Skip to content

Commit

Permalink
Add support to provide existing kubernetes secret for nginx basic auth
Browse files Browse the repository at this point in the history
Signed-off-by: Vasil Vasilev <vasil.vasilev@bosch.com>
  • Loading branch information
vvasilevbosch committed Mar 18, 2024
1 parent 41d088a commit b11174c
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 13 deletions.
2 changes: 1 addition & 1 deletion deployment/helm/ditto/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ description: |
A digital twin is a virtual, cloud based, representation of his real world counterpart
(real world “Things”, e.g. devices like sensors, smart heating, connected cars, smart grids, EV charging stations etc).
type: application
version: 3.5.3 # chart version is effectively set by release-job
version: 3.6.0 # chart version is effectively set by release-job
appVersion: 3.5.3
keywords:
- iot-chart
Expand Down
23 changes: 17 additions & 6 deletions deployment/helm/ditto/templates/nginx-auth.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,24 @@ type: Opaque
stringData:
nginx.htpasswd: |-
{{- if .Values.global.hashedBasicAuthUsers }}
{{ range .Values.global.hashedBasicAuthUsers }}
{{- . | indent 4 }}
{{ end }}
{{ range .Values.global.hashedBasicAuthUsers }}
{{- . | indent 4 }}
{{ end }}
{{- else }}
{{ range $key, $value := .Values.global.basicAuthUsers }}
{{- (htpasswd $value.user $value.password) | indent 4 }}
{{ end }}
{{- if (quote .Values.global.existingSecret | empty) }}
{{ range $key, $value := .Values.global.basicAuthUsers }}
{{- (htpasswd $value.user $value.password) | indent 4 }}
{{ end }}
{{- else }}
{{- $secret := lookup "v1" "Secret" $.Release.Namespace .Values.global.existingSecret }}
{{- if $secret }}
{{- range $user, $password := $secret.data }}
{{ htpasswd $user ($password | b64dec) | indent 4 }}
{{- end }}
{{- else}}
{{- fail (printf "Missing provided existingSecret for basicAuthUsers: %s" .Values.global.existingSecret) }}
{{- end }}
{{ end }}
{{ end }}
---
{{- end }}
23 changes: 17 additions & 6 deletions deployment/helm/ditto/templates/nginx-ingress-auth.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,24 @@ type: Opaque
stringData:
auth: |-
{{- if .Values.global.hashedBasicAuthUsers }}
{{ range .Values.global.hashedBasicAuthUsers }}
{{- . | indent 4 }}
{{ end }}
{{ range .Values.global.hashedBasicAuthUsers }}
{{- . | indent 4 }}
{{ end }}
{{- else }}
{{ range $key, $value := .Values.global.basicAuthUsers }}
{{- (htpasswd $value.user $value.password) | indent 4 }}
{{ end }}
{{- if (quote .Values.global.existingSecret | empty) }}
{{ range $key, $value := .Values.global.basicAuthUsers }}
{{- (htpasswd $value.user $value.password) | indent 4 }}
{{ end }}
{{- else }}
{{- $secret := lookup "v1" "Secret" $.Release.Namespace .Values.global.existingSecret }}
{{- if $secret }}
{{- range $user, $password := $secret.data }}
{{ htpasswd $user ($password | b64dec) | indent 4 }}
{{- end }}
{{- else}}
{{- fail (printf "Missing provided existingSecret for basicAuthUsers: %s" .Values.global.existingSecret) }}
{{- end }}
{{ end }}
{{ end }}
---
{{- end }}
7 changes: 7 additions & 0 deletions deployment/helm/ditto/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,13 @@ global:
# password: ditto
# - user: jane
# password: janesPw

# existingSecret contains the name of existing secret containing user and password
# format: ${user}:${password}, where secret key is ${user} and value is ${password}
# example creating secret for users ditto and jane:
# kubectl create secret generic ditto-basic-auth --from-literal ditto=ditto --from-literal jane=janesPw
# if not set then basicAuthUsers values are used.
existingSecret:
# hashedBasicAuthUsers configures a list of hashed .htpasswd username/password entries
hashedBasicAuthUsers: []
# jwtOnly controls whether only OpenID-Connect authentication is supported
Expand Down

0 comments on commit b11174c

Please sign in to comment.