From 7d1f227531564cb9e62f4f0a6c5e3c1d2f681ffb Mon Sep 17 00:00:00 2001
From: acelinkio <31336038+acelinkio@users.noreply.github.com>
Date: Wed, 27 Nov 2024 01:13:21 -0800
Subject: [PATCH] Update oidc configuration in helm (#693)

---
 chart/templates/back/deployment.yaml | 42 ++++++++++++++--------------
 chart/values.yaml                    | 25 +++++++++--------
 2 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml
index e4662543..1afdb0cd 100644
--- a/chart/templates/back/deployment.yaml
+++ b/chart/templates/back/deployment.yaml
@@ -127,31 +127,31 @@ spec:
                 secretKeyRef:
                   key: {{ .Values.global.meilisearch.kyoo_back.masterkeyKey }}
                   name: {{ .Values.global.meilisearch.kyoo_back.existingSecret }}
-            {{- if .Values.kyoo.oidc.enabled }}
-            - name: OIDC_SERVICE_NAME
-              value: {{ .Values.kyoo.oidc.name | quote }}
-            - name: OIDC_SERVICE_LOGO
-              value: {{ .Values.kyoo.oidc.logo | quote }}
-            - name: OIDC_SERVICE_CLIENTID
+            {{- range $index, $provider := .Values.kyoo.oidc_providers }}
+            - name: OIDC_{{ $provider.name | upper }}_NAME
+              value: {{ $provider.name | quote }}
+            - name: OIDC_{{ $provider.name | upper }}_LOGO
+              value: {{ $provider.logo | quote }}
+            - name: OIDC_{{ $provider.name | upper }}_CLIENTID
               valueFrom:
                 secretKeyRef:
-                  key: {{ .Values.kyoo.oidc.clientIdKey }}
-                  name: {{ .Values.kyoo.oidc.existingSecret }}
-            - name: OIDC_SERVICE_SECRET
+                  key: {{ $provider.clientIdKey }}
+                  name: {{ $provider.existingSecret }}
+            - name: OIDC_{{ $provider.name | upper }}_SECRET
               valueFrom:
                 secretKeyRef:
-                  key: {{ .Values.kyoo.oidc.clientSecretKey }}
-                  name: {{ .Values.kyoo.oidc.existingSecret }}
-            - name: OIDC_SERVICE_AUTHORIZATION
-              value: {{ .Values.kyoo.oidc.authorizationAddress | quote }}
-            - name: OIDC_SERVICE_TOKEN
-              value: {{ .Values.kyoo.oidc.tokenAddress | quote }}
-            - name: OIDC_SERVICE_PROFILE
-              value: {{ .Values.kyoo.oidc.profileAddress | quote }}
-            - name: OIDC_SERVICE_SCOPE
-              value: {{ .Values.kyoo.oidc.scope | quote }}
-            - name: OIDC_SERVICE_AUTHMETHOD
-              value: {{ .Values.kyoo.oidc.authMethod | quote }}
+                  key: {{ $provider.clientSecretKey }}
+                  name: {{ $provider.existingSecret }}
+            - name: OIDC_{{ $provider.name | upper }}_AUTHORIZATION
+              value: {{ $provider.authorizationAddress | quote }}
+            - name: OIDC_{{ $provider.name | upper }}_TOKEN
+              value: {{ $provider.tokenAddress | quote }}
+            - name: OIDC_{{ $provider.name | upper }}_PROFILE
+              value: {{ $provider.profileAddress | quote }}
+            - name: OIDC_{{ $provider.name | upper }}_SCOPE
+              value: {{ $provider.scope | quote }}
+            - name: OIDC_{{ $provider.name | upper }}_AUTHMETHOD
+              value: {{ $provider.authMethod | default "ClientSecretBasic" | quote }}
             {{- end }}
             {{- with (concat .Values.global.extraEnv .Values.back.kyoo_back.extraEnv) }}
               {{- toYaml . | nindent 12 }}
diff --git a/chart/values.yaml b/chart/values.yaml
index da606afe..6e07bbd7 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -121,18 +121,19 @@ kyoo:
   apikey:
     existingSecret: bigsecret
     apikeyKey: kyoo_apikeys
-  oidc:
-    enabled: false
-    existingSecret: bigsecret
-    clientIdKey: clientId
-    clientSecretKey: clientSecret
-    name: YourPrettyName
-    logo: https://url-of-your-logo.com
-    authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth
-    tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token
-    profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo
-    scope: "email openid profile"
-    authMethod: ClientSecretBasic
+  # oidc_providers is a list of oidc providers that you want to use for authentication.
+  # see the example below for how to configure an oidc provider.
+  oidc_providers: []
+    # - name: example
+    #   existingSecret: bigsecret
+    #   clientIdKey: clientId
+    #   clientSecretKey: clientSecret
+    #   logo: https://url-of-your-logo.com
+    #   authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth
+    #   tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token
+    #   profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo
+    #   scope: "email openid profile"
+    #   authMethod: ClientSecretBasic
 
 # configures workloads that require access to media
 media: