Merge branch 'gitlab-broader-sso-support' into 'master'

Allow custom omniauth provider configuration for GitLab SSO See merge request platform-one/big-bang/bigbang!1382

Merge branch 'gitlab-broader-sso-support' into 'master'
e87805ae · runyontr · 86401023 · 0beb30d8 · e87805ae · e87805ae
Commit e87805ae authored 3 years ago by runyontr
--- a/chart/templates/gitlab/secret-sso.yaml
+++ b/chart/templates/gitlab/secret-sso.yaml
@@ -16,20 +16,23 @@ stringData:
      "args": {
        "name": "openid_connect",
        "scope": [
-          "Gitlab"
+          {{- $scopes := .Values.addons.gitlab.sso.scopes | default (list "Gitlab") | uniq }}
+          {{- range $index, $scopes }}
+          {{ $index | quote }}{{if ne $index (last $scopes)}},{{end}}
+          {{- end }}
        ],
        "response_type": "code",
-        "issuer": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}",
+        "issuer": {{ .Values.addons.gitlab.sso.issuer_uri | default "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}" | quote }},
        "client_auth_method": "query",
        "discovery": true,
-        "uid_field": "preferred_username",
+        "uid_field": {{ .Values.addons.gitlab.sso.uid_field | default "preferred_username" | quote }},
        "client_options": {
          "identifier": "{{ .Values.addons.gitlab.sso.client_id | default .Values.sso.client_id }}",
          "secret": "{{ .Values.addons.gitlab.sso.client_secret | default .Values.sso.client_secret }}",
          "redirect_uri": "https://{{ .Values.addons.gitlab.hostnames.gitlab }}.{{ $domainName }}/users/auth/openid_connect/callback",
-          "end_session_endpoint": "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout"
+          "end_session_endpoint": {{ .Values.addons.gitlab.sso.end_session_uri | default "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/logout" | quote }}
        }
      }
    }
 {{- end }}
-{{- end}}
\ No newline at end of file
+{{- end}}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -751,6 +751,18 @@ addons:
      # -- Gitlab SSO login button label
      label: ""

+      # -- Gitlab SSO Scopes, default is ["Gitlab"]
+      scopes:
+      - Gitlab
+
+      # -- GitLab SSO URIs
+      # Only needed if your SSO is non-Keycloak
+      #issuer_uri:
+      #end_session_uri:
+
+      # -- Gitlab SSO UID field
+      uid_field: preferred_username
+
    database:
      # -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
      # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.