From e5c3408b3f7b5286d371b2d422f5788a213fabb3 Mon Sep 17 00:00:00 2001
From: "branden.cobb" <cobb_branden@bah.com>
Date: Mon, 15 Feb 2021 12:17:58 +0000
Subject: [PATCH] feat argocd sso

---
 chart/templates/argocd/argocd-helmrelease.yaml | 17 +++++++++++++++--
 chart/values.yaml                              |  7 +++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/chart/templates/argocd/argocd-helmrelease.yaml b/chart/templates/argocd/argocd-helmrelease.yaml
index 300e50f3d7..b4cf10ef90 100644
--- a/chart/templates/argocd/argocd-helmrelease.yaml
+++ b/chart/templates/argocd/argocd-helmrelease.yaml
@@ -57,7 +57,20 @@ spec:
     server:
       config:
         url: https://argocd.{{ .Values.hostname }}
-
+    {{- if .Values.addons.argocd.sso.enabled }}
+    sso:
+      enabled: {{ .Values.addons.argocd.sso.enabled }}
+      rbac:
+        policy.csv: {{- toYaml .Values.addons.argocd.sso.groups | nindent 8 }}
+      keycloakClientSecret: {{ .Values.addons.argocd.sso.client_secret }}
+      config:
+        oidc.config: |
+          name: {{ .Values.addons.argocd.sso.provider_name }}
+          issuer: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}
+          clientID: {{ .Values.addons.argocd.sso.client_id }}
+          clientSecret: $oidc.keycloak.clientSecret
+          requestedScopes: ["openid","ArgoCD"]
+    {{- end }}
   {{- if or .Values.monitoring.enabled .Values.istio.enabled }}
   dependsOn:
   {{- if .Values.istio.enabled }}
@@ -69,4 +82,4 @@ spec:
     namespace: {{ .Release.Namespace }}
   {{- end }}
   {{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 370696f3e1..7342ba7126 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -195,6 +195,13 @@ addons:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
       path: "./chart"
       tag: "2.9.5-bb.4"
+    sso:
+      enabled: false
+      client_id: "" # sso clientID example: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-argocd
+      provider_name: "" # login as name example: P1 SSO
+      client_secret: ""  # for dev this can be set to anything
+      groups: |
+        g, Impact Level 2 Authorized, role:admin
     values: {}
 
   authservice:
-- 
GitLab