Allow oauth client ID and secret to be set from secret

ubc · Oct 28, 2024 · 2535ab1 · 2535ab1
1 parent 5ebfbf5
commit 2535ab1
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/hotcrp/Chart.yaml b/hotcrp/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.2
+version: 0.2.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/hotcrp/templates/deployment.yaml b/hotcrp/templates/deployment.yaml
@@ -64,6 +64,26 @@ spec:
             - name: HOTCRP_LOGIN_TYPE
               value: {{ .Values.hotcrp.loginType }}
             {{- end }}
+            {{- if .Values.hotcrp.oauthClientId }}
+            - name: HOTCRP_OAUTH_CLIENTID
+              value: {{ .Values.hotcrp.oauthClientId }}
+            {{- end }}
+            {{- if .Values.hotcrp.oauthClientSecret }}
+            - name: HOTCRP_OAUTH_CLIENTSECRET
+              value: {{ .Values.hotcrp.oauthClientSecret }}
+            {{- end }}
+            {{- if .Values.hotcrp.oauthClientExistingSecret }}
+            - name: HOTCRP_OAUTH_CLIENTID
+              valueFrom:
+               secretKeyRef:
+                 name: {{ .Values.hotcrp.oauthExistingClient }}
+                 key: client_id
+            - name: HOTCRP_OAUTH_CLIENTSECRET
+              valueFrom:
+               secretKeyRef:
+                 name: {{ .Values.hotcrp.oauthExistingClient }}
+                 key: client_secret
+            {{- end }}
             {{- if .Values.hotcrp.oauthProvider }}
             - name: HOTCRP_OAUTH_PROVIDER
               value: {{ .Values.hotcrp.oauthProvider }}

diff --git a/hotcrp/values.yaml b/hotcrp/values.yaml
@@ -18,7 +18,17 @@ hotcrp:
   paperSite: ""
   # the email address for the first admin created automatically
   adminEmail: [email protected]
+
+  # uncomment to use oauth authentication
   #loginType: oauth
+
+  # specifiy oauth client_id and client secret separately or with existing secret
+  # they can also be set directly in oauthProvider parameter
+  #oauthClientId:
+  #oauthClientSecret:
+  # Provide the existing secret name for oauth client_id and client_secret. The
+  # existing secret must contain `client_id` and `client_secret` keys
+  #oauthClientExistingSecret:
   #oauthProvider: |
   # '{}'