From 2535ab1c736ae604c06fc4c7c9a0dc1033b8b330 Mon Sep 17 00:00:00 2001
From: Pan Luo <pan.luo@ubc.ca>
Date: Mon, 28 Oct 2024 15:26:43 -0700
Subject: [PATCH] Allow oauth client ID and secret to be set from secret

---
 hotcrp/Chart.yaml                |  2 +-
 hotcrp/templates/deployment.yaml | 20 ++++++++++++++++++++
 hotcrp/values.yaml               | 10 ++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/hotcrp/Chart.yaml b/hotcrp/Chart.yaml
index 8107f6b..710c4cd 100644
--- a/hotcrp/Chart.yaml
+++ b/hotcrp/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.2
+version: 0.2.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/hotcrp/templates/deployment.yaml b/hotcrp/templates/deployment.yaml
index 300dafe..62eee37 100644
--- a/hotcrp/templates/deployment.yaml
+++ b/hotcrp/templates/deployment.yaml
@@ -64,6 +64,26 @@ spec:
             - name: HOTCRP_LOGIN_TYPE
               value: {{ .Values.hotcrp.loginType }}
             {{- end }}
+            {{- if .Values.hotcrp.oauthClientId }}
+            - name: HOTCRP_OAUTH_CLIENTID
+              value: {{ .Values.hotcrp.oauthClientId }}
+            {{- end }}
+            {{- if .Values.hotcrp.oauthClientSecret }}
+            - name: HOTCRP_OAUTH_CLIENTSECRET
+              value: {{ .Values.hotcrp.oauthClientSecret }}
+            {{- end }}
+            {{- if .Values.hotcrp.oauthClientExistingSecret }}
+            - name: HOTCRP_OAUTH_CLIENTID
+              valueFrom:
+               secretKeyRef:
+                 name: {{ .Values.hotcrp.oauthExistingClient }}
+                 key: client_id
+            - name: HOTCRP_OAUTH_CLIENTSECRET
+              valueFrom:
+               secretKeyRef:
+                 name: {{ .Values.hotcrp.oauthExistingClient }}
+                 key: client_secret
+            {{- end }}
             {{- if .Values.hotcrp.oauthProvider }}
             - name: HOTCRP_OAUTH_PROVIDER
               value: {{ .Values.hotcrp.oauthProvider }}
diff --git a/hotcrp/values.yaml b/hotcrp/values.yaml
index 555929c..b91eff8 100644
--- a/hotcrp/values.yaml
+++ b/hotcrp/values.yaml
@@ -18,7 +18,17 @@ hotcrp:
   paperSite: ""
   # the email address for the first admin created automatically
   adminEmail: siteadmin@example.com
+
+  # uncomment to use oauth authentication
   #loginType: oauth
+
+  # specifiy oauth client_id and client secret separately or with existing secret
+  # they can also be set directly in oauthProvider parameter
+  #oauthClientId:
+  #oauthClientSecret:
+  # Provide the existing secret name for oauth client_id and client_secret. The
+  # existing secret must contain `client_id` and `client_secret` keys
+  #oauthClientExistingSecret:
   #oauthProvider: |
   # '{}'