fix(base-cluster/oidc): this fixes the wrongly rolled out outh config (…

…#1000)
teutonet · Jul 1, 2024 · 798a7c7 · 798a7c7
1 parent 4b49283
commit 798a7c7
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 11 deletions.
diff --git a/charts/base-cluster/templates/NOTES.txt b/charts/base-cluster/templates/NOTES.txt
@@ -27,7 +27,7 @@ You can access your grafana instance via
 
 http://localhost:3000
 {{- end }}
-{{ if .Values.global.authentication.config.clientId }}
+{{ if .Values.global.authentication.config }}
 Login via your OIDC provider, or via;
 
 {{- end }}

diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml
@@ -173,7 +173,7 @@ dashboards:
 {{- $grafanaIni := .Values.monitoring.grafana.config | default (dict) }}
 {{- if and .Values.ingress.enabled .Values.monitoring.grafana.ingress.enabled .Values.certManager.email (or .Values.global.baseDomain .Values.monitoring.grafana.ingress.customDomain) }}
   {{- $grafanaIni = mustMerge $grafanaIni (include "base-cluster.prometheus-stack.grafana.ini.ingress" (dict "context" $) | fromYaml) }}
-  {{- if .Values.global.authentication.config }}
+  {{- if .Values.global.authentication }}
     {{- $grafanaIni = mustMerge $grafanaIni (include "base-cluster.prometheus-stack.grafana.ini.oauth" (dict "context" $) | fromYaml) }}
 envValueFrom:
   OIDC_CLIENT_SECRET:

diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml
@@ -52,14 +52,14 @@ privileged: false
   {{- $_ := mustMerge . (pick .context "Values") -}}
   {{- $ingress := include "base-cluster.monitoring.ingress.config" (dict "name" .name "context" .context) | fromYaml -}}
   {{- if include "base-cluster.monitoring.ingress.enabled" (dict "name" .name "context" .context) -}}
-    {{- and (empty .Values.global.authentication.config.clientId) (dig "enabled" false $ingress) | ternary true "" -}}
+    {{- and (empty .Values.global.authentication.config) (dig "enabled" false $ingress) | ternary true "" -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "base-cluster.monitoring.authenticated-ingress.enabled" -}}
   {{- $_ := mustMerge . (pick .context "Values") -}}
   {{- $ingress := include "base-cluster.monitoring.ingress.config" (dict "name" .name "context" .context) | fromYaml -}}
   {{- if include "base-cluster.monitoring.ingress.enabled" (dict "name" .name "context" .context) -}}
-    {{- and (not (empty .Values.global.authentication.config.clientId)) (dig "enabled" true $ingress) | ternary true "" -}}
+    {{- and (not (empty .Values.global.authentication.config)) (dig "enabled" true $ingress) | ternary true "" -}}
   {{- end -}}
 {{- end -}}
diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.global.authentication.config.clientId .Values.monitoring.prometheus.enabled (or (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "prometheus" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "alertmanager" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "grafana" "context" .))) }}
+{{- if and .Values.global.authentication.config .Values.monitoring.prometheus.enabled (or (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "prometheus" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "alertmanager" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "grafana" "context" .))) }}
 {{- $name := include "common.secrets.name" (dict "defaultNameSuffix" "oauth-proxy" "context" $) -}}
 apiVersion: v1
 kind: Secret

diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.global.authentication.config.clientId .Values.monitoring.prometheus.enabled }}
+{{- if and .Values.global.authentication.config .Values.monitoring.prometheus.enabled }}
 {{- $backends := list -}}
 {{- if include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "prometheus" "context" .) -}}
   {{- $backends = append $backends (dict "host" "prometheus" "port" 9090) -}}

diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json
@@ -464,6 +464,11 @@
                   "type": "string"
                 }
               },
+              "required": [
+                "clientId",
+                "clientSecret",
+                "issuerHost"
+              ],
               "additionalProperties": false
             },
             "grafana": {

diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml
@@ -173,11 +173,6 @@ global:
         opentelemetry-collector: 0.x.x
       condition: "{{ and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled }}"
   authentication:
-    config:
-      clientId: ""
-      clientSecret: ""
-      issuerHost: ""
-      issuerPath: ""
     grafana:
       authenticationPath: /protocol/openid-connect/auth
       apiPath: /protocol/openid-connect/userinfo