Dex static connector override (#5955)

* Make static connector configurable * Fix indent
kyma-project · Oct 10, 2019 · 600dd72 · 600dd72
1 parent 68abbad
commit 600dd72
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 12 deletions.
diff --git a/docs/security/08-03-add-connector.md b/docs/security/08-03-add-connector.md
@@ -33,15 +33,15 @@ metadata:
     kyma-project.io/installation: ""
 data:
     connectors: |-
-    - type: github
-      id: github
-      name: GitHub
-      config:
-        clientID: {GITHUB_CLIENT_ID}
-        clientSecret: {GITHUB_CLIENT_SECRET}
-         redirectURI: https://dex.{{ .Values.global.domainName }}/callback
-        orgs:
-          - name: {GITHUB_ORGANIZATION}
+      - type: github
+        id: github
+        name: GitHub
+        config:
+          clientID: {GITHUB_CLIENT_ID}
+          clientSecret: {GITHUB_CLIENT_SECRET}
+          redirectURI: https://dex.{{ .Values.global.domainName }}/callback
+          orgs:
+            - name: {GITHUB_ORGANIZATION}
 EOF
 ```
 

diff --git a/resources/dex/templates/dex-config-map.yaml b/resources/dex/templates/dex-config-map.yaml
@@ -39,6 +39,7 @@ data:
     {{- with .Values.oidc.staticClientsExtra }}
     {{- tpl . $ | nindent 4 }}
     {{- end }}
-
+    {{ if .Values.dex.useStaticConnector }}
     enablePasswordDB: true
     #__STATIC_PASSWORDS__
+    {{ end }}
diff --git a/resources/dex/templates/dex-deployment.yaml b/resources/dex/templates/dex-deployment.yaml
@@ -32,14 +32,13 @@ spec:
         ports:
         - name: http
           containerPort: {{ .Values.containerPort }}
-
         volumeMounts:
         - name: config
           mountPath: /etc/dex/cfg
         {{- with .Values.volumeMountsExtra }}
         {{- tpl . $ | nindent 8 }}
         {{- end }}
-
+      {{ if .Values.dex.useStaticConnector }}
       initContainers:
       - name: dex-users-configurator
         image: {{ .Values.global.containerRegistry.path }}/{{ .Values.global.dex_static_user_configurer.dir }}dex-static-user-configurer:{{ .Values.global.dex_static_user_configurer.version }}
@@ -58,6 +57,16 @@ spec:
             path: config.yaml
       - name: config
         emptyDir: {}
+      {{ else }}
+      volumes:
+      - name: config
+        configMap:
+          name: dex-config
+          items:
+            - key: config.yaml
+              path: config.yaml
+      {{ end }}
       {{- with .Values.volumesExtra }}
       {{- tpl . $ | nindent 6 }}
       {{- end }}
+
diff --git a/resources/dex/templates/dex-rbac-role.yaml b/resources/dex/templates/dex-rbac-role.yaml
@@ -15,9 +15,11 @@ rules:
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
     verbs: ["create"]
+  {{ if .Values.dex.useStaticConnector }}
   - apiGroups: [""]
     resources: ["secrets"]
     verbs: ["get", "list"]
+  {{ end }}
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/resources/dex/values.yaml b/resources/dex/values.yaml
@@ -53,6 +53,7 @@ dex:
   expiry:
     signingKeys: "720h"
     idTokens: "8h"
+  useStaticConnector: true
 
 resources:
   limits: