From a54e26c9c44075f945a98b8646ea641ded3dbd5c Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Fri, 21 Jan 2022 11:16:51 +0100
Subject: [PATCH 1/3] use newer containers and supply Hydra/OIDC variables to
 deployment

---
 deployment/helmchart/Chart.lock                         | 6 +++---
 deployment/helmchart/templates/configmaps.yaml          | 7 ++++---
 deployment/helmchart/templates/deployment.yaml          | 5 +++++
 deployment/helmchart/templates/secrets-admin-panel.yaml | 3 +++
 deployment/helmchart/values.yaml                        | 9 +++++++--
 5 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/deployment/helmchart/Chart.lock b/deployment/helmchart/Chart.lock
index c76e835..e20d8df 100644
--- a/deployment/helmchart/Chart.lock
+++ b/deployment/helmchart/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 1.10.0
-digest: sha256:d6f283322d34efda54721ddd67aec935f1bea501c7b45dfbe89814aed21ae5dc
-generated: "2021-09-30T16:27:06.738339948+02:00"
+  version: 1.10.4
+digest: sha256:e177cdcd71e67a1e64e95260c4b780374e1d66e85be405d5dc58459654e49ffa
+generated: "2022-01-21T11:11:54.359313957+01:00"
diff --git a/deployment/helmchart/templates/configmaps.yaml b/deployment/helmchart/templates/configmaps.yaml
index a2f8262..34c5a7f 100644
--- a/deployment/helmchart/templates/configmaps.yaml
+++ b/deployment/helmchart/templates/configmaps.yaml
@@ -13,9 +13,10 @@ data:
   SECRET_KEY: {{ .Values.backend.secretKey }}
   FLASK_APP: app.py
   FLASK_ENV: {{ .Values.backend.flaskEnv }}
-  # Probably needed in the future:
-  # DASHBOARD_BACKEND_USERNAME: {{ .Values.backend.username | quote }}
-  # DASHBOARD_BACKEND_EMAIL: {{ .Values.backend.email | quote }}
+  HYDRA_CLIENT_ID: {{ .Values.backend.oidc.clientId }}
+  HYDRA_AUTHORIZATION_BASE_URL: {{ .Values.backend.oidc.authorizationBaseUrl }}
+  TOKEN_URL: {{ .Values.backend.oidc.tokenUrl }}
+
   # {{- if .Values.backend.smtp.enabled }}
   # DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }}
   # DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }}
diff --git a/deployment/helmchart/templates/deployment.yaml b/deployment/helmchart/templates/deployment.yaml
index b69be60..1557dec 100644
--- a/deployment/helmchart/templates/deployment.yaml
+++ b/deployment/helmchart/templates/deployment.yaml
@@ -138,6 +138,11 @@ spec:
                 secretKeyRef:
                   name: {{ include "backend.smtp.secretName" . }}
                   key: smtp-password
+            - name: HYDRA_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "backend.secretName" . }}
+                  key: oidc-client-secret
             - name: KRATOS_URL
               value: {{ .Values.backend.kratosUrl }}
             {{- end }}
diff --git a/deployment/helmchart/templates/secrets-admin-panel.yaml b/deployment/helmchart/templates/secrets-admin-panel.yaml
index 969b210..07562c8 100644
--- a/deployment/helmchart/templates/secrets-admin-panel.yaml
+++ b/deployment/helmchart/templates/secrets-admin-panel.yaml
@@ -20,4 +20,7 @@ data:
   {{- if and (.Values.backend.smtp.password) (.Values.backend.smtp.enabled) (not .Values.backend.smtp.existingSecret) }}
   smtp-password: {{ .Values.backend.smtp.password | b64enc | quote }}
   {{- end }}
+  {{- if .Values.backend.oidc.clientSecret }}
+  oidc-client-secret: {{ .Values.backend.oidc.clientSecret | b64enc | quote }}
+  {{- end }}
 {{- end }}
diff --git a/deployment/helmchart/values.yaml b/deployment/helmchart/values.yaml
index 45a94fe..1f976f1 100644
--- a/deployment/helmchart/values.yaml
+++ b/deployment/helmchart/values.yaml
@@ -59,7 +59,7 @@ dashboard:
   image:
     registry: open.greenhost.net:4567
     repository: stackspin/dashboard/dashboard
-    tag: 0-1-2
+    tag: 0-1-3
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
     ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -232,7 +232,7 @@ backend:
   image:
     registry: open.greenhost.net:4567
     repository: stackspin/dashboard-backend/dashboard-backend
-    tag: 0-1-2
+    tag: 0-1-3
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
     ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -249,6 +249,11 @@ backend:
 
   # URL to the Ory Kratos API
   kratosUrl: http://127.0.0.1:8000
+  oidc:
+    clientId: dashboard
+    clientSecret: ReplaceWithSecret
+    authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
+    tokenUrl: https://sso.stackspin.example.org/oauth2/token
 
   ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
   ##

From c2abc6802e7f79413dfe8dfcd64a154a7bc9533d Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Fri, 21 Jan 2022 11:18:47 +0100
Subject: [PATCH 2/3] update Chart version

---
 deployment/helmchart/Chart.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployment/helmchart/Chart.yaml b/deployment/helmchart/Chart.yaml
index c4c5f1d..73c42c7 100644
--- a/deployment/helmchart/Chart.yaml
+++ b/deployment/helmchart/Chart.yaml
@@ -1,7 +1,7 @@
 annotations:
   category: Dashboard
 apiVersion: v2
-appVersion: 0.1.1
+appVersion: 0.1.3
 dependencies:
   - name: common
     repository: https://charts.bitnami.com/bitnami
@@ -22,4 +22,4 @@ name: stackspin-dashboard
 sources:
   - https://open.greenhost.net/stackspin/dashboard/
   - https://open.greenhost.net/stackspin/dashboard-backend/
-version: 0.1.2
+version: 0.1.3

From 30393e2da43323fcc0ba25abc67238dfdee0d7a6 Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Fri, 21 Jan 2022 15:13:02 +0100
Subject: [PATCH 3/3] move HYDRA_CLIENT_SECRET and KRATOS_URL out of IF

---
 deployment/helmchart/templates/deployment.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/deployment/helmchart/templates/deployment.yaml b/deployment/helmchart/templates/deployment.yaml
index 1557dec..e22ce4f 100644
--- a/deployment/helmchart/templates/deployment.yaml
+++ b/deployment/helmchart/templates/deployment.yaml
@@ -132,12 +132,6 @@ spec:
                 secretKeyRef:
                   name: {{ include "backend.secretName" . }}
                   key: backend-password
-            {{- if (include "backend.smtp.password.enabled" .) }}
-            - name: DASHBOARD_SMTP_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "backend.smtp.secretName" . }}
-                  key: smtp-password
             - name: HYDRA_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
@@ -145,6 +139,12 @@ spec:
                   key: oidc-client-secret
             - name: KRATOS_URL
               value: {{ .Values.backend.kratosUrl }}
+            {{- if (include "backend.smtp.password.enabled" .) }}
+            - name: DASHBOARD_SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "backend.smtp.secretName" . }}
+                  key: smtp-password
             {{- end }}
             {{- if .Values.backend.extraEnvVars }}
             {{- include "common.tplvalues.render" (dict "value" .Values.backend.extraEnvVars "context" $) | nindent 12 }}