From 8c54e701c1b528975360f362d128fcf3c716e47b Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Thu, 29 Aug 2024 11:51:52 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(helm)=20configure=20resource=20ser?= =?UTF-8?q?ver=20in=20staging?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow desk-staging app to interact with AgentConnect integration env to introspect a received access token. Other environment (pre-prod and production) will be configured when at least one interconnection with a service provider has been validated. --- secrets | 2 +- src/helm/desk/templates/secrets.yaml | 6 ++++++ src/helm/env.d/staging/values.desk.yaml.gotmpl | 14 ++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/secrets b/secrets index d7cfe7b..a31bc36 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit d7cfe7bcdcfcf3174c900109b37ad101d2dc33d4 +Subproject commit a31bc360ab865c9d719865e3fada04375fb130c8 diff --git a/src/helm/desk/templates/secrets.yaml b/src/helm/desk/templates/secrets.yaml index 269f34c..23db9da 100644 --- a/src/helm/desk/templates/secrets.yaml +++ b/src/helm/desk/templates/secrets.yaml @@ -9,3 +9,9 @@ stringData: DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }} OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }} OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }} +{{ if .Values.resourceServer }} + OIDC_RS_CLIENT_ID: {{ .Values.resourceServer.clientId }} + OIDC_RS_CLIENT_SECRET: {{ .Values.resourceServer.clientSecret }} + OIDC_RS_PRIVATE_KEY_STR: | +{{ .Values.resourceServer.privateKey | indent 4 }} +{{ end }} diff --git a/src/helm/env.d/staging/values.desk.yaml.gotmpl b/src/helm/env.d/staging/values.desk.yaml.gotmpl index dd326af..9a15563 100644 --- a/src/helm/env.d/staging/values.desk.yaml.gotmpl +++ b/src/helm/env.d/staging/values.desk.yaml.gotmpl @@ -33,6 +33,8 @@ backend: OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end + OIDC_OP_INTROSPECTION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/checktoken + OIDC_OP_URL: https://fca.integ01.dev-agentconnect.fr/api/v2 OIDC_RP_CLIENT_ID: secretKeyRef: name: backend @@ -41,6 +43,18 @@ backend: secretKeyRef: name: backend key: OIDC_RP_CLIENT_SECRET + OIDC_RS_CLIENT_ID: + secretKeyRef: + name: backend + key: OIDC_RS_CLIENT_ID + OIDC_RS_CLIENT_SECRET: + secretKeyRef: + name: backend + key: OIDC_RS_CLIENT_SECRET + OIDC_RS_PRIVATE_KEY_STR: + secretKeyRef: + name: backend + key: OIDC_RS_PRIVATE_KEY_STR OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SCOPES: "openid email" OIDC_REDIRECT_ALLOWED_HOSTS: https://desk-staging.beta.numerique.gouv.fr