From 998307fcaf16899b047bb80fdb1ceb6348a3e385 Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Fri, 22 Nov 2019 20:13:29 +0100
Subject: [PATCH] Create oauth client via maester

Upstream issues cause this not to work but it should work with the next
release
---
 .../templates/deployment-userfrontend.yaml          | 10 ++++++++--
 .../templates/oauth2client-user-panel.yaml          | 13 +++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 helmchart/single-sign-on/templates/oauth2client-user-panel.yaml

diff --git a/helmchart/single-sign-on/templates/deployment-userfrontend.yaml b/helmchart/single-sign-on/templates/deployment-userfrontend.yaml
index b8c824e..1aa814a 100644
--- a/helmchart/single-sign-on/templates/deployment-userfrontend.yaml
+++ b/helmchart/single-sign-on/templates/deployment-userfrontend.yaml
@@ -36,9 +36,15 @@ spec:
             - name: BACKEND_API_URL
               value: http://{{ include "single-sign-on.fullname" . }}-userbackend/graphql
             - name: OAUTH_CLIENT_ID
-              value: user-panel
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "single-sign-on.fullname" . }}-oauth2client-userpanel
+                  key: client_id
             - name: OAUTH_CLIENT_SECRET
-              value: secret_secret
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "single-sign-on.fullname" . }}-oauth2client-userpanel
+                  key: client_secret
           ports:
             - name: userpanel
               containerPort: 3000
diff --git a/helmchart/single-sign-on/templates/oauth2client-user-panel.yaml b/helmchart/single-sign-on/templates/oauth2client-user-panel.yaml
new file mode 100644
index 0000000..b8c0a0d
--- /dev/null
+++ b/helmchart/single-sign-on/templates/oauth2client-user-panel.yaml
@@ -0,0 +1,13 @@
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: user-panel
+  labels:
+{{ include "single-sign-on.labels" . | indent 4 }}
+spec:
+  grantTypes: ["implicit"]
+  responseTypes: ["token"]
+  scope: "opeind profile email openappstack_roles"
+  redirectUris: [ "https://{{ .Values.userpanel.ingress.host }}/callback" ]
+  tokenEndPointAuthMethod: "client_secret_basic"
+  secretName: {{ include "single-sign-on.fullname" . }}-oauth2client-userpanel
-- 
GitLab