studio/sbbb - sbbb - Gitea: Git with a cup of tea

studio/sbbb

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sienna Meridian Satterwhite	f13beed1c4	fix(lasuite): fix OIDC config for People login - Switch all user-facing app OAuth2 clients to client_secret_post (mozilla-django-oidc sends credentials in POST body by default) - Set LOGIN_REDIRECT_URL=/ so Django redirects to frontend after login - Add local overlay patch to disable OIDC SSL verification (mkcert CA not trusted inside pods; production uses real certs)	2026-03-03 11:31:28 +00:00
Sienna Meridian Satterwhite	9092e2711b	fix(lasuite): configure people for Production Django settings and correct OIDC redirect URI - oidc-clients.yaml: change people redirect URI from /oidc/callback/ to /api/v1.0/callback/ (the actual path the Django app registers) - people-values.yaml: set DJANGO_CONFIGURATION=Production so Django trusts X-Forwarded-Proto from Pingora and generates https:// URLs; add ALLOWED_HOSTS and DJANGO_CSRF_TRUSTED_ORIGINS for the people subdomain	2026-03-03 02:01:31 +00:00
Sienna Meridian Satterwhite	302b7ba56b	feat(lasuite): add People service (desk chart); migrate La Suite secrets to VSO People (desk chart v0.0.7): - Add people-values.yaml with all env vars wired to ConfigMaps and Secrets. DB password, S3 credentials, OIDC client, and Django secret key all come from VSO-managed K8s Secrets via secretKeyRef — nothing hardcoded. - Add Helm chart entry to kustomization.yaml (repo: suitenumerique/people). La Suite VSO secrets (vault-secrets.yaml): - seaweedfs-s3-credentials VSS (shared S3 creds → S3_ACCESS_KEY / S3_SECRET_KEY) - hive-db-url VDS (database/static-creds/hive → postgresql:// DSN, 24h rotation) - hive-oidc VSS (secret/hive → client-id / client-secret) - people-db-credentials VDS (database/static-creds/people → password, 24h rotation) - people-django-secret VSS (secret/people → DJANGO_SECRET_KEY)	2026-03-02 18:33:28 +00:00

Author

SHA1

Message

Date

Sienna Meridian Satterwhite

f13beed1c4

fix(lasuite): fix OIDC config for People login

- Switch all user-facing app OAuth2 clients to client_secret_post
  (mozilla-django-oidc sends credentials in POST body by default)
- Set LOGIN_REDIRECT_URL=/ so Django redirects to frontend after login
- Add local overlay patch to disable OIDC SSL verification
  (mkcert CA not trusted inside pods; production uses real certs)

2026-03-03 11:31:28 +00:00

Sienna Meridian Satterwhite

9092e2711b

fix(lasuite): configure people for Production Django settings and correct OIDC redirect URI

- oidc-clients.yaml: change people redirect URI from /oidc/callback/ to
  /api/v1.0/callback/ (the actual path the Django app registers)
- people-values.yaml: set DJANGO_CONFIGURATION=Production so Django trusts
  X-Forwarded-Proto from Pingora and generates https:// URLs; add
  ALLOWED_HOSTS and DJANGO_CSRF_TRUSTED_ORIGINS for the people subdomain

2026-03-03 02:01:31 +00:00

Sienna Meridian Satterwhite

302b7ba56b

feat(lasuite): add People service (desk chart); migrate La Suite secrets to VSO

People (desk chart v0.0.7):
- Add people-values.yaml with all env vars wired to ConfigMaps and Secrets.
  DB password, S3 credentials, OIDC client, and Django secret key all come
  from VSO-managed K8s Secrets via secretKeyRef — nothing hardcoded.
- Add Helm chart entry to kustomization.yaml (repo: suitenumerique/people).

La Suite VSO secrets (vault-secrets.yaml):
- seaweedfs-s3-credentials VSS (shared S3 creds → S3_ACCESS_KEY / S3_SECRET_KEY)
- hive-db-url VDS (database/static-creds/hive → postgresql:// DSN, 24h rotation)
- hive-oidc VSS (secret/hive → client-id / client-secret)
- people-db-credentials VDS (database/static-creds/people → password, 24h rotation)
- people-django-secret VSS (secret/people → DJANGO_SECRET_KEY)

2026-03-02 18:33:28 +00:00

3 Commits