Add web OIDC config #31
Conversation
fredx30
force-pushed
the
feature/add-web-oidc-config
branch
from
7dba6aa
to
f57dae4
Compare
There was a problem hiding this comment.
Very nice work 👍🏻
In wharf-helm/values.yaml there are some comments mentioning default value or that it's required.
I think adding that to all applicable fields could be good.
I.e., make optional fields all have the
Default is
value
part, and all required fields (without default values) explicitly say they are required.
EDIT: Also, maybe adding newlines to the very long comments.
Co-authored-by: Alexamakans <79503481+Alexamakans@users.noreply.github.com>
Co-authored-by: Alexamakans <79503481+Alexamakans@users.noreply.github.com>
|
The comments are straight off of https://github.com/damienbod/angular-auth-oidc-client/blob/main/projects/angular-auth-oidc-client/src/lib/config/openid-configuration.ts#L4 Here is what i can do about the comments. I will include the link the the interface that dictates naming and formatting. I could also reduce the level of details in the comments. I do however not however know or nessacerily understand why they are what they are in the first place. I have tested it as far as i can say with a fairly high degree of certainty that these are the settings one might need to change if one were to use a different identity provider with wharf. |
|
@jilleJr will hand this over to you, have a good time with my nasty code :) |
|
I've made some changes of the implementation. It is now more generic and lets users add as many new config fields as they want. This by using the The copied documentation on a per-value basis has been removed and instead I'm only referring to their documentation at https://nice-hill-002425310.azurestaticapps.net/docs/documentation/configuration#config-values and their source code at https://github.com/damienbod/angular-auth-oidc-client/blob/release_13_1_0/projects/angular-auth-oidc-client/src/lib/config/openid-configuration.ts |
|
I can't seem to remove my review as I previously requested changes. Best I could do was to approve it myself so GitHub stops complaining. |
|
For reference, this is what the templated ConfigMap looks like when having web.oidcEnabled=true: $ helm template mytest ./charts/wharf-helm --set web.oidcEnabled=true# ..snip other templated YAML docs..
---
# Source: wharf-helm/templates/web.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: mytest-wharf-helm-web-config
data:
config.json: |
{
"Environment": {
"Name": "dev",
"IsProduction": false
},
"UpdateLatency": 20000,
"UpdateFrequency": 30000,
"oidcConfig": {
"authority": "https://login.microsoftonline.com/841df554-ef9d-48b1-bc6e-44cf8543a8fc/v2.0/.well-known/openid-configuration",
"autoUserInfo": false,
"clientId": "01fcb3dc-7a2b-4b1c-a7d6-d7033089c779",
"ignoreNonceAfterRefresh": true,
"issValidationOff": false,
"logLevel": 2,
"maxIdTokenIatOffsetAllowedInSeconds": 600,
"postLogoutRedirectUri": "https://wharf.example.org",
"redirectUrl": "https://wharf.example.org",
"responseType": "id_token token",
"scope": "openid profile email offline_access api://wharf-internal/read api://wharf-internal/admin api://wharf-internal/deploy",
"silentRenew": true,
"useRefreshToken": true
},
"BackendUrls": {
"Api": "/api",
"GitlabImport" : "/import",
"GithubImport" : "/import",
"AzureDevopsImport" : "/import"
}
}
---
# ..snip other templated YAML docs.. |
charts/wharf-helm/CHANGELOG.mdfile, according to docs:https://iver-wharf.github.io/#/development/changelogs/writing-changelogs
(but without version dates nor WIP versions)
charts/wharf-helm/Chart.ymlSummary
This adds a config set for OIDC in web under the keys
.web.oidc.*.Added an entry for versionbumping chart.yml to the feature template.
Motivation
The helm chart currently overrides the wharf-web repo's config. As the module is always loaded in we need a valid config to not crash the app. This default config will be sufficient not to crash the app but will likely need to be configured in the case that it is to be used.
The template update should make it easier to remember the two locations for the version bumping, and might save someone a first failed github action run.