Merge branch 'gitlab-broader-sso-support' into 'master'

FIXED: Allow custom omniauth provider configuration for GitLab See merge request platform-one/big-bang/bigbang!1399

Merge branch 'gitlab-broader-sso-support' into 'master'
23199695 · Micah Nagel · 87cb4125 · dcd86ec6 · 23199695 · 23199695
Commit 23199695 authored 3 years ago by Micah Nagel
--- a/chart/templates/gitlab/secret-sso.yaml
+++ b/chart/templates/gitlab/secret-sso.yaml
@@ -16,20 +16,32 @@ stringData:
      "args": {
        "name": "openid_connect",
        "scope": [
-          "Gitlab"
+          {{- $scopes := .Values.addons.gitlab.sso.scopes | default (list "Gitlab") | uniq }}
+          {{- range $index, $scopes }}
+          {{ $index | quote }}{{if ne $index (last $scopes)}},{{end}}
+          {{- end }}
        ],
        "response_type": "code",
+        {{- if .Values.addons.gitlab.sso.issuer_uri }}
+        "issuer": "{{ .Values.addons.gitlab.sso.issuer_uri }}"
+        {{- else }}
        "issuer": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}",
+        {{- end }}
        "client_auth_method": "query",
        "discovery": true,
-        "uid_field": "preferred_username",
+        "uid_field": {{ .Values.addons.gitlab.sso.uid_field | default "preferred_username" | quote }},
        "client_options": {
          "identifier": "{{ .Values.addons.gitlab.sso.client_id | default .Values.sso.client_id }}",
          "secret": "{{ .Values.addons.gitlab.sso.client_secret | default .Values.sso.client_secret }}",
          "redirect_uri": "https://{{ .Values.addons.gitlab.hostnames.gitlab }}.{{ $domainName }}/users/auth/openid_connect/callback",
+          {{- if .Values.addons.gitlab.sso.end_session_uri }}
+          "end_session_endpoint": "{{ .Values.addons.gitlab.sso.end_session_uri }}"
+          {{- else }}
          "end_session_endpoint": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout"
+          {{- end }}
        }
      }
    }
+
 {{- end }}
-{{- end}}
\ No newline at end of file
+{{- end}}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -751,6 +751,21 @@ addons:
      # -- Gitlab SSO login button label
      label: ""

+      # -- Gitlab SSO Scopes, default is ["Gitlab"]
+      scopes:
+      - Gitlab
+
+      # -- GitLab SSO Issuer URI,
+      # Only needed if your SSO is non-Keycloak
+      issuer_uri: ""
+
+      # -- GitLab SSO End Session URI,
+      # Only needed if your SSO is non-Keycloak
+      end_session_uri: ""
+
+      # -- Gitlab SSO UID field
+      uid_field: preferred_username
+
    database:
      # -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
      # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.