Added new global var template strings for sso/{auth_url, token_url}. Updated...

Added new global var template strings for sso/{auth_url, token_url}. Updated monitoring/grafana to reference the new global values as a default pointing to keycloak. Added a new folder to the .gitignore for scratch manifests and testing.

chart/google-auth-example-values.yaml

+#
+# The values below demonstrate how to override the default SSO provider (Keycloak) in favor of google auth.
+#
+# Current tested implementations and reference docs:
+#   * grafana - https://grafana.com/docs/grafana/latest/auth/google/
+#
+
+monitoring:
+  sso:
+    grafana:
+      client_id: <client_id>
+      client_secret: <client_secret>
+      scopes: "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"
+      allowed_domains: <allowed_domains>
+      auth_url: https://accounts.google.com/o/oauth2/auth
+      token_url: https://oauth2.googleapis.com/token
+      signout_redirect_url: https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://grafana.bigbang.dev
\ No newline at end of file

chart/templates/monitoring/values.yaml

@@ -44,18 +44,19 @@ grafana:
     {{- end }}
 
     auth:
-      signout_redirect_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout
+      signout_redirect_url: {{ .Values.monitoring.sso.grafana.signout_redirect_url | default (tpl "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout" .) }}
 
     auth.generic_oauth:
       enabled: {{ .Values.monitoring.sso.enabled }}
       client_id: {{ .Values.monitoring.sso.grafana.client_id }}
       client_secret: {{ .Values.monitoring.sso.grafana.client_secret }}
       scopes: {{ .Values.monitoring.sso.grafana.scopes | default "openid profile email" }}
-      auth_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth
-      token_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token
-      api_url: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/userinfo
+      auth_url: {{ .Values.monitoring.sso.grafana.auth_url | default (tpl .Values.sso.auth_url .) }}
+      token_url: {{ .Values.monitoring.sso.grafana.token_url | default (tpl .Values.sso.token_url .) }}
+      api_url: {{ .Values.monitoring.sso.grafana.api_url | default (tpl "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/userinfo" .) }}
       allow_sign_up: {{ .Values.monitoring.sso.grafana.allow_sign_up | default "True" }}
       role_attribute_path: {{ .Values.monitoring.sso.grafana.role_attribute_path | default "Viewer" }}
+      allowed_domains: {{ .Values.monitoring.sso.grafana.allowed_domains }}
 
 prometheus-node-exporter:
   serviceAccount:

chart/values.yaml

@@ -67,6 +67,12 @@ sso:
   # -- OIDC client secret used for packages authenticated through authservice
   client_secret: ""
 
+  # -- OIDC token URL template string (to be used as default)
+  token_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token"
+    
+  # -- OIDC auth URL template string (to be used as default)
+  auth_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth"
+
 # -- (Advanced) Flux reconciliation parameters.
 # The default values provided will be sufficient for the majority of workloads.
 flux: