From 28adf987f7a8857c9166047206f41cfe516af400 Mon Sep 17 00:00:00 2001 From: Lebaud Antoine Date: Mon, 18 Mar 2024 23:27:30 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=90(helm)=20add=20OIDC=20secrets=20for?= =?UTF-8?q?=20dev=20environment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Set OIDC secrets for the dev environment. Please note that we use different secrets between dev and staging. Why? Benoit created two client id, thus we could easily tests Agent Connect feature from the local host and the staging one. The local host is desk.127.0.0.1.nip.io. If this value change at any time, please consider asking Benoit to update the host value linked to the dev client id. --- src/helm/env.d/dev/secrets.enc.yaml | 8 +++++--- src/helm/env.d/dev/values.desk.yaml.gotmpl | 4 ++-- src/helm/helmfile.yaml | 2 ++ 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/helm/env.d/dev/secrets.enc.yaml b/src/helm/env.d/dev/secrets.enc.yaml index 32a20f7..b889d6b 100644 --- a/src/helm/env.d/dev/secrets.enc.yaml +++ b/src/helm/env.d/dev/secrets.enc.yaml @@ -1,4 +1,6 @@ -empty: "" +oidc: + clientId: ENC[AES256_GCM,data:KlkyIG8tNj6Nj3G4nIN+QGt9FPtMIkoitC8jxx5n4hHq71mF,iv:AKrdqPnBFLNxtRB1cphRKtH9ccwx7V4ApspjIQxtWmY=,tag:8Upvn77PKsJ0ktQh/orXqQ==,type:str] + clientSecret: ENC[AES256_GCM,data:O6RwyuiaXGO3afc4sRQz5nHW62Dkx2/I4jVqGgkms/fsDHpCMs0I3iTfGPUgI4uER60Yml16yc6n/7LWbqoy+A==,iv:1wJhrsNOZcgduy4N5WNuUPNX2R5fwyMJTpjV8IPm7Hc=,tag:Q42WTMFIPSdEtllHyLZwbQ==,type:str] sops: kms: [] gcp_kms: [] @@ -59,8 +61,8 @@ sops: eEh1MmhQRFNyNE1NSDdwWk5BRCtDMFUKZByCL2Wj0X+lwUo06PHwOiaJhzqOMVVt Rj/pvynxLV4d0RBzwpgdL9uV8VzTED4GW9wotODbhEUtdlpSS1YOGg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-15T15:03:15Z" - mac: ENC[AES256_GCM,data:szXSpToolZtr7f+36uEhmP/8P4SkBRpaI/tBbGUGm9bNC1gmiRGUqAU0Yye+HYEhpEQZAUBUyj+wXl3napn6d8reyHed96yTpXWw47tKFlfZo3vPEN4+33OQZ+Za+gr+ZexZkRVelX+O4h31joyw/3eQa/IRz9XPc1afOnOnWq8=,iv:yPfQRDagj5FJW/v4bd8G8CfznN8eNWPk/SUpq6Fyggs=,tag:UCeIeUG0At24YH+K+lKPTw==,type:str] + lastmodified: "2024-03-18T22:26:38Z" + mac: ENC[AES256_GCM,data:6xfKunxhxiA2c0jQQwo0oMSD3ecBPmDEGB5Dv9NEGrVLRGbUXd96RPfodYJkFtKJpWHDBrKO4eSkaylAGtzxq29TIwSveTm4xdlz4JBe/a1OxjKwY8XzuDY/gjTNhYODp/Zot6Vg/ESkkjGSyWwPjjdfIJmtd5Bk4eb00UyMoxE=,iv:wQ2lF+RIagQjAAwDCFQF90He3m0xNWnC4CRNf0ndhRY=,tag:aWJj05jPkwbwwF/zaj/wyA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/src/helm/env.d/dev/values.desk.yaml.gotmpl b/src/helm/env.d/dev/values.desk.yaml.gotmpl index 4df9881..2c2a3a8 100644 --- a/src/helm/env.d/dev/values.desk.yaml.gotmpl +++ b/src/helm/env.d/dev/values.desk.yaml.gotmpl @@ -17,8 +17,8 @@ backend: OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo - OIDC_RP_CLIENT_ID: "ThisIsAnExampleIdForDevPurposeOnly" - OIDC_RP_CLIENT_SECRET: "ThisIsAnExampleKeyForDevPurposeOnly" + OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }} + OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }} OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SCOPES: "openid email" OIDC_REDIRECT_ALLOWED_HOSTS: https://desk.127.0.0.1.nip.io diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml index 533b545..d5494d5 100644 --- a/src/helm/helmfile.yaml +++ b/src/helm/helmfile.yaml @@ -36,6 +36,8 @@ environments: dev: values: - version: 0.0.1 + secrets: + - env.d/{{ .Environment.Name }}/secrets.enc.yaml staging: values: - version: 0.0.1