From a4ce35261086a9aada272aadcab26c94ca763b87 Mon Sep 17 00:00:00 2001 From: Venky Hodigere Date: Thu, 4 Nov 2021 10:37:43 -0500 Subject: [PATCH 1/3] Add encrypt iv secret env var to helm chart --- charts/external-auth-server/templates/deployment.yaml | 5 +++++ charts/external-auth-server/templates/secrets.yaml | 2 ++ charts/external-auth-server/values.yaml | 1 + 3 files changed, 8 insertions(+) diff --git a/charts/external-auth-server/templates/deployment.yaml b/charts/external-auth-server/templates/deployment.yaml index b36f9e6..841ba11 100644 --- a/charts/external-auth-server/templates/deployment.yaml +++ b/charts/external-auth-server/templates/deployment.yaml @@ -83,6 +83,11 @@ spec: secretKeyRef: name: {{ include "external-auth-server.fullname" . }} key: config-token-encrypt-secret + - name: EAS_ENCRYPT_IV_SECRET + valueFrom: + secretKeyRef: + name: {{ include "external-auth-server.fullname" . }} + key: encrypt-iv-secret - name: EAS_ISSUER_SIGN_SECRET valueFrom: secretKeyRef: diff --git a/charts/external-auth-server/templates/secrets.yaml b/charts/external-auth-server/templates/secrets.yaml index 418384a..5e1a4c2 100644 --- a/charts/external-auth-server/templates/secrets.yaml +++ b/charts/external-auth-server/templates/secrets.yaml @@ -8,11 +8,13 @@ type: Opaque data: config-token-sign-secret: {{ required "configTokenSignSecret is required" .Values.configTokenSignSecret | b64enc | quote }} config-token-encrypt-secret: {{ required "configTokenEncryptSecret is required" .Values.configTokenEncryptSecret | b64enc | quote }} + encrypt-iv-secret: {{ .Values.encryptIvSecret | b64enc | quote }} issuer-sign-secret: {{ required "issuerSignSecret is required" .Values.issuerSignSecret | b64enc | quote }} issuer-encrypt-secret: {{ required "issuerEncryptSecret is required" .Values.issuerEncryptSecret | b64enc | quote }} cookie-sign-secret: {{ required "cookieSignSecret is required" .Values.cookieSignSecret | b64enc | quote }} cookie-encrypt-secret: {{ required "cookieEncryptSecret is required" .Values.cookieEncryptSecret | b64enc | quote }} session-encrypt-secret: {{ required "sessionEncryptSecret is required" .Values.sessionEncryptSecret | b64enc | quote }} + {{- if .Values.storeOpts }} store-opts: {{ .Values.storeOpts | toJson | b64enc | quote }} {{- end }} diff --git a/charts/external-auth-server/values.yaml b/charts/external-auth-server/values.yaml index 5d6b2b3..6f37806 100644 --- a/charts/external-auth-server/values.yaml +++ b/charts/external-auth-server/values.yaml @@ -4,6 +4,7 @@ configTokenSignSecret: configTokenEncryptSecret: +encryptIvSecret: issuerSignSecret: issuerEncryptSecret: cookieSignSecret: From d036cf3aa4701e040942c39ffcfef7df963f30bc Mon Sep 17 00:00:00 2001 From: Venky Hodigere Date: Tue, 30 Nov 2021 13:08:34 -0600 Subject: [PATCH 2/3] Refactor and change variable name --- charts/external-auth-server/templates/deployment.yaml | 2 +- charts/external-auth-server/templates/secrets.yaml | 2 +- charts/external-auth-server/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/external-auth-server/templates/deployment.yaml b/charts/external-auth-server/templates/deployment.yaml index 841ba11..83ec6e8 100644 --- a/charts/external-auth-server/templates/deployment.yaml +++ b/charts/external-auth-server/templates/deployment.yaml @@ -87,7 +87,7 @@ spec: valueFrom: secretKeyRef: name: {{ include "external-auth-server.fullname" . }} - key: encrypt-iv-secret + key: config-token-encrypt-iv-secret - name: EAS_ISSUER_SIGN_SECRET valueFrom: secretKeyRef: diff --git a/charts/external-auth-server/templates/secrets.yaml b/charts/external-auth-server/templates/secrets.yaml index 5e1a4c2..69b153e 100644 --- a/charts/external-auth-server/templates/secrets.yaml +++ b/charts/external-auth-server/templates/secrets.yaml @@ -8,7 +8,7 @@ type: Opaque data: config-token-sign-secret: {{ required "configTokenSignSecret is required" .Values.configTokenSignSecret | b64enc | quote }} config-token-encrypt-secret: {{ required "configTokenEncryptSecret is required" .Values.configTokenEncryptSecret | b64enc | quote }} - encrypt-iv-secret: {{ .Values.encryptIvSecret | b64enc | quote }} + encrypt-iv-secret: {{ .Values.configTokenEncryptIVSecret | b64enc | quote }} issuer-sign-secret: {{ required "issuerSignSecret is required" .Values.issuerSignSecret | b64enc | quote }} issuer-encrypt-secret: {{ required "issuerEncryptSecret is required" .Values.issuerEncryptSecret | b64enc | quote }} cookie-sign-secret: {{ required "cookieSignSecret is required" .Values.cookieSignSecret | b64enc | quote }} diff --git a/charts/external-auth-server/values.yaml b/charts/external-auth-server/values.yaml index 6f37806..69067f3 100644 --- a/charts/external-auth-server/values.yaml +++ b/charts/external-auth-server/values.yaml @@ -4,7 +4,7 @@ configTokenSignSecret: configTokenEncryptSecret: -encryptIvSecret: +configTokenEncryptIVSecret: issuerSignSecret: issuerEncryptSecret: cookieSignSecret: From dad3d6c40c62059333fe9a2063ba97499f6737e3 Mon Sep 17 00:00:00 2001 From: Venky Hodigere Date: Tue, 30 Nov 2021 13:18:33 -0600 Subject: [PATCH 3/3] Refactor and change variable name --- charts/external-auth-server/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/external-auth-server/templates/secrets.yaml b/charts/external-auth-server/templates/secrets.yaml index 69b153e..29319cb 100644 --- a/charts/external-auth-server/templates/secrets.yaml +++ b/charts/external-auth-server/templates/secrets.yaml @@ -8,7 +8,7 @@ type: Opaque data: config-token-sign-secret: {{ required "configTokenSignSecret is required" .Values.configTokenSignSecret | b64enc | quote }} config-token-encrypt-secret: {{ required "configTokenEncryptSecret is required" .Values.configTokenEncryptSecret | b64enc | quote }} - encrypt-iv-secret: {{ .Values.configTokenEncryptIVSecret | b64enc | quote }} + config-token-encrypt-iv-secret: {{ .Values.configTokenEncryptIVSecret | b64enc | quote }} issuer-sign-secret: {{ required "issuerSignSecret is required" .Values.issuerSignSecret | b64enc | quote }} issuer-encrypt-secret: {{ required "issuerEncryptSecret is required" .Values.issuerEncryptSecret | b64enc | quote }} cookie-sign-secret: {{ required "cookieSignSecret is required" .Values.cookieSignSecret | b64enc | quote }}