Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: integrate with keycloak #44

Merged
merged 21 commits into from
May 3, 2024
Merged
Changes from 12 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 25 additions & 13 deletions chart/templates/mattermost-sso.yaml
Original file line number Diff line number Diff line change
@@ -1,16 +1,28 @@
apiVersion: v1
kind: Secret
apiVersion: uds.dev/v1alpha1
kind: Package
ericwyles marked this conversation as resolved.
Show resolved Hide resolved
metadata:
name: mattermost-sso
namespace: {{ .Release.Namespace }}
type: Opaque
stringData:
MM_GITLABSETTINGS_ENABLE: "{{ .Values.sso.enabled | toString }}"
MM_GITLABSETTINGS_ID: "{{ .Values.sso.client_id }}"
MM_GITLABSETTINGS_SECRET: "{{ .Values.sso.client_secret }}"
MM_GITLABSETTINGS_AUTHENDPOINT: "{{ .Values.sso.auth_endpoint }}"
MM_GITLABSETTINGS_TOKENENDPOINT: "{{ .Values.sso.token_endpoint }}"
MM_GITLABSETTINGS_USERAPIENDPOINT: "{{ .Values.sso.user_api_endpoint }}"
MM_EMAILSETTINGS_ENABLESIGNUPWITHEMAIL: "{{ .Values.sso.enable_sign_up_with_email | toString }}"
MM_EMAILSETTINGS_ENABLESIGNINWITHEMAIL: "{{ .Values.sso.enable_sign_in_with_email | toString }}"
MM_EMAILSETTINGS_ENABLESIGNINWITHUSERNAME: "{{ .Values.sso.enable_sign_in_with_username | toString }}"
spec:
sso:
- name: Mattermost Client
clientId: mattermost-client
redirectUris:
- "https://chat.uds.dev/*"
defaultClientScopes:
- "openid"
- "mapper-oidc-username-username"
- "mapper-oidc-mattermostid-id"
- "mapper-oidc-email-email"

secretName: mattermost-sso
secretTemplate:
MM_GITLABSETTINGS_ENABLE: "{{ .Values.sso.enabled | toString }}"
MM_GITLABSETTINGS_ID: "clientField(clientId)"
MM_GITLABSETTINGS_SECRET: "clientField(secret)"
MM_GITLABSETTINGS_AUTHENDPOINT: "{{ .Values.sso.auth_endpoint }}"
MM_GITLABSETTINGS_TOKENENDPOINT: "{{ .Values.sso.token_endpoint }}"
MM_GITLABSETTINGS_USERAPIENDPOINT: "{{ .Values.sso.user_api_endpoint }}"
MM_EMAILSETTINGS_ENABLESIGNUPWITHEMAIL: "{{ .Values.sso.enable_sign_up_with_email | toString }}"
MM_EMAILSETTINGS_ENABLESIGNINWITHEMAIL: "{{ .Values.sso.enable_sign_in_with_email | toString }}"
MM_EMAILSETTINGS_ENABLESIGNINWITHUSERNAME: "{{ .Values.sso.enable_sign_in_with_username | toString }}"
17 changes: 8 additions & 9 deletions chart/values.yaml
Original file line number Diff line number Diff line change
@@ -16,16 +16,15 @@ postgres:
connectionOptions: ""

sso:
enabled: false
client_id: ""
client_secret: ""
auth_endpoint: ""
token_endpoint: ""
user_api_endpoint: ""
enabled: true
auth_endpoint: "https://sso.###ZARF_VAR_DOMAIN###/realms/uds/protocol/openid-connect/auth"
token_endpoint: "https://sso.###ZARF_VAR_DOMAIN###/realms/uds/protocol/openid-connect/token"
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
user_api_endpoint: "https://sso.###ZARF_VAR_DOMAIN###/realms/uds/protocol/openid-connect/userinfo"

# These should typically be disabled if SSO is enabled
enable_sign_up_with_email: true
enable_sign_in_with_email: true
enable_sign_in_with_username: true
enable_sign_up_with_email: false
enable_sign_in_with_email: false
enable_sign_in_with_username: false

# The subdomain for the mattermost server, will be prefixed to your domain (ex: mattermost.example.com)
subdomain: "chat"
18 changes: 13 additions & 5 deletions tasks.yaml
Original file line number Diff line number Diff line change
@@ -2,11 +2,11 @@ includes:
- cleanup: ./tasks/cleanup.yaml
- dependencies: ./tasks/dependencies.yaml
- test: ./tasks/test.yaml
- create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.11/tasks/create.yaml
- lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.11/tasks/lint.yaml
- pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.11/tasks/pull.yaml
- deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.11/tasks/deploy.yaml
- setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.11/tasks/setup.yaml
- create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/create.yaml
- lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/lint.yaml
- pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/pull.yaml
- deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/deploy.yaml
- setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/setup.yaml

tasks:
- name: default
@@ -39,6 +39,14 @@ tasks:
- task: dependencies:create
- task: create:test-bundle

- name: local-test
description: Test the health of a Mattermost deployment on an existing cluster (for iteration/dev speed)
actions:
- task: create-mm-test-bundle
- task: deploy:test-bundle
- task: test:health-check
- task: test:ingress
zachariahmiller marked this conversation as resolved.
Show resolved Hide resolved

# CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names

- name: test-package