From a54e26c9c44075f945a98b8646ea641ded3dbd5c Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Fri, 21 Jan 2022 11:16:51 +0100
Subject: [PATCH] use newer containers and supply Hydra/OIDC variables to
 deployment

---
 deployment/helmchart/Chart.lock                         | 6 +++---
 deployment/helmchart/templates/configmaps.yaml          | 7 ++++---
 deployment/helmchart/templates/deployment.yaml          | 5 +++++
 deployment/helmchart/templates/secrets-admin-panel.yaml | 3 +++
 deployment/helmchart/values.yaml                        | 9 +++++++--
 5 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/deployment/helmchart/Chart.lock b/deployment/helmchart/Chart.lock
index c76e8358..e20d8df6 100644
--- a/deployment/helmchart/Chart.lock
+++ b/deployment/helmchart/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 1.10.0
-digest: sha256:d6f283322d34efda54721ddd67aec935f1bea501c7b45dfbe89814aed21ae5dc
-generated: "2021-09-30T16:27:06.738339948+02:00"
+  version: 1.10.4
+digest: sha256:e177cdcd71e67a1e64e95260c4b780374e1d66e85be405d5dc58459654e49ffa
+generated: "2022-01-21T11:11:54.359313957+01:00"
diff --git a/deployment/helmchart/templates/configmaps.yaml b/deployment/helmchart/templates/configmaps.yaml
index a2f8262c..34c5a7fb 100644
--- a/deployment/helmchart/templates/configmaps.yaml
+++ b/deployment/helmchart/templates/configmaps.yaml
@@ -13,9 +13,10 @@ data:
   SECRET_KEY: {{ .Values.backend.secretKey }}
   FLASK_APP: app.py
   FLASK_ENV: {{ .Values.backend.flaskEnv }}
-  # Probably needed in the future:
-  # DASHBOARD_BACKEND_USERNAME: {{ .Values.backend.username | quote }}
-  # DASHBOARD_BACKEND_EMAIL: {{ .Values.backend.email | quote }}
+  HYDRA_CLIENT_ID: {{ .Values.backend.oidc.clientId }}
+  HYDRA_AUTHORIZATION_BASE_URL: {{ .Values.backend.oidc.authorizationBaseUrl }}
+  TOKEN_URL: {{ .Values.backend.oidc.tokenUrl }}
+
   # {{- if .Values.backend.smtp.enabled }}
   # DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }}
   # DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }}
diff --git a/deployment/helmchart/templates/deployment.yaml b/deployment/helmchart/templates/deployment.yaml
index b69be609..1557dec4 100644
--- a/deployment/helmchart/templates/deployment.yaml
+++ b/deployment/helmchart/templates/deployment.yaml
@@ -138,6 +138,11 @@ spec:
                 secretKeyRef:
                   name: {{ include "backend.smtp.secretName" . }}
                   key: smtp-password
+            - name: HYDRA_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "backend.secretName" . }}
+                  key: oidc-client-secret
             - name: KRATOS_URL
               value: {{ .Values.backend.kratosUrl }}
             {{- end }}
diff --git a/deployment/helmchart/templates/secrets-admin-panel.yaml b/deployment/helmchart/templates/secrets-admin-panel.yaml
index 969b2109..07562c87 100644
--- a/deployment/helmchart/templates/secrets-admin-panel.yaml
+++ b/deployment/helmchart/templates/secrets-admin-panel.yaml
@@ -20,4 +20,7 @@ data:
   {{- if and (.Values.backend.smtp.password) (.Values.backend.smtp.enabled) (not .Values.backend.smtp.existingSecret) }}
   smtp-password: {{ .Values.backend.smtp.password | b64enc | quote }}
   {{- end }}
+  {{- if .Values.backend.oidc.clientSecret }}
+  oidc-client-secret: {{ .Values.backend.oidc.clientSecret | b64enc | quote }}
+  {{- end }}
 {{- end }}
diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml
index 45a94fec..1f976f16 100644
--- a/deployment/helmchart/values.yaml
+++ b/deployment/helmchart/values.yaml
@@ -59,7 +59,7 @@ dashboard:
   image:
     registry: open.greenhost.net:4567
     repository: stackspin/dashboard/dashboard
-    tag: 0-1-2
+    tag: 0-1-3
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
     ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -232,7 +232,7 @@ backend:
   image:
     registry: open.greenhost.net:4567
     repository: stackspin/dashboard-backend/dashboard-backend
-    tag: 0-1-2
+    tag: 0-1-3
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
     ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -249,6 +249,11 @@ backend:
 
   # URL to the Ory Kratos API
   kratosUrl: http://127.0.0.1:8000
+  oidc:
+    clientId: dashboard
+    clientSecret: ReplaceWithSecret
+    authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
+    tokenUrl: https://sso.stackspin.example.org/oauth2/token
 
   ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
   ##
-- 
GitLab