OAuth2 configuration options (#123)

I opened up the OAuth2 authentication option. I needed this feature, and it is available in the gitea cli. So I opened it up for configuration through this pull request.

Hope it can help others.

Co-authored-by: Marc Went <marc.went+git@redkubes.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/123
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Dunky13 <dunky13@noreply.gitea.io>
Co-committed-by: Dunky13 <dunky13@noreply.gitea.io>
This commit is contained in:
Dunky13 2021-03-01 20:24:11 +08:00 committed by lafriks
parent 9213f0d1f5
commit d1c58a2e77
5 changed files with 73 additions and 0 deletions

View File

@ -288,6 +288,47 @@ kebab-case:
bind-password: JustAnotherBindPw bind-password: JustAnotherBindPw
username-attribute: CN username-attribute: CN
``` ```
### OAuth2 Settings
Like the admin user the OAuth2 settings can be updated but also disabled or deleted.
All OAuth2 values from <https://docs.gitea.io/en-us/command-line/#admin> are available.
You can either use them in camel case or kebab case.
camelCase:
```yaml
gitea:
oauth:
enabled: true
name: 'MyAwesomeGiteaOAuth'
provider: 'openidConnect'
key: 'hello'
secret: 'world'
autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration'
#useCustomUrls:
#customAuthUrl:
#customTokenUrl:
#customProfileUrl:
#customEmailUrl:
```
kebab-case:
```yaml
gitea:
oauth:
enabled: true
name: 'MyAwesomeGiteaOAuth'
provider: 'openidConnect'
key: 'hello'
secret: 'world'
auto-discover-url: 'https://gitea.example.com/.well-known/openid-configuration'
#use-custom-urls:
#custom-auth-url:
#custom-token-url:
#custom-profile-url:
#custom-email-url:
```
### Metrics and profiling ### Metrics and profiling

View File

@ -108,3 +108,11 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "gitea.oauth_settings" -}}
{{- range $key, $val := .Values.gitea.oauth -}}
{{- if ne $key "enabled" -}}
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -40,4 +40,14 @@ stringData:
{{- include "gitea.ldap_settings" . | nindent 6 }} \ {{- include "gitea.ldap_settings" . | nindent 6 }} \
) \ ) \
{{- end }} {{- end }}
{{- if .Values.gitea.oauth.enabled }}
gitea admin auth add-oauth \
{{- include "gitea.oauth_settings" . | nindent 6 }} \
|| \
( \
export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.oauth.name | quote }} | awk -F " " "{print \$1}"); \
gitea admin auth update-oauth --id ${GITEA_AUTH_ID} \
{{- include "gitea.oauth_settings" . | nindent 6 }} \
) \
{{- end }}
' '

View File

@ -15,6 +15,7 @@ spec:
annotations: annotations:
checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }} checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }}
checksum/oauth: {{ include "gitea.oauth_settings" . | sha256sum }}
{{- with .Values.gitea.podAnnotations }} {{- with .Values.gitea.podAnnotations }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

View File

@ -131,6 +131,19 @@ gitea:
#usernameAttribute: #usernameAttribute:
#sshPublicKeyAttribute: #sshPublicKeyAttribute:
oauth:
enabled: false
#name:
#provider:
#key:
#secret:
#autoDiscoverUrl:
#useCustomUrls:
#customAuthUrl:
#customTokenUrl:
#customProfileUrl:
#customEmailUrl:
config: {} config: {}
# APP_NAME: "Gitea: Git with a cup of tea" # APP_NAME: "Gitea: Git with a cup of tea"
# RUN_MODE: dev # RUN_MODE: dev