values-tmpl/memberships.cue

@@ -1,4 +1,6 @@
-input: {}
+input: {
+	authGroups: string
+}
 
 _subdomain: "memberships"
 _domain: "\(_subdomain).\(global.privateDomain)"
@@ -15,7 +17,7 @@
 	inp: {
 		auth: {
 			enabled: true
-			groups: "" // TODO(gio): set admin
+			groups: input.authGroups
 		}
 		network: networks.private
 		subdomain: _subdomain

diff --git a/core/installer/values-tmpl/welcome.cue b/core/installer/values-tmpl/welcome.cue
index 9ec17bc..f94a77f 100644
--- a/core/installer/values-tmpl/welcome.cue
+++ b/core/installer/values-tmpl/welcome.cue

@@ -5,8 +5,6 @@
 input: {
 	repoAddr: string
 	sshPrivateKey: string
-	createAccountAddr: string
-	loginAddr: string
 }
 
 name: "welcome"
@@ -40,6 +38,7 @@
 			sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
 			createAccountAddr: "http://api.\(global.namespacePrefix)core-auth.svc.cluster.local/identities"
 			loginAddr: "https://accounts-ui.\(global.domain)"
+			membershipsInitAddr: "http://memberships.\(global.namespacePrefix)core-auth-memberships.svc.cluster.local/api/init"
 			ingress: {
 				className: _ingressPublic
 				domain: "welcome.\(global.domain)"