feat: CORE-6770 Add support OAuth2 to Gateway#184
feat: CORE-6770 Add support OAuth2 to Gateway#184okapusty-virtru wants to merge 21 commits intomainfrom
Conversation
okapusty-virtru
changed the title
mkleene
left a comment
mkleene
left a comment
There was a problem hiding this comment.
This is great! Awesome that this is working. The only big change that I think we should make is that these objects should only appear if they have enabled oauth2, say by setting a value like oauth2.enabled. Otherwise we don't want the secret, the rolebinding, or the token refresher to even exist. That should be pretty simple using conditional templates.
mkleene
left a comment
mkleene
left a comment
There was a problem hiding this comment.
Looks really good! Just a couple of minor things. Maybe even call the files xoauth2-*?
we now have abac only charts
# Conflicts: # gateway/values.yaml
mkleene
left a comment
mkleene
left a comment
There was a problem hiding this comment.
We just need to add what you have done here to the other modes
There was a problem hiding this comment.
Looks good but I think that we need to slap these on all of the other workloads
gateway/values.yaml
Outdated
| xoauth2: | ||
| clientSecret: <xoauth2-client-secret> | ||
| refreshToken: <xoauth2-refresh-token> | ||
| accessToken: <xoauth2-access-token |
There was a problem hiding this comment.
| accessToken: <xoauth2-access-token | |
| accessToken: <xoauth2-access-token> |
| oauth2: | ||
| xoauth2: | ||
| enabled: false | ||
| clientId: <xoauth2-client-id> |
There was a problem hiding this comment.
| clientId: <xoauth2-client-id> | |
| clientId: <xoauth2-client-id> | |
| domains: <the domains that xoauth2 is configured for> | |
| user: <the user that xoauth2 is configured for> |
# Conflicts: # gateway/README.md # gateway/values.yaml
okapusty-virtru
changed the title
2 participants
Proposed Changes
*Add OAuth2 secrets and CronJob for token refresh
Checklist
helm package $CHART_NAME -uhelm repo index .Testing Instructions