| {{- if .Values.openproject.oidc.enabled }} |
| --- |
| apiVersion: "v1" |
| kind: "Secret" |
| metadata: |
| name: "{{ include "common.names.fullname" . }}-oidc" |
| labels: |
| {{- include "common.labels.standard" . | nindent 4 }} |
| stringData: |
| # OpenID Connect settings |
| {{ $oidc_prefix := printf "OPENPROJECT_OPENID__CONNECT_%s" (upper .Values.openproject.oidc.provider) }} |
| {{ $oidc_prefix }}_DISPLAY__NAME: {{ .Values.openproject.oidc.displayName | quote }} |
| {{ $oidc_prefix }}_HOST: {{ .Values.openproject.oidc.host | quote }} |
| {{/* Fall back to '_' as secret name if the name is not given. This way `lookup` will return null (since secrets with this name will and cannot exist) which it doesn't with an empty string. */}} |
| {{ $secret := (lookup "v1" "Secret" .Release.Namespace (default "_" .Values.openproject.oidc.existingSecret)) | default (dict "data" dict) -}} |
| {{ $oidc_prefix }}_IDENTIFIER: {{ |
| default .Values.openproject.oidc.identifier (get $secret.data .Values.openproject.oidc.secretKeys.identifier | b64dec) | quote |
| }} |
| {{ $oidc_prefix }}_SECRET: {{ |
| default .Values.openproject.oidc.secret (get $secret.data .Values.openproject.oidc.secretKeys.secret | b64dec) | quote |
| }} |
| {{ $oidc_prefix }}_AUTHORIZATION__ENDPOINT: {{ .Values.openproject.oidc.authorizationEndpoint | quote }} |
| {{ $oidc_prefix }}_TOKEN__ENDPOINT: {{ .Values.openproject.oidc.tokenEndpoint | quote }} |
| {{ $oidc_prefix }}_USERINFO__ENDPOINT: {{ .Values.openproject.oidc.userinfoEndpoint | quote }} |
| {{ $oidc_prefix }}_END__SESSION__ENDPOINT: {{ .Values.openproject.oidc.endSessionEndpoint | quote }} |
| {{ $oidc_prefix }}_SCOPE: {{ .Values.openproject.oidc.scope | quote }} |
| {{- range $key, $value := .Values.openproject.oidc.attribute_map }} |
| {{ $mapping_key := printf "%s_ATTRIBUTE__MAP_%s" $oidc_prefix (upper $key) }} |
| {{ $mapping_key }}: {{ $value | quote }} |
| {{- end }} |
| ... |
| {{- end }} |