Skip to content

Commit 8a76e2a

Browse files
javirlnjavirln
authored
feat(chart): Allow onboarding and allow list on values.yaml (#989)
Signed-off-by: Javier Rodriguez <[email protected]>
1 parent 6f331e2 commit 8a76e2a

File tree

4 files changed

+37
-12
lines changed

4 files changed

+37
-12
lines changed

deployment/chainloop/Chart.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,11 @@ description: Chainloop is an open source software supply chain control plane, a
77

88
type: application
99
# Bump the patch (not minor, not major) version on each change in the Chart Source code
10+
<<<<<<< HEAD
1011
version: 1.63.1
12+
=======
13+
version: 1.63.2
14+
>>>>>>> b746e75 (Bump chart version adn add comment)
1115
# Do not update appVersion, this is handled automatically by the release process
1216
appVersion: v0.91.8
1317

deployment/chainloop/README.md

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -499,6 +499,8 @@ chainloop config save \
499499
| `controlplane.referrerSharedIndex` | Configure the shared, public index API endpoint that can be used to discover metadata referrers | |
500500
| `controlplane.referrerSharedIndex.enabled` | Enable index API endpoint | `false` |
501501
| `controlplane.referrerSharedIndex.allowedOrgs` | List of UUIDs of organizations that are allowed to publish to the shared index | `[]` |
502+
| `controlplane.onboarding.name` | Name of the organization to onboard | |
503+
| `controlplane.onboarding.role` | Role of the organization to onboard | |
502504

503505
### Control Plane Database
504506

@@ -516,13 +518,16 @@ chainloop config save \
516518

517519
### Control Plane Authentication
518520

519-
| Name | Description | Value |
520-
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------ | ----- |
521-
| `controlplane.auth.passphrase` | Passphrase used to sign the Auth Tokens generated by the controlplane. Leave empty for auto-generation | `""` |
522-
| `controlplane.auth.oidc.url` | Full authentication path, it should match the issuer URL of the Identity provider (IDp) | `""` |
523-
| `controlplane.auth.oidc.clientID` | OIDC IDp clientID | `""` |
524-
| `controlplane.auth.oidc.clientSecret` | OIDC IDp clientSecret | `""` |
525-
| `controlplane.auth.oidc.loginURLOverride` | Optional OIDC login URL override, useful to point to custom login pages | |
521+
| Name | Description | Value |
522+
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ----- |
523+
| `controlplane.auth.passphrase` | Passphrase used to sign the Auth Tokens generated by the controlplane. Leave empty for auto-generation | `""` |
524+
| `controlplane.auth.oidc.url` | Full authentication path, it should match the issuer URL of the Identity provider (IDp) | `""` |
525+
| `controlplane.auth.oidc.clientID` | OIDC IDp clientID | `""` |
526+
| `controlplane.auth.oidc.clientSecret` | OIDC IDp clientSecret | `""` |
527+
| `controlplane.auth.oidc.loginURLOverride` | Optional OIDC login URL override, useful to point to custom login pages | |
528+
| `controlplane.auth.allowList.rules` | List of domains or emails to allow | |
529+
| `controlplane.auth.allowList.selectedRoutes` | List of selected routes to allow. If not set it applies to all routes | |
530+
| `controlplane.auth.allowList.customMessage` | Custom message to display when a user is not allowed | |
526531

527532
### Control Plane Networking
528533

deployment/chainloop/templates/controlplane/config.configmap.yaml

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,11 @@ metadata:
1010
labels:
1111
{{- include "chainloop.controlplane.labels" . | nindent 4 }}
1212
data:
13-
{{- if .Values.controlplane.allowList }}
13+
{{- if .Values.controlplane.auth.allowList }}
1414
allow_list.yaml: |
1515
auth:
1616
allow_list:
17-
{{- range .Values.controlplane.allowList }}
18-
- {{ . | quote }}
19-
{{- end }}
17+
{{- toYaml .Values.controlplane.auth.allowList | nindent 8 }}
2018
{{- end }}
2119
config.yaml: |
2220
server:
@@ -41,4 +39,8 @@ data:
4139
download_url: {{ include "chainloop.cas.external_url" . }}/download
4240
plugins_dir: {{ .Values.controlplane.pluginsDir }}
4341
referrer_shared_index:
44-
{{- toYaml .Values.controlplane.referrerSharedIndex | nindent 6 }}
42+
{{- toYaml .Values.controlplane.referrerSharedIndex | nindent 6 }}
43+
{{ if .Values.controlplane.onboarding }}
44+
onboarding:
45+
{{- toYaml .Values.controlplane.onboarding | nindent 6 }}
46+
{{- end }}

deployment/chainloop/values.yaml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -124,6 +124,12 @@ controlplane:
124124
enabled: false
125125
allowedOrgs: []
126126

127+
## @extra controlplane.onboarding.name Name of the organization to onboard
128+
## @extra controlplane.onboarding.role Role of the organization to onboard
129+
# onboarding:
130+
# - name: "read-only-demo"
131+
# role: "MEMBERSHIP_ROLE_ORG_VIEWER"
132+
127133
# Database migration
128134
## @skip controlplane.migration
129135
migration:
@@ -184,6 +190,14 @@ controlplane:
184190
clientSecret: ""
185191
# loginURLOverride: ""
186192

193+
## @extra controlplane.auth.allowList.rules List of domains or emails to allow
194+
## @extra controlplane.auth.allowList.selectedRoutes List of selected routes to allow. If not set it applies to all routes
195+
## @extra controlplane.auth.allowList.customMessage Custom message to display when a user is not allowed
196+
# allowList:
197+
# rules: []
198+
# selectedRoutes: []
199+
# customMessage: ""
200+
187201
## @section Control Plane Networking
188202
service:
189203
## @param controlplane.service.type Service type

0 commit comments

Comments
 (0)