{{- $clientID := .Values.blueprint.provider.clientID }} {{- $clientSecret := .Values.blueprint.provider.clientSecret }} {{- if .Values.secret.enabled }} --- {{- $secretName := .Values.secret.name | default (include "authentik-application.fullname" .) }} apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} labels: {{- include "authentik-application.labels" . | nindent 4 }} {{- with .Values.secret.labels }} {{- toYaml . | nindent 4 }} {{- end }} stringData: {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $secretName) | default dict }} {{- $secretData := (get $secretObj "data") | default dict }} issuerURL: {{ print .Values.blueprint.authentik.domain "/application/o/" .Values.blueprint.application.slug "/" }} {{- $clientIDCoded := (get $secretData "clientID") | default (randAlphaNum 32 | b64enc) }} {{- $clientID = .Values.blueprint.provider.clientID | default ($clientIDCoded | b64dec) }} clientID: {{ $clientID | quote }} {{- $clientSecretCoded := (get $secretData "clientSecret") | default (randAlphaNum 32 | b64enc) }} {{- $clientSecret = .Values.blueprint.provider.clientSecret | default ($clientSecretCoded | b64dec) }} clientSecret: {{ $clientSecret | quote }} redirectURL: {{ .Values.blueprint.provider.redirectURL }} {{- with .Values.blueprint.provider.tokenDuration }} tokenDuration: {{ . | quote }} {{- end }} {{- with .Values.blueprint.provider.scopes }} customScopes: {{ . | join "," | quote }} {{- end }} {{- with .Values.blueprint.provider.claimUsername }} claimUsername: {{ . | quote }} {{- end }} {{- with .Values.blueprint.provider.claimGroups }} claimGroups: {{ . | quote }} {{- end }} {{- end }} --- apiVersion: v1 kind: Secret metadata: name: {{ include "authentik-application.fullname" . }}-blueprint labels: {{- include "authentik-application.labels" . | nindent 4 }} {{- with .Values.blueprint.labels }} {{- toYaml . | nindent 4 }} {{- end }} stringData: blueprint.yaml: |- version: 1 metadata: name: {{ include "authentik-application.fullname" . }} entries: - model: authentik_providers_oauth2.OAuth2Provider id: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }} identifiers: name: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }} state: present attrs: authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]] client_type: {{ .Values.blueprint.provider.clientType | quote }} client_id: {{ $clientID | quote }} client_secret: {{ $clientSecret | quote }} redirect_uris: {{ .Values.blueprint.provider.redirectURL }} {{- with .Values.blueprint.provider.tokenDuration }} access_token_validity: {{ . | quote }} {{- end }} {{- with .Values.blueprint.provider.signingKey }} signing_key: !Find [authentik_crypto.CertificateKeyPair, [name, {{ . }}]] {{- end }} {{- with .Values.blueprint.provider.scopes }} property_mappings: {{- range . }} - !Find [authentik_providers_oauth2.ScopeMapping, [scope_name, {{ . }}]] {{- end }} {{- end }} - model: authentik_core.Application id: {{ .Values.blueprint.application.name | default (include "authentik-application.fullname" .) }} identifiers: slug: {{ .Values.blueprint.application.slug }} state: present attrs: name: {{ .Values.blueprint.application.name | default (include "authentik-application.fullname" .) }} slug: {{ .Values.blueprint.application.slug }} provider: !KeyOf {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }} policy_engine_mode: {{ .Values.blueprint.application.policyEngineMode }} {{- with .Values.blueprint.application.group }} group: {{ . | quote }} {{- end }} {{- with .Values.blueprint.application.launchURL }} meta_launch_url: {{ . | quote }} {{- end }} open_in_new_tab: {{ toYaml .Values.blueprint.application.openInNewTab }} {{- with .Values.blueprint.application.icon }} meta_icon: {{ . | quote }} {{- end }} {{- with .Values.blueprint.application.description }} meta_description: {{ . | quote }} {{- end }} {{- with .Values.blueprint.application.publisher }} meta_publisher: {{ . | quote }} {{- end }} {{- if (eq (len .Values.blueprint.groups) 0) }} - model: authentik_core.group id: "app: {{ .Values.blueprint.application.slug }}" identifiers: name: "app: {{ .Values.blueprint.application.slug }}" state: "present" attrs: name: "app: {{ .Values.blueprint.application.slug }}" - model: authentik_policies.PolicyBinding id: "app: {{ .Values.blueprint.application.slug }}" identifiers: group: !KeyOf "app: {{ .Values.blueprint.application.slug }}" attrs: group: !KeyOf "app: {{ .Values.blueprint.application.slug }}" order: 10 target: !Find [authentik_core.Application, [slug, {{ .Values.blueprint.application.slug }}]] {{- end }} {{- range $group := .Values.blueprint.groups }} - model: authentik_core.group id: {{ $group.slug | quote }} identifiers: name: {{ $group.slug | quote }} state: {{ $group.state | default "present" | quote }} attrs: name: {{ $group.slug | quote }} {{- with $group.parent }} parent: !Find [authentik_core.group, [name, {{ . | quote }}]] {{- else}} parent: null {{- end }} - model: authentik_policies.PolicyBinding id: {{ $group.slug | quote }} identifiers: group: !KeyOf {{ $group.slug | quote }} attrs: group: !KeyOf {{ $group.slug | quote}} order: 10 target: !Find [authentik_core.Application, [slug, {{ $.Values.blueprint.application.slug }}]] {{- end }}