User auth customizability (#216)

* update user-auth module allowing customization

Author: davidcheung

templates/kubernetes/terraform/environments/prod/main.tf

@@ -90,8 +90,20 @@ module "kubernetes" {
       # This domain or address must be verified by the mail provider (Sendgrid, SES, etc.)
       user_auth_mail_from_address   = "noreply@${local.domain_name}"
       cookie_signing_secret_key    = "${local.project}-${local.environment}-${local.random_seed}"
+      kratos_values_override = {}
+      oathkeeper_values_override  = {}
     }
     ## User auth: Kratos requires database and a secret (as: `user_auth[0].name`)
+    ##  example overriding the smtp adress in kratos_values_override, this will merge with the config
+    ##  {
+    ##    kratos = {
+    ##      courier = {
+    ##        smtp = {
+    ##          from_address = var.user_auth_mail_from_address
+    ##        }
+    ##      }
+    ##    }
+    ##  }
     ## Oathkeeper requires a private key (as `user_auth[0].jwks_secret_name`)
     ## per environment one of each (database/database secret/private key) is created in the pre-k8s step
     ## If you need to add another user-auth instance you will have to create another set of these resources

templates/kubernetes/terraform/environments/stage/main.tf

@@ -89,8 +89,20 @@ module "kubernetes" {
       # This domain or address must be verified by the mail provider (Sendgrid, SES, etc.)
       user_auth_mail_from_address   = "noreply@${local.domain_name}"
       cookie_signing_secret_key    = "${local.project}-${local.environment}-${local.random_seed}"
+      kratos_values_override = {}
+      oathkeeper_values_override  = {}
     }
     ## User auth: Kratos requires database and a secret (as: `user_auth[0].name`)
+    ##  example overriding the smtp adress in kratos_values_override, this will merge with the config
+    ##  {
+    ##    kratos = {
+    ##      courier = {
+    ##        smtp = {
+    ##          from_address = var.user_auth_mail_from_address
+    ##        }
+    ##      }
+    ##    }
+    ##  }
     ## Oathkeeper requires a private key (as `user_auth[0].jwks_secret_name`)
     ## per environment one of each (database/database secret/private key) is created in the pre-k8s step
     ## If you need to add another user-auth instance you will have to create another set of these resources

templates/kubernetes/terraform/modules/kubernetes/user_auth.tf

@@ -17,7 +17,7 @@ data "aws_secretsmanager_secret_version" "jwks_content" {
 module "user_auth" {
   count   = length(var.user_auth)
   source  = "commitdev/zero/aws//modules/user_auth"
-  version = "0.3.6"
+  version = "0.4.8"
 
   name                        = var.user_auth[count.index].name
   auth_namespace              = var.user_auth[count.index].auth_namespace
@@ -31,6 +31,8 @@ module "user_auth" {
   cookie_signing_secret_key   = var.user_auth[count.index].cookie_signing_secret_key
   kubectl_extra_args          = local.k8s_exec_context
   external_secret_name        = local.secrets_manager_secret_name
+  kratos_values_override      = lookup(var.user_auth[count.index], "kratos_values_override", {})
+  oathkeeper_values_override  = lookup(var.user_auth[count.index], "oathkeeper_values_override", {})
 
   depends_on = [helm_release.external_secrets]
 }

templates/kubernetes/terraform/modules/kubernetes/variables.tf

@@ -145,6 +145,8 @@ variable "user_auth" {
     user_auth_mail_from_address = string
     whitelisted_return_urls     = list(string)
     cookie_signing_secret_key   = string
+    kratos_values_override      = map(any)
+    oathkeeper_values_override  = map(any)
   }))
 }