Merge pull request #125 from Calcagiara/krmRoles

Krm roles
scc-digitalhub · Oct 10, 2024 · cf40254 · cf40254
2 parents 1b24f52 + da70446
commit cf40254
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 2 deletions.
diff --git a/charts/core/Chart.yaml b/charts/core/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: core
 description: Core backend application for DigitalHub.
 type: application
-version: 0.2.14
+version: 0.2.15
 appVersion: "0.8.0-beta4"
 maintainers:
   - name: ffais

diff --git a/charts/core/templates/configmap.yaml b/charts/core/templates/configmap.yaml
@@ -49,6 +49,7 @@ data:
   DH_AUTH_JWT_CLAIM: {{ .Values.authentication.openId.jwtClaim }}
   DH_AUTH_OIDC_ISSUER_URI: {{ .Values.authentication.openId.issuerUri }}
   DH_AUTH_OIDC_SCOPE: {{ .Values.authentication.openId.scope }}
+  DH_AUTH_JWT_USERNAME: {{ .Values.authentication.openId.jwtUsername }}
 {{- end }}
 {{- if .Values.global.registry.url }}
   DOCKER_REGISTRY: {{ .Values.global.registry.url }}

diff --git a/charts/core/values.yaml b/charts/core/values.yaml
@@ -184,6 +184,7 @@ authentication:
     externalSecret:
       name: ""
       key: ""
+    jwtUsername: ""
 
 events:
   enabled: "false"

diff --git a/charts/kubernetes-resource-manager/Chart.yaml b/charts/kubernetes-resource-manager/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubernetes-resource-manager
 description: A Helm chart for Kubernetes
 type: application
-version: 0.2.3
+version: 0.2.4
 appVersion: "1.2.2"
 maintainers:
   - name: ffais

diff --git a/charts/kubernetes-resource-manager/templates/_helpers.tpl b/charts/kubernetes-resource-manager/templates/_helpers.tpl
@@ -126,3 +126,13 @@ Namespace function
 {{- .Values.namespaceValues.defaultValue }}
 {{- end }}
 {{- end }}
+
+{{/*
+Function for setting roles for KRM
+*/}}
+{{- define "kubernetes-resource-manager.roles" }}
+{{- range $i, $roles := .Values.oidc.access.roles }}
+  ACCESS_ROLES_{{ $i }}_ROLE: {{ $roles.role }}
+  ACCESS_ROLES_{{ $i }}_RESOURCES: {{ $roles.resources }}
+{{- end }}
+{{- end }}
diff --git a/charts/kubernetes-resource-manager/templates/configmap.yaml b/charts/kubernetes-resource-manager/templates/configmap.yaml
@@ -23,3 +23,6 @@ data:
   {{- if .Values.env.additionalEnv }}
   {{- toYaml .Values.env.additionalEnv | nindent 2}}
   {{- end }}
+  {{- if and .Values.oidc.enabled .Values.oidc.access.roles }}
+  {{- include "kubernetes-resource-manager.roles" . }}
+  {{- end }}
diff --git a/charts/kubernetes-resource-manager/values.yaml b/charts/kubernetes-resource-manager/values.yaml
@@ -212,6 +212,8 @@ oidc:
   scope: ""
   authType: ""
   redirectUrl: ""
+  access:
+    roles: []
 
 resourceSelectors:
   # list separated by |