Add job to create oauth2 client

helmchart/single-sign-on/requirements.yaml

 dependencies:
   - name: hydra
-    version: 0.0.46
+    version: 0.0.47
     repository: "@ory"
     tags:
       - single-sign-on

helmchart/single-sign-on/templates/deployment-consent.yaml

@@ -20,7 +20,7 @@ spec:
           imagePullPolicy: Always
           env:
             - name: HYDRA_ADMIN_URL
-              value: http://{{ .Release.Name }}-admin:4445
+              value: http://{{ .Release.Name }}-hydra-admin:4445
             - name: GRAPHQL_URL
               value: http://{{ include "single-sign-on.fullname" . }}-userbackend/graphql
           ports:

helmchart/single-sign-on/templates/deployment-login.yaml

@@ -20,7 +20,7 @@ spec:
           imagePullPolicy: Always
           env:
             - name: HYDRA_ADMIN_URL
-              value: http://{{ .Release.Name }}-admin:4445
+              value: http://{{ .Release.Name }}-hydra-admin:4445
             - name: GRAPHQL_URL
               value: http://{{ include "single-sign-on.fullname" . }}-userbackend/graphql
           ports:

helmchart/single-sign-on/templates/deployment-userfrontend.yaml

@@ -38,12 +38,12 @@ spec:
             - name: OAUTH_CLIENT_ID
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "single-sign-on.fullname" . }}-oauth2client-userpanel
+                  name: userpanel-oauth2-client
                   key: client_id
             - name: OAUTH_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "single-sign-on.fullname" . }}-oauth2client-userpanel
+                  name: userpanel-oauth2-client
                   key: client_secret
           ports:
             - name: userpanel

helmchart/single-sign-on/templates/job-create-oauth2-client-userpanel.yaml

+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "single-sign-on.fullname" . }}-create-oauth2-client
+  labels:
+{{ include "single-sign-on.labels" . | indent 4 }}
+  annontations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/managed-by: {{.Release.Service | quote }}
+        app.kubernetes.io/instance: {{.Release.Name | quote }}
+        helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: user-panel
+        image: "open.greenhost.net:4567/openappstack/user-panel/backend:minimal-frontend"
+        env:
+        - name: CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: userpanel-oauth2-client
+              key: client_id
+        - name: CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: userpanel-oauth2-client
+              key: client_secret
+        - name: CLIENT_NAME
+          value: user-panel
+        - name: REDIRECT_URI
+          value: "https://{{ .Values.userpanel.ingress.host }}/callback"
+        - name: SCOPES
+          value: "openid profile email openappstack_roles"
+        - name: CLIENT_URI
+          value: "https://{{ .Values.userpanel.ingress.host }}"
+        - name: CLIENT_LOGO_URI
+          value: "https://{{ .Values.userpanel.ingress.host }}/favicon.ico"
+        - name: TOKEN_ENDPOINT_AUTH_METHOD
+          value: client_secret_basic
+        - name: RESPONSE_TYPES
+          value: token
+        - name: GRANT_TYPES
+          value: implicit
+        command: ["/bin/bash", "-c"]
+        args:
+        - >
+          curl http://{{ .Release.Name }}-hydra-admin:4445/clients &&
+          curl --header "Content-Type: application/json" \
+               --request POST \
+               --data "{\"client_id\": \"$CLIENT_ID\",
+                        \"client_name\": \"$CLIENT_NAME\",
+                        \"client_secret\": \"$CLIENT_SECRET\",
+                        \"client_uri\": \"$CLIENT_URI\",
+                        \"logo_uri\": \"$CLIENT_LOGO_URI\",
+                        \"redirect_uris\": [\"$REDIRECT_URI\"],
+                        \"scope\": \"$SCOPES\",
+                        \"grant_types\": [\"$GRANT_TYPES\"],
+                        \"response_types\": [\"$RESPONSE_TYPES\"],
+                        \"token_endpoint_auth_method\": \"client_secret_post\"}" \
+               http://{{ .Release.Name }}-hydra-admin:4445/clients

helmchart/single-sign-on/templates/oauth2client-user-panel.yaml

-apiVersion: hydra.ory.sh/v1alpha1
-kind: OAuth2Client
-metadata:
-  name: user-panel
-  labels:
-{{ include "single-sign-on.labels" . | indent 4 }}
-spec:
-  grantTypes: ["implicit"]
-  responseTypes: ["token"]
-  scope: "opeind profile email openappstack_roles"
-  redirectUris: [ "https://{{ .Values.userpanel.ingress.host }}/callback" ]
-  tokenEndPointAuthMethod: "client_secret_basic"
-  secretName: {{ include "single-sign-on.fullname" . }}-oauth2client-userpanel

helmchart/single-sign-on/templates/secret-oauth2-client-userpanel.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+    name: userpanel-oauth2-client
+type: Opaque
+data:
+  client_id: {{ uuidv4 | b64enc }}
+  client_secret: {{ randAlphaNum 32 | b64enc }}

helmchart/single-sign-on/values.yaml

@@ -10,6 +10,8 @@ userbackend:
     password: "postgres"
 
 hydra:
+  maester:
+    enabled: false
   hydra:
     dangerousForceHttp: true
     config: