Merge pull request #181 from mlbiam/master

fixes for naas with argo, oidc

openunison-k8s-cluster-management/Chart.yaml

@@ -14,7 +14,7 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 3.0.38
+version: 3.0.40
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.

openunison-k8s-cluster-management/templates/applications/newproject.yaml

@@ -200,6 +200,8 @@ spec:
         - "objectClass=groupofnames"
         - "sort=true"
         {{ else if $root.Values.oidc}}
+
+
         {{ if eq $root.Values.oidc.type "okta" }}
         {{ if $role.external.required }}
         {{ $role.external.fieldName }}.type: "text-list-box"
@@ -211,8 +213,27 @@ spec:
         - "targetName=okta"
         - "maxEntries=10"
         - "errorMessage=Invalid group name"
+
+        {{ else if eq $root.Values.oidc.type "entraid" }}
+        {{ if $role.external.required }}
+        {{ $role.external.fieldName }}.type: "text-list-box"
+        {{ else }}
+        {{ $role.external.fieldName }}.type: "chk-text-list-box"
         {{ end }}
+        {{ $role.external.fieldName }}.dynamicValueSource.className: "com.tremolosecurity.scalejs.register.dynamicSource.EntraIDSource"
+        {{ $role.external.fieldName }}.dynamicValueSource.config: 
+        - "target=azuread"
+        - "maxEntries=10"
+        {{ else }}
+        {{ $role.external.fieldName }}.type: "text"
+
+
+
+
 
+        {{ end }}
+
+
         {{ else if $root.Values.github}}
         {{ if $root.Values.github.naas }}
         {{ if $role.external.required }}
@@ -245,39 +266,58 @@ spec:
         {{ $role.external.fieldName }}.minChars: "0"
         {{ $role.external.fieldName }}.maxChars: "255"
         {{ $role.external.fieldName }}.unique: "false"
+
+
+        # check ad
         {{ if $root.Values.active_directory }}
+
+        # is ad required?
         {{ if $role.external.required }}
         {{ $role.external.fieldName }}.type: "text-list-box"
         {{ else }}
         {{ $role.external.fieldName }}.type: "chk-text-list-box"
         {{ end }}
+
+
         {{ $role.external.fieldName }}.dynamicValueSource.className: "com.tremolosecurity.scalejs.register.dynamicSource.LoadFromLDAP"
         {{ $role.external.fieldName }}.dynamicValueSource.config: 
         - "nameField=distinguishedName"
         - "valueField=distinguishedName"
         - "searchField=cn"
         - "maxEntries=10"
+
+        #is there a specific search base?
         {{ if $root.Values.active_directory.group_search_base }}
         - "searchBase={{ $root.Values.active_directory.group_search_base }},ou=activedirectory,o=Data"
         {{ else }}
         - "searchBase=ou=activedirectory,o=Data"
         {{ end }}
+
         - "errorMessage=Invalid group name"
         - "objectClass=groupofnames"
         - "sort=true"
+
+        #is oidc?
         {{ else if $root.Values.oidc}}
+
+        # is okta?
         {{ if eq $root.Values.oidc.type "okta" }}
+
+        #is a required group?
         {{ if $role.external.required }}
         {{ $role.external.fieldName }}.type: "text-list-box"
         {{ else }}
         {{ $role.external.fieldName }}.type: "chk-text-list-box"
         {{ end }}
+
         {{ $role.external.fieldName }}.dynamicValueSource.className: "com.tremolosecurity.scalejs.register.dynamicSource.LoadGroupsFromOkta"
         {{ $role.external.fieldName }}.dynamicValueSource.config: 
         - "targetName=okta"
         - "maxEntries=10"
         - "errorMessage=Invalid group name"
         {{ end }}
+
+
         {{ else }}
         {{ $role.external.fieldName }}.type: "text"
         {{ end }}

openunison-k8s-cluster-management/values.yaml

@@ -10,6 +10,7 @@ impersonation:
 
 openunison:
   orchestra_login_portal_name: orchestra-login-portal
+
   naas:
     git:
       prefix: ""

orchestra-login-portal/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.3.56
+version: 2.3.57
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

orchestra-login-portal/values.yaml

@@ -108,6 +108,8 @@ services:
 
 openunison:
   apps: []
+  amq:
+    enabled: true
   imagePullPolicy: Always
   authentication:
     refresh_token:

orchestra/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.10.59
+version: 2.10.60
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

orchestra/values.yaml

@@ -119,6 +119,7 @@ services:
   - "alive"
 openunison:
   amq:
+    enabled: true
     pvc: {}
   secret_ext: ""
   apps: []
@@ -201,7 +202,7 @@ openunison:
           errorMessage: "Invalid viewer group"
         workflow:
           label: "namespace viewer"
-          displayLabel: $name$ Administrator
+          displayLabel: $name$ Viewer
           emailTemplate: Approve viewer access to $cluster$ $name$
           approvalLabel: Approve viewer access for $cluster$ - $name$
           userNotification: