wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 8 Projects Packages Activity
helm-charts/authentik-application/templates/secrets.yaml

153 lines
6.2 KiB
YAML
Raw Normal View History

fix(authentik-application): init
2023-09-03 14:58:07 +02:00
{{- $clientID := .Values.blueprint.provider.clientID }}
{{- $clientSecret := .Values.blueprint.provider.clientSecret }}
{{- if .Values.secret.enabled }}
---
{{- $secretName := .Values.secret.name | default (include "authentik-application.fullname" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
labels:
{{- include "authentik-application.labels" . | nindent 4 }}
{{- with .Values.secret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
stringData:
{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $secretName) | default dict }}
{{- $secretData := (get $secretObj "data") | default dict }}
issuerURL: {{ print .Values.blueprint.authentik.domain "/application/o/" .Values.blueprint.application.slug "/" }}
{{- $clientIDCoded := (get $secretData "clientID") | default (randAlphaNum 32 | b64enc) }}
{{- $clientID = .Values.blueprint.provider.clientID | default ($clientIDCoded | b64dec) }}
clientID: {{ $clientID | quote }}
{{- $clientSecretCoded := (get $secretData "clientSecret") | default (randAlphaNum 32 | b64enc) }}
{{- $clientSecret = .Values.blueprint.provider.clientSecret | default ($clientSecretCoded | b64dec) }}
clientSecret: {{ $clientSecret | quote }}
redirectURL: {{ .Values.blueprint.provider.redirectURL }}
{{- with .Values.blueprint.provider.tokenDuration }}
tokenDuration: {{ . | quote }}
{{- end }}
{{- with .Values.blueprint.provider.scopes }}
customScopes: {{ . | join "," | quote }}
{{- end }}
{{- with .Values.blueprint.provider.claimUsername }}
claimUsername: {{ . | quote }}
{{- end }}
{{- with .Values.blueprint.provider.claimGroups }}
claimGroups: {{ . | quote }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "authentik-application.fullname" . }}-blueprint
labels:
{{- include "authentik-application.labels" . | nindent 4 }}
{{- with .Values.blueprint.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
stringData:
blueprint.yaml: |-
version: 1
metadata:
name: {{ include "authentik-application.fullname" . }}
entries:
- model: authentik_providers_oauth2.OAuth2Provider
id: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
identifiers:
name: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
state: present
attrs:
authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]]
client_type: {{ .Values.blueprint.provider.clientType | quote }}
client_id: {{ $clientID | quote }}
client_secret: {{ $clientSecret | quote }}
redirect_uris: {{ .Values.blueprint.provider.redirectURL }}
{{- with .Values.blueprint.provider.tokenDuration }}
access_token_validity: {{ . | quote }}
{{- end }}
{{- with .Values.blueprint.provider.signingKey }}
signing_key: !Find [authentik_crypto.CertificateKeyPair, [name, {{ . }}]]
{{- end }}
{{- with .Values.blueprint.provider.scopes }}
property_mappings:
{{- range . }}
- !Find [authentik_providers_oauth2.ScopeMapping, [scope_name, {{ . }}]]
{{- end }}
{{- end }}
- model: authentik_core.Application
id: {{ .Values.blueprint.application.name | default (include "authentik-application.fullname" .) }}
identifiers:
slug: {{ .Values.blueprint.application.slug }}
state: present
attrs:
name: {{ .Values.blueprint.application.name | default (include "authentik-application.fullname" .) }}
slug: {{ .Values.blueprint.application.slug }}
provider: !KeyOf {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
policy_engine_mode: {{ .Values.blueprint.application.policyEngineMode }}
{{- with .Values.blueprint.application.group }}
group: {{ . | quote }}
{{- end }}
{{- with .Values.blueprint.application.launchURL }}
meta_launch_url: {{ . | quote }}
{{- end }}
open_in_new_tab: {{ toYaml .Values.blueprint.application.openInNewTab }}
{{- with .Values.blueprint.application.icon }}
meta_icon: {{ . | quote }}
{{- end }}
{{- with .Values.blueprint.application.description }}
meta_description: {{ . | quote }}
{{- end }}
{{- with .Values.blueprint.application.publisher }}
meta_publisher: {{ . | quote }}
{{- end }}
{{- if (eq (len .Values.blueprint.groups) 0) }}
- model: authentik_core.group
id: "app: {{ .Values.blueprint.application.slug }}"
identifiers:
name: "app: {{ .Values.blueprint.application.slug }}"
state: "present"
attrs:
name: "app: {{ .Values.blueprint.application.slug }}"
- model: authentik_policies.PolicyBinding
id: "app: {{ .Values.blueprint.application.slug }}"
identifiers:
group: !KeyOf "app: {{ .Values.blueprint.application.slug }}"
attrs:
group: !KeyOf "app: {{ .Values.blueprint.application.slug }}"
order: 10
target: !Find [authentik_core.Application, [slug, {{ .Values.blueprint.application.slug }}]]
{{- end }}
{{- range $group := .Values.blueprint.groups }}
- model: authentik_core.group
id: {{ $group.slug | quote }}
identifiers:
name: {{ $group.slug | quote }}
state: {{ $group.state | default "present" | quote }}
attrs:
name: {{ $group.slug | quote }}
fix(authentik-application): support group parent
2023-09-04 04:22:28 +02:00
{{- with $group.parent }}
parent: !Find [authentik_core.group, [name, {{ . | quote }}]]
{{- else}}
parent: null
{{- end }}
fix(authentik-application): init
2023-09-03 14:58:07 +02:00
- model: authentik_policies.PolicyBinding
id: {{ $group.slug | quote }}
identifiers:
group: !KeyOf {{ $group.slug | quote }}
attrs:
group: !KeyOf {{ $group.slug | quote}}
order: 10
target: !Find [authentik_core.Application, [slug, {{ $.Values.blueprint.application.slug }}]]
{{- end }}
Reference in a new issue Copy permalink