Merge remote-tracking branch 'origin/master' into 1943-incomplete-conditional-formatting-vault

62a7453d · Jacob Kershaw · c67ab3a6 · 29bc65e1 · 62a7453d · 62a7453d
Commit 62a7453d authored 1 year ago by Jacob Kershaw
--- a/chart/templates/gitlab/secret-sso.yaml
+++ b/chart/templates/gitlab/secret-sso.yaml
@@ -35,9 +35,26 @@ stringData:
          "secret": "{{ .Values.addons.gitlab.sso.client_secret }}",
          "redirect_uri": "https://{{ .Values.addons.gitlab.hostnames.gitlab }}.{{ $domainName }}/users/auth/openid_connect/callback",
          {{- if .Values.addons.gitlab.sso.end_session_uri }}
-          "end_session_endpoint": "{{ .Values.addons.gitlab.sso.end_session_uri }}"
+          "end_session_endpoint": "{{ .Values.addons.gitlab.sso.end_session_uri }}"{{if .Values.addons.gitlab.sso.groups }}{{printf "%s" ","}}{{end}}
          {{- else }}
-          "end_session_endpoint": "{{ include "sso.oidc.endsession" . }}"
+          "end_session_endpoint": "{{ include "sso.oidc.endsession" . }}"{{if .Values.addons.gitlab.sso.groups }}{{printf "%s" ","}}{{end}}
+          {{- end }}
+          {{- if .Values.addons.gitlab.sso.groups }}
+          {{- $groups := .Values.addons.gitlab.sso.groups }}
+          "gitlab": {
+            "groups_attribute": {{- printf " %s%s" (.Values.addons.gitlab.sso.groups.groupsAttribute | default "groups" | quote) "," }}
+            {{- $numKeys := len (keys $groups) }}
+            {{- $counter := 1 }}
+            {{- $comma := "," }}
+            {{- range $key, $val := $groups }}
+            {{- if eq $counter $numKeys }}{{ $comma = "" }}{{end}}
+            {{- if eq $key "requiredGroups" }}{{- printf "%s%s" (trimSuffix "\n" (trimAll "{}" (dict "required_groups" $val | toPrettyJson))) $comma | indent 10 }}{{end}}
+            {{- if eq $key "externalGroups" }}{{- printf "%s%s" (trimSuffix "\n" (trimAll "{}" (dict "external_groups" $val | toPrettyJson))) $comma | indent 10 }}{{end}}
+            {{- if eq $key "auditorGroups" }}{{- printf "%s%s" (trimSuffix "\n" (trimAll "{}" (dict "auditor_groups" $val | toPrettyJson))) $comma | indent 10 }}{{end}}
+            {{- if eq $key "adminGroups" }}{{- printf "%s%s" (trimSuffix "\n" (trimAll "{}" (dict "admin_groups" $val | toPrettyJson))) $comma | indent 10 }}{{end}}
+            {{- $counter = add1 $counter -}}
+            {{- end -}}
+          }
          {{- end }}
        }
      }

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -570,11 +570,11 @@ elasticsearchKibana:
  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
    path: "./chart"
-    tag: "1.10.0-bb.0"
+    tag: "1.10.0-bb.1"
  helmRepo:
    repoName: "registry1"
    chartName: "elasticsearch-kibana"
-    tag: "1.10.0-bb.0"
+    tag: "1.10.0-bb.1"

  # -- Flux reconciliation overrides specifically for the Logging (EFK) Package
  flux:
@@ -924,11 +924,11 @@ grafana:
  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/grafana.git
    path: "./chart"
-    tag: "7.3.0-bb.0"
+    tag: "7.3.0-bb.1"
  helmRepo:
    repoName: "registry1"
    chartName: "grafana"
-    tag: "7.3.0-bb.0"
+    tag: "7.3.0-bb.1"

  # -- Flux reconciliation overrides specifically for the Monitoring Package
  flux: {}
@@ -1207,6 +1207,15 @@ addons:
      scopes:
        - Gitlab

+      # -- Fill out the groups block below and populate with Keycloak groups according to your desired Gitlab membership requirements. The default groupsAttribute is "groups".
+      # Full documentation: https://docs.gitlab.com/ee/administration/auth/oidc.html?tab=Linux+package+%28Omnibus%29#configure-users-based-on-oidc-group-membership
+      groups: []
+      #   groupsAttribute: ""
+      #   requiredGroups: []
+      #   externalGroups: []
+      #   auditorGroups: []
+      #   adminGroups: []
+
    database:
      # -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
      # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
@@ -1823,7 +1832,7 @@ addons:
      repoName: "registry1"
      chartName: "vault"
      tag: "0.25.0-bb.14"
-      
+
    # -- Flux reconciliation overrides specifically for the Vault Package
    flux: {}

@@ -1912,7 +1921,7 @@ addons:

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []
-  
+
  holocron:
    # -- Toggle deployment of Holocron.
    enabled: false
@@ -2014,9 +2023,9 @@ addons:
    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""
-      
-    # -- Configure the object storage for Thanos.  
-    # The monitoring.prometheus thanos-sidecar and Thanos will use this configuration if defined 
+
+    # -- Configure the object storage for Thanos.
+    # The monitoring.prometheus thanos-sidecar and Thanos will use this configuration if defined
    objstoreConfig: ""

    values: {}

--- a/docs/assets/scripts/developer/k3d-dev.sh
+++ b/docs/assets/scripts/developer/k3d-dev.sh
 #!/bin/bash

 K3D_VERSION="5.6.0"
-DEFAULT_K3S_TAG="v1.27.6-k3s1"
+DEFAULT_K3S_TAG="v1.28.6-k3s2"

 # get the current script dir
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )