From e5f1151f58861d1c9062e3185ac0e9b009cf630f Mon Sep 17 00:00:00 2001 From: Quentin BEY Date: Wed, 23 Oct 2024 10:46:20 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(helm)=20update=20settings=20after?= =?UTF-8?q?=20previous=20commit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This adds `siret`to the requested OIDC scopes. This defines a validator for the Organization registration ID, to enforce SIRET format. --- src/helm/env.d/dev/values.desk.yaml.gotmpl | 3 ++- src/helm/env.d/preprod/values.desk.yaml.gotmpl | 3 ++- src/helm/env.d/production/values.desk.yaml.gotmpl | 3 ++- src/helm/env.d/staging/values.desk.yaml.gotmpl | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/helm/env.d/dev/values.desk.yaml.gotmpl b/src/helm/env.d/dev/values.desk.yaml.gotmpl index 0a95a41..ba20901 100644 --- a/src/helm/env.d/dev/values.desk.yaml.gotmpl +++ b/src/helm/env.d/dev/values.desk.yaml.gotmpl @@ -35,9 +35,10 @@ backend: name: backend key: OIDC_RP_CLIENT_SECRET OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email" + OIDC_RP_SCOPES: "openid email siret" OIDC_REDIRECT_ALLOWED_HOSTS: https://desk.127.0.0.1.nip.io OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" + ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]' LOGIN_REDIRECT_URL: https://desk.127.0.0.1.nip.io LOGIN_REDIRECT_URL_FAILURE: https://desk.127.0.0.1.nip.io LOGOUT_REDIRECT_URL: https://desk.127.0.0.1.nip.io diff --git a/src/helm/env.d/preprod/values.desk.yaml.gotmpl b/src/helm/env.d/preprod/values.desk.yaml.gotmpl index cb86f69..4554149 100644 --- a/src/helm/env.d/preprod/values.desk.yaml.gotmpl +++ b/src/helm/env.d/preprod/values.desk.yaml.gotmpl @@ -51,9 +51,10 @@ backend: name: backend key: OIDC_RP_CLIENT_SECRET OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email" + OIDC_RP_SCOPES: "openid email siret" OIDC_REDIRECT_ALLOWED_HOSTS: https://desk-preprod.beta.numerique.gouv.fr OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" + ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]' LOGIN_REDIRECT_URL: https://desk-preprod.beta.numerique.gouv.fr LOGIN_REDIRECT_URL_FAILURE: https://desk-preprod.beta.numerique.gouv.fr LOGOUT_REDIRECT_URL: https://desk-preprod.beta.numerique.gouv.fr diff --git a/src/helm/env.d/production/values.desk.yaml.gotmpl b/src/helm/env.d/production/values.desk.yaml.gotmpl index 1de9a62..0e35c1c 100644 --- a/src/helm/env.d/production/values.desk.yaml.gotmpl +++ b/src/helm/env.d/production/values.desk.yaml.gotmpl @@ -51,9 +51,10 @@ backend: name: backend key: OIDC_RP_CLIENT_SECRET OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email" + OIDC_RP_SCOPES: "openid email siret" OIDC_REDIRECT_ALLOWED_HOSTS: https://regie.numerique.gouv.fr OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" + ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]' LOGIN_REDIRECT_URL: https://regie.numerique.gouv.fr LOGIN_REDIRECT_URL_FAILURE: https://regie.numerique.gouv.fr LOGOUT_REDIRECT_URL: https://regie.numerique.gouv.fr diff --git a/src/helm/env.d/staging/values.desk.yaml.gotmpl b/src/helm/env.d/staging/values.desk.yaml.gotmpl index ef5153e..15f1759 100644 --- a/src/helm/env.d/staging/values.desk.yaml.gotmpl +++ b/src/helm/env.d/staging/values.desk.yaml.gotmpl @@ -65,9 +65,10 @@ backend: name: backend key: OIDC_RS_PRIVATE_KEY_STR OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email" + OIDC_RP_SCOPES: "openid email siret" OIDC_REDIRECT_ALLOWED_HOSTS: https://desk-staging.beta.numerique.gouv.fr OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" + ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "[a-z][0-9]{14}"}}]' LOGIN_REDIRECT_URL: https://desk-staging.beta.numerique.gouv.fr LOGIN_REDIRECT_URL_FAILURE: https://desk-staging.beta.numerique.gouv.fr LOGOUT_REDIRECT_URL: https://desk-staging.beta.numerique.gouv.fr