From 798a7c77331bab25cb6cb9dce297a89cdaebf5c8 Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <cwr@teuto.net>
Date: Mon, 1 Jul 2024 12:24:22 +0200
Subject: [PATCH] fix(base-cluster/oidc): this fixes the wrongly rolled out
 outh config (#1000)

---
 charts/base-cluster/templates/NOTES.txt                      | 2 +-
 .../monitoring/kube-prometheus-stack/_grafana-config.yaml    | 2 +-
 .../templates/monitoring/kube-prometheus-stack/_helpers.yaml | 4 ++--
 .../monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml | 2 +-
 .../monitoring/kube-prometheus-stack/oauth-proxy.yaml        | 2 +-
 charts/base-cluster/values.schema.json                       | 5 +++++
 charts/base-cluster/values.yaml                              | 5 -----
 7 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/charts/base-cluster/templates/NOTES.txt b/charts/base-cluster/templates/NOTES.txt
index 1abd0724b..1e840829a 100644
--- a/charts/base-cluster/templates/NOTES.txt
+++ b/charts/base-cluster/templates/NOTES.txt
@@ -27,7 +27,7 @@ You can access your grafana instance via
 
 http://localhost:3000
 {{- end }}
-{{ if .Values.global.authentication.config.clientId }}
+{{ if .Values.global.authentication.config }}
 Login via your OIDC provider, or via;
 
 {{- end }}
diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml
index 8e7686b7d..25e5f3fc4 100644
--- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml
+++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml
@@ -173,7 +173,7 @@ dashboards:
 {{- $grafanaIni := .Values.monitoring.grafana.config | default (dict) }}
 {{- if and .Values.ingress.enabled .Values.monitoring.grafana.ingress.enabled .Values.certManager.email (or .Values.global.baseDomain .Values.monitoring.grafana.ingress.customDomain) }}
   {{- $grafanaIni = mustMerge $grafanaIni (include "base-cluster.prometheus-stack.grafana.ini.ingress" (dict "context" $) | fromYaml) }}
-  {{- if .Values.global.authentication.config }}
+  {{- if .Values.global.authentication }}
     {{- $grafanaIni = mustMerge $grafanaIni (include "base-cluster.prometheus-stack.grafana.ini.oauth" (dict "context" $) | fromYaml) }}
 envValueFrom:
   OIDC_CLIENT_SECRET:
diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml
index 162d4d9cd..e5f310a9e 100644
--- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml
+++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_helpers.yaml
@@ -52,7 +52,7 @@ privileged: false
   {{- $_ := mustMerge . (pick .context "Values") -}}
   {{- $ingress := include "base-cluster.monitoring.ingress.config" (dict "name" .name "context" .context) | fromYaml -}}
   {{- if include "base-cluster.monitoring.ingress.enabled" (dict "name" .name "context" .context) -}}
-    {{- and (empty .Values.global.authentication.config.clientId) (dig "enabled" false $ingress) | ternary true "" -}}
+    {{- and (empty .Values.global.authentication.config) (dig "enabled" false $ingress) | ternary true "" -}}
   {{- end -}}
 {{- end -}}
 
@@ -60,6 +60,6 @@ privileged: false
   {{- $_ := mustMerge . (pick .context "Values") -}}
   {{- $ingress := include "base-cluster.monitoring.ingress.config" (dict "name" .name "context" .context) | fromYaml -}}
   {{- if include "base-cluster.monitoring.ingress.enabled" (dict "name" .name "context" .context) -}}
-    {{- and (not (empty .Values.global.authentication.config.clientId)) (dig "enabled" true $ingress) | ternary true "" -}}
+    {{- and (not (empty .Values.global.authentication.config)) (dig "enabled" true $ingress) | ternary true "" -}}
   {{- end -}}
 {{- end -}}
diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml
index 5a6e2f1e8..6b76b4bc1 100644
--- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml
+++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.global.authentication.config.clientId .Values.monitoring.prometheus.enabled (or (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "prometheus" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "alertmanager" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "grafana" "context" .))) }}
+{{- if and .Values.global.authentication.config .Values.monitoring.prometheus.enabled (or (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "prometheus" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "alertmanager" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "grafana" "context" .))) }}
 {{- $name := include "common.secrets.name" (dict "defaultNameSuffix" "oauth-proxy" "context" $) -}}
 apiVersion: v1
 kind: Secret
diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml
index 41c69fd74..a88dbbaeb 100644
--- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml
+++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.global.authentication.config.clientId .Values.monitoring.prometheus.enabled }}
+{{- if and .Values.global.authentication.config .Values.monitoring.prometheus.enabled }}
 {{- $backends := list -}}
 {{- if include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "prometheus" "context" .) -}}
   {{- $backends = append $backends (dict "host" "prometheus" "port" 9090) -}}
diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json
index fa7215235..9e7f0a95a 100644
--- a/charts/base-cluster/values.schema.json
+++ b/charts/base-cluster/values.schema.json
@@ -464,6 +464,11 @@
                   "type": "string"
                 }
               },
+              "required": [
+                "clientId",
+                "clientSecret",
+                "issuerHost"
+              ],
               "additionalProperties": false
             },
             "grafana": {
diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml
index 924d1231b..600eb09d3 100644
--- a/charts/base-cluster/values.yaml
+++ b/charts/base-cluster/values.yaml
@@ -173,11 +173,6 @@ global:
         opentelemetry-collector: 0.x.x
       condition: "{{ and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled }}"
   authentication:
-    config:
-      clientId: ""
-      clientSecret: ""
-      issuerHost: ""
-      issuerPath: ""
     grafana:
       authenticationPath: /protocol/openid-connect/auth
       apiPath: /protocol/openid-connect/userinfo