From d1c58a2e7724c6c0ba47eff4215c7ce8193ae7cf Mon Sep 17 00:00:00 2001 From: Dunky13 Date: Mon, 1 Mar 2021 20:24:11 +0800 Subject: [PATCH] OAuth2 configuration options (#123) I opened up the OAuth2 authentication option. I needed this feature, and it is available in the gitea cli. So I opened it up for configuration through this pull request. Hope it can help others. Co-authored-by: Marc Went Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/123 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: Dunky13 Co-committed-by: Dunky13 --- README.md | 41 ++++++++++++++++++++++++++++++++ templates/_helpers.tpl | 8 +++++++ templates/gitea/init.yaml | 10 ++++++++ templates/gitea/statefulset.yaml | 1 + values.yaml | 13 ++++++++++ 5 files changed, 73 insertions(+) diff --git a/README.md b/README.md index 68aec54..c70e8ad 100644 --- a/README.md +++ b/README.md @@ -288,6 +288,47 @@ kebab-case: bind-password: JustAnotherBindPw username-attribute: CN ``` +### OAuth2 Settings + +Like the admin user the OAuth2 settings can be updated but also disabled or deleted. +All OAuth2 values from are available. +You can either use them in camel case or kebab case. + +camelCase: + +```yaml + gitea: + oauth: + enabled: true + name: 'MyAwesomeGiteaOAuth' + provider: 'openidConnect' + key: 'hello' + secret: 'world' + autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' + #useCustomUrls: + #customAuthUrl: + #customTokenUrl: + #customProfileUrl: + #customEmailUrl: +``` + +kebab-case: + +```yaml + gitea: + oauth: + enabled: true + name: 'MyAwesomeGiteaOAuth' + provider: 'openidConnect' + key: 'hello' + secret: 'world' + auto-discover-url: 'https://gitea.example.com/.well-known/openid-configuration' + #use-custom-urls: + #custom-auth-url: + #custom-token-url: + #custom-profile-url: + #custom-email-url: +``` ### Metrics and profiling diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 04fd352..1dae96d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -107,4 +107,12 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- end -}} {{- end -}} +{{- end -}} + +{{- define "gitea.oauth_settings" -}} +{{- range $key, $val := .Values.gitea.oauth -}} +{{- if ne $key "enabled" -}} +{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} +{{- end -}} +{{- end -}} {{- end -}} \ No newline at end of file diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index c76dfaf..4266de8 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -40,4 +40,14 @@ stringData: {{- include "gitea.ldap_settings" . | nindent 6 }} \ ) \ {{- end }} + {{- if .Values.gitea.oauth.enabled }} + gitea admin auth add-oauth \ + {{- include "gitea.oauth_settings" . | nindent 6 }} \ + || \ + ( \ + export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.oauth.name | quote }} | awk -F " " "{print \$1}"); \ + gitea admin auth update-oauth --id ${GITEA_AUTH_ID} \ + {{- include "gitea.oauth_settings" . | nindent 6 }} \ + ) \ + {{- end }} ' diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 1415da6..bfaba36 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -15,6 +15,7 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }} checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }} + checksum/oauth: {{ include "gitea.oauth_settings" . | sha256sum }} {{- with .Values.gitea.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/values.yaml b/values.yaml index 6739a27..64b3fe4 100644 --- a/values.yaml +++ b/values.yaml @@ -131,6 +131,19 @@ gitea: #usernameAttribute: #sshPublicKeyAttribute: + oauth: + enabled: false + #name: + #provider: + #key: + #secret: + #autoDiscoverUrl: + #useCustomUrls: + #customAuthUrl: + #customTokenUrl: + #customProfileUrl: + #customEmailUrl: + config: {} # APP_NAME: "Gitea: Git with a cup of tea" # RUN_MODE: dev