chart: add toggle for openid

Co-authored-by: Morten Lied Johansen <[email protected]>
nais · Sep 11, 2024 · f5d2f66 · f5d2f66
1 parent d6b57a6
commit f5d2f66
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 0 deletions.
diff --git a/charts/wonderwall/Feature.yaml b/charts/wonderwall/Feature.yaml
@@ -98,3 +98,9 @@ values:
   image.tag:
     config:
       type: string
+  openid.enabled:
+    description: Enable OpenID config.
+    config:
+      type: bool
+    ignoreKind:
+      - legacy
diff --git a/charts/wonderwall/templates/redis.yaml b/charts/wonderwall/templates/redis.yaml
@@ -12,3 +12,10 @@
 {{ include "common.aivenapplication.tpl" (dict "root" . "provider" $provider "access" "readwrite" "secretName" .Values.idporten.redisSecretNames.readwrite) }}
 {{ include "common.aivenapplication.tpl" (dict "root" . "provider" $provider "access" "read" "secretName" .Values.idporten.redisSecretNames.read) }}
 {{- end }}
+
+{{- if .Values.openid.enabled }}
+{{ $provider := "openid" }}
+{{ include "common.redis.tpl" (dict "root" . "provider" $provider) }}
+{{ include "common.serviceintegration.tpl" (dict "root" . "provider" $provider) }}
+{{ include "common.aivenapplication.tpl" (dict "root" . "provider" $provider "access" "readwrite" "secretName" .Values.openid.redisSecretName) }}
+{{- end }}
diff --git a/charts/wonderwall/templates/replicationconfig.yaml b/charts/wonderwall/templates/replicationconfig.yaml
@@ -118,3 +118,37 @@ spec:
             - Egress
   {{- end }}
 {{- end }}
+{{- if .Values.openid.enabled }}
+---
+apiVersion: nais.io/v1
+kind: ReplicationConfig
+metadata:
+  name: {{ include "wonderwall.fullname" . }}-openid
+  labels:
+    {{- include "wonderwall.labels" . | nindent 4 }}
+    wonderwall.nais.io/provider: openid
+spec:
+  namespaceSelector:
+    matchExpressions:
+      - key: team
+        operator: Exists
+  templateValues:
+    secrets:
+      - name: "{{ .Values.openid.redisSecretName }}"
+        validate: false
+  resources:
+    # used by naiserator to inject wonderwall config into sidecar
+    - template: |
+        apiVersion: v1
+        kind: Secret
+        type: kubernetes.io/Opaque
+        metadata:
+          name: login-global-config
+          annotations:
+            reloader.stakater.com/match: "true"
+        stringData:
+          WONDERWALL_REDIS_CONNECTION_IDLE_TIMEOUT: "{{ .Values.redis.connectionIdleTimeout }}"
+          WONDERWALL_REDIS_URI: "[[ .Values.REDIS_URI_WONDERWALL_OPENID ]]"
+          WONDERWALL_REDIS_USERNAME: "[[ .Values.REDIS_USERNAME_WONDERWALL_OPENID ]]"
+          WONDERWALL_REDIS_PASSWORD: "[[ .Values.REDIS_PASSWORD_WONDERWALL_OPENID ]]"
+{{- end }}
diff --git a/charts/wonderwall/values.yaml b/charts/wonderwall/values.yaml
@@ -56,6 +56,9 @@ idporten:
   ssoServerSecretName: wonderwall-idporten-sso-server
   ssoDefaultRedirectURL:
   ssoDomain:
+openid:
+  enabled: false
+  redisSecretName: wonderwall-openid-redis-rw
 redis:
   connectionIdleTimeout: 299
 resources: