charts/openproject/templates/secret_oidc.yaml

{{- if .Values.openproject.oidc.enabled }}
---
apiVersion: "v1"
kind: "Secret"
metadata:
  name: "{{ include "common.names.fullname" . }}-oidc"
  labels:
    {{- include "common.labels.standard" . | nindent 4 }}
stringData:
  # OpenID Connect settings
  {{ $oidc_prefix := printf "OPENPROJECT_OPENID__CONNECT_%s" (upper .Values.openproject.oidc.provider) }}
  {{ $oidc_prefix }}_DISPLAY__NAME: {{ .Values.openproject.oidc.displayName | quote }}
  {{ $oidc_prefix }}_HOST: {{ .Values.openproject.oidc.host | quote }}
  {{/* Fall back to '_' as secret name if the name is not given. This way `lookup` will return null (since secrets with this name will and cannot exist) which it doesn't with an empty string. */}}
  {{ $secret := (lookup "v1" "Secret" .Release.Namespace (default "_" .Values.openproject.oidc.existingSecret)) | default (dict "data" dict) -}}
  {{ $oidc_prefix }}_IDENTIFIER: {{
    default .Values.openproject.oidc.identifier (get $secret.data .Values.openproject.oidc.secretKeys.identifier | b64dec) | quote
  }}
  {{ $oidc_prefix }}_SECRET: {{
    default .Values.openproject.oidc.secret (get $secret.data .Values.openproject.oidc.secretKeys.secret | b64dec) | quote
  }}
  {{ $oidc_prefix }}_AUTHORIZATION__ENDPOINT: {{ .Values.openproject.oidc.authorizationEndpoint | quote }}
  {{ $oidc_prefix }}_TOKEN__ENDPOINT: {{ .Values.openproject.oidc.tokenEndpoint | quote }}
  {{ $oidc_prefix }}_USERINFO__ENDPOINT: {{ .Values.openproject.oidc.userinfoEndpoint | quote }}
  {{ $oidc_prefix }}_END__SESSION__ENDPOINT: {{ .Values.openproject.oidc.endSessionEndpoint | quote }}
  {{ $oidc_prefix }}_SCOPE: {{ .Values.openproject.oidc.scope | quote }}
  {{- range $key, $value := .Values.openproject.oidc.attribute_map }}
  {{ $mapping_key := printf "%s_ATTRIBUTE__MAP_%s" $oidc_prefix (upper $key) }}
  {{ $mapping_key }}: {{ $value | quote }}
  {{- end }}
...
{{- end }}