gitea/helm-chart
45
55
Fork 125
Code Issues 32 Pull Requests 8 Actions Releases 87 Activity

Rework OAuth sources #244

Merged
luhahn merged 2 commits from justusbunsi/helm-chart:feature/191-multiple-oauth-sources into master 2021-12-20 14:43:56 +00:00
Conversation 10 Commits 2 Files Changed 5 +95 -32
justusbunsi commented 2021-11-13 12:20:44 +00:00
Member
Copy Link

This change request includes two different things to improve OAuth source handling:

  • Allow multiple OAuth source configuration (Fixes: #191)
  • Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242)

⚠️ BREAKING ⚠️

Users need to migrate their gitea.oauth configuration.

This change request includes two different things to improve OAuth source handling: - Allow multiple OAuth source configuration (Fixes: #191) - Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242) ⚠️ BREAKING ⚠️ --- Users need to migrate their `gitea.oauth` configuration.
justusbunsi added this to the 5.0.0 milestone 2021-11-13 12:20:44 +00:00
justusbunsi added the
kind
breaking
kind
feature
 labels 2021-11-13 12:20:44 +00:00
luhahn reviewed 2021-11-18 10:46:13 +00:00
templates/_helpers.tpl Outdated
@ -139,3 +139,3 @@
{{- define "gitea.oauth_settings" -}}
{{- range $key, $val := .Values.gitea.oauth -}}
{{- $idx := index . 0 }}
luhahn commented 2021-11-18 10:46:05 +00:00
Member
Copy Link

we could add oauth password/secret key deployment via existing secrets like in the ldap settings. Otherwise idx won't be needed here.

we could add oauth password/secret key deployment via existing secrets like in the ldap settings. Otherwise idx won't be needed here.
justusbunsi marked this conversation as resolved
justusbunsi added the
status
blocked
 label 2021-11-19 18:49:44 +00:00
justusbunsi added a new dependency 2021-11-19 18:49:53 +00:00
#248 Drop custom probes
justusbunsi added a new dependency 2021-11-19 18:50:53 +00:00
#240 Generic way for configuring Gitea app.ini
justusbunsi force-pushed feature/191-multiple-oauth-sources from c5a405f857 to 729f95b26a 2021-11-19 19:10:40 +00:00 Compare
justusbunsi force-pushed feature/191-multiple-oauth-sources from 729f95b26a to af5ae13c7d 2021-11-19 19:20:45 +00:00 Compare
justusbunsi force-pushed feature/191-multiple-oauth-sources from af5ae13c7d to e5733e7400 2021-11-19 21:32:52 +00:00 Compare
justusbunsi changed title from Add support for multiple OAuth sources to WIP: Add support for multiple OAuth sources 2021-11-19 21:34:52 +00:00
justusbunsi changed title from WIP: Add support for multiple OAuth sources to WIP: Rework OAuth sources 2021-11-19 22:50:28 +00:00
justusbunsi changed title from WIP: Rework OAuth sources to Rework OAuth sources 2021-11-19 22:55:23 +00:00
luhahn commented 2021-12-13 08:51:44 +00:00
Member
Copy Link

#248 was merged, we can continue here :)

#248 was merged, we can continue here :)
justusbunsi commented 2021-12-13 11:42:05 +00:00
Author
Member
Copy Link

Yay ?

Yay ?
justusbunsi commented 2021-12-18 10:09:28 +00:00
Author
Member
Copy Link

Updated and ready for review

Updated and ready for review
justusbunsi force-pushed feature/191-multiple-oauth-sources from 8ba6cad90f to 1e917cca73 2021-12-18 11:13:48 +00:00 Compare
justusbunsi removed the
status
blocked
 label 2021-12-18 11:14:05 +00:00
luhahn approved these changes 2021-12-20 09:51:58 +00:00
luhahn left a comment
Member
Copy Link

LGTM

LGTM
justusbunsi added 2 commits 2021-12-20 12:01:43 +00:00
Allow reading sensitive OAuth settings from secret 
Closes: #242
All checks were successful
continuous-integration/drone/pr Build is passing
Details
7a8fe820bf
zeripath approved these changes 2021-12-20 13:55:22 +00:00
zeripath left a comment
Owner
Copy Link

this conversion of yaml to cli options seems quite fragile and hacky.

We may want to consider having commands that would ingest the yaml directly.

However, if you're certain that this is the correct approach then LGTM.

this conversion of yaml to cli options seems quite fragile and hacky. We may want to consider having commands that would ingest the yaml directly. However, if you're certain that this is the correct approach then LGTM.
justusbunsi commented 2021-12-20 14:21:27 +00:00
Author
Member
Copy Link

@zeripath It is fragile and hacky.? I would consider it the right approach at the moment.

Literally a few hours ago I had a chat with luhahn about a quite generic way of having a configuration-as-code for Gitea natively. There are other tools like Jenkins with a plugin providing such stuff and it is awesome. I'll try to implement something similar in Gitea and create a PR for it to discuss a bit more but am not sure when I have enough time for it as I'm not so deep into the Gitea code.

@zeripath It **is** fragile and hacky.? I would consider it the right approach at the moment. Literally a few hours ago I had a chat with luhahn about a quite generic way of having a configuration-as-code for Gitea natively. There are other tools like Jenkins with a plugin providing such stuff and it is awesome. I'll try to implement something similar in Gitea and create a PR for it to discuss a bit more but am not sure when I have enough time for it as I'm not so deep into the Gitea code.
luhahn merged commit 6d9362ed39 into master 2021-12-20 14:43:56 +00:00
luhahn referenced this issue from a commit 2021-12-20 14:43:56 +00:00
Rework OAuth sources (#244)
justusbunsi deleted branch feature/191-multiple-oauth-sources 2021-12-20 15:25:42 +00:00
samip537 commented 2021-12-21 01:42:03 +00:00
First-time contributor
Copy Link

I would like to point out that this fails currently (Using flux so that variable subtition is fine):

gitea:
      oauth:
        - name: 'Authentik'
          provider: openidConnect
          existingSecret: gitea-oauth-secret
          autoDiscoverUrl: https://id.{SECRET_DOMAIN}/application/o/gitea/.well-known/openid-configuration

Normal  error  <invalid> (x6 over <invalid>)  helm-controller  reconciliation failed: Helm install failed: template: gitea/templates/gitea/statefulset.yaml:21:27: executing "gitea/templates/gitea/statefulset.yaml" at <include "gitea.oauth_settings" .>: error calling include: template: gitea/templates/_helpers.tpl:139:7: executing "gitea.oauth_settings" at <ne $key "enabled">: error calling ne: incompatible types for compariso
I would like to point out that this fails currently (Using flux so that variable subtition is fine): ```yaml gitea: oauth: - name: 'Authentik' provider: openidConnect existingSecret: gitea-oauth-secret autoDiscoverUrl: https://id.{SECRET_DOMAIN}/application/o/gitea/.well-known/openid-configuration ``` ``` Normal error <invalid> (x6 over <invalid>) helm-controller reconciliation failed: Helm install failed: template: gitea/templates/gitea/statefulset.yaml:21:27: executing "gitea/templates/gitea/statefulset.yaml" at <include "gitea.oauth_settings" .>: error calling include: template: gitea/templates/_helpers.tpl:139:7: executing "gitea.oauth_settings" at <ne $key "enabled">: error calling ne: incompatible types for compariso ```
justusbunsi commented 2021-12-21 07:13:16 +00:00
Author
Member
Copy Link

The log seems to be trimmed. Do you have the full log?

The log seems to be trimmed. Do you have the full log?
justusbunsi commented 2021-12-21 07:15:24 +00:00
Author
Member
Copy Link

And: Have you tried this with the latest released 1.4.1? I've never encountered such a problem before.
In addition: Did Flux actually fetch new source for the Helm Chart yet?

And: Have you tried this with the latest released 1.4.1? I've never encountered such a problem before. In addition: Did Flux actually fetch new source for the Helm Chart yet?
luhahn commented 2021-12-21 08:59:32 +00:00
Member
Copy Link

@samip537 It looks like you're using an old version, "gitea.oauth_settings" at <ne $key "enabled">: the enabled key was removed with this PR.

Please notice, that the current master branch has not been released

@samip537 It looks like you're using an old version, "gitea.oauth_settings" at <ne $key "enabled">: the enabled key was removed with this PR. Please notice, that the current master branch has not been released
justusbunsi commented 2021-12-21 10:49:56 +00:00
Author
Member
Copy Link

Hi @samip537. I've tested FluxCD with the latest master source code for the Helm Chart and it works as expected. You can find my used Flux resources in my test repository:

We also opened PR #267 to make sure the obsolete and now invalid option enabled won't cause problems in the future.

Hi @samip537. I've tested FluxCD with the latest master source code for the Helm Chart and it works as expected. You can find my used Flux resources in my test repository: - [Gitea Helm Repository](https://gitea.com/justusbunsi/flux-gitea-helm-chart-test/src/branch/main/clusters/wsl/helm/repositories/gitea.yaml) - [Gitea Helm Release](https://gitea.com/justusbunsi/flux-gitea-helm-chart-test/src/branch/main/clusters/wsl/helm/releases/gitea.yaml) including customized values.yaml We also opened PR #267 to make sure the obsolete and now invalid option `enabled` won't cause problems in the future.
samip537 commented 2021-12-21 21:29:39 +00:00
First-time contributor
Copy Link

Ahh, okey. Somehow I thought that it was already released, my bad but then that makes perfect sense. :)

Ahh, okey. Somehow I thought that it was already released, my bad but then that makes perfect sense. :)
Sign in to join this conversation.
Reviewers
No reviewers
luhahn
zeripath
Labels
Clear labels   
has
backport

  
in progress

   
invalid
  
kind
breaking

  
kind
bug

  
kind
build

  
kind
dependency

  
kind
deployment

  
kind
docs

  
kind
enhancement

  
kind
feature

  
kind
lint

  
kind
proposal

  
kind
question

  
kind
refactor

  
kind
security

  
kind
testing

  
kind
translation

  
kind
ui

  
need
backport

  
priority
critical

  
priority
low

  
priority
maybe

  
priority
medium

  
reviewed
duplicate

  
reviewed
invalid

  
reviewed
wontfix

  
skip-changelog
  
status
blocked

  
status
needs-feedback

  
status
needs-reviews

  
status
wip

  
upstream
gitea

  
upstream
other

No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
Milestone
Clear milestone
No items
No Milestone
5.0.0
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Blocks
#240 Generic way for configuring Gitea app.ini
gitea/helm-chart
Depends on
#248 Drop custom probes
gitea/helm-chart
Reference: gitea/helm-chart#244
No description provided.
Delete Branch "justusbunsi/helm-chart:feature/191-multiple-oauth-sources"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?