Skip to content

Commit 11474c4

Browse files
jgaucher-csjgaucher-cs
committed
helm for: save OAuth2 attributes in the API key "config" dict
1 parent 4507d99 commit 11474c4

File tree

4 files changed

+29
-22
lines changed

4 files changed

+29
-22
lines changed

README.md

Lines changed: 23 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -44,28 +44,29 @@ uvicorn app.main:app --host localhost --port 9999 --reload --log-config=log_conf
4444

4545
### Env vars
4646

47-
| Variable | Description | Default |
48-
| ------------------------------ | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ |
49-
| APIKM_NAME | Application name | `"API-Key Manager"` |
50-
| APIKM_ROOT_PATH | API root path | `""` |
51-
| APIKM_DEBUG | DEBUG mode (display SQL queries) | `False` |
52-
| APIKM_CORS_ORIGINS_REGEX | Allow CORS from (regexp) | `".*"` |
53-
| APIKM_CORS_ALLOW_METHODS | Allow CORS for methods | `"GET"` |
54-
| APIKM_DATABASE_URL | Database to store API Keys | `"sqlite:///./test.db"` |
55-
| APIKM_DEFAULT_APIKEY_TTL_HOUR | Default lifetime of an API Key (in hour) | `360` |
56-
| APIKM_OIDC_ENDPOINT | OIDC End Point | `""` |
57-
| APIKM_OIDC_REALM | OIDC Realm | `""` |
58-
| APIKM_OIDC_CLIENT_ID | OIDC CLient ID | `""` |
59-
| APIKM_OIDC_CLIENT_SECRET | OIDC Secret used to sync user info from Keycloak | `""` |
60-
| APIKM_RATE_LIMIT | Rate limiter configuration for the check apikey endpoint | `20/minute` |
61-
| APIKM_KEYCLOAK_SYNC_FREQ | Sync frequency of a user with data stored in Keycloak (in seconds) | `300` |
62-
| APIKM_SHOW_TECHNICAL_ENDPOINTS | Show technical endoints (health) | `False` |
63-
| APIKM_USE_AUTHLIB_OAUTH | If False: use the OpenIdConnect authentication.<br>If True: use the authlib OAuth authentication instead. | `False` |
64-
| APIKM_SWAGGER_DESCRIPTION | Description displayed in the swagger front page | `"APIKeyManager is a centralized Python-oriented API Key manager"` |
65-
| APIKM_CONTACT_NAME | Contact name displayed in the swagger front page | `"CS Group France"` |
66-
| APIKM_CONTACT_URL | Contact url displayed in the swagger front page | `"https://github.com/csgroup-oss/apikey-manager/"` |
67-
| APIKM_CONTACT_EMAIL | Contact email displayed in the swagger front page | `"support@csgroup.space"` |
68-
| APIKM_OPENAPI_URL | The URL where the OpenAPI schema will be served from | `"/openapi.json"` |
47+
| Variable | Description | Default |
48+
| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ |
49+
| APIKM_NAME | Application name | `"API-Key Manager"` |
50+
| APIKM_ROOT_PATH | API root path | `""` |
51+
| APIKM_DEBUG | DEBUG mode (display SQL queries) | `False` |
52+
| APIKM_CORS_ORIGINS_REGEX | Allow CORS from (regexp) | `".*"` |
53+
| APIKM_CORS_ALLOW_METHODS | Allow CORS for methods | `"GET"` |
54+
| APIKM_DATABASE_URL | Database to store API Keys | `"sqlite:///./test.db"` |
55+
| APIKM_DEFAULT_APIKEY_TTL_HOUR | Default lifetime of an API Key (in hour) | `360` |
56+
| APIKM_OIDC_ENDPOINT | OIDC End Point | `""` |
57+
| APIKM_OIDC_REALM | OIDC Realm | `""` |
58+
| APIKM_OIDC_CLIENT_ID | OIDC CLient ID | `""` |
59+
| APIKM_OIDC_CLIENT_SECRET | OIDC Secret used to sync user info from Keycloak | `""` |
60+
| APIKM_RATE_LIMIT | Rate limiter configuration for the check apikey endpoint | `20/minute` |
61+
| APIKM_KEYCLOAK_SYNC_FREQ | Sync frequency of a user with data stored in Keycloak (in seconds) | `300` |
62+
| APIKM_SHOW_TECHNICAL_ENDPOINTS | Show technical endoints (health) | `False` |
63+
| APIKM_USE_AUTHLIB_OAUTH | If False: use the OpenIdConnect authentication.<br>If True: use the authlib OAuth authentication instead. | `False` |
64+
| APIKM_SWAGGER_DESCRIPTION | Description displayed in the swagger front page | `"APIKeyManager is a centralized Python-oriented API Key manager"` |
65+
| APIKM_CONTACT_NAME | Contact name displayed in the swagger front page | `"CS Group France"` |
66+
| APIKM_CONTACT_URL | Contact url displayed in the swagger front page | `"https://github.com/csgroup-oss/apikey-manager/"` |
67+
| APIKM_CONTACT_EMAIL | Contact email displayed in the swagger front page | `"support@csgroup.space"` |
68+
| APIKM_OPENAPI_URL | The URL where the OpenAPI schema will be served from | `"/openapi.json"` |
69+
| APIKM_OAUTH2_ATTRIBUTES | List of optional OAuth2 attributes to save as key/values in the API key "config" dict.<br>The list is given as a comma-separated str (e.g. `'attr1,attr2'`) or json representation str (e.g. `'["attr1", "attr2"]')` | `"attr1,attr2"` |
6970

7071
### Endpoints
7172

deploy/helm/apikeymanager/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ Helm chart for APIKeyManager
3535
| config.show_technical_endpoints | bool | `false` | Show technical endoints (health) |
3636
| config.swagger_description | string | `"APIKeyManager is a centralized Python-oriented API Key manager."` | Description displayed in the swagger front page |
3737
| config.use_authlib_oauth | bool | `false` | If False (default): use the OpenIdConnect authentication. If True: use the authlib OAuth authentication instead. |
38+
| config.oauth2_attributes | string | `""` | List of optional OAuth2 attributes to save as key/values in the API key "config" dict. The list is given as a comma-separated str (e.g. `'attr1,attr2'`) or json representation str (e.g. `'["attr1", "attr2"]')` |
3839
| fullnameOverride | string | `""` | |
3940
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
4041
| image.repository | string | `"ghcr.io/csgroup-oss/apikey-manager"` | Image repository |

deploy/helm/apikeymanager/templates/deployment.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -106,6 +106,8 @@ spec:
106106
value: {{ .Values.config.contact_email | quote }}
107107
- name: "APIKM_OPENAPI_URL"
108108
value: {{ .Values.config.openapi_url | quote }}
109+
- name: "APIKM_OAUTH2_ATTRIBUTES"
110+
value: {{ .Values.config.oauth2_attributes | quote }}
109111
{{- range $key, $val := .Values.env }}
110112
- name: {{ $key }}
111113
value: {{ $val | quote }}

deploy/helm/apikeymanager/values.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,9 @@ config:
5959
contact_email: "support@csgroup.space"
6060
# -- The URL where the OpenAPI schema will be served from
6161
openapi_url: "/openapi.json"
62+
# -- List of optional OAuth2 attributes to save as key/values in the API key "config" dict. The list is given as a
63+
# -- comma-separated str (e.g. 'attr1,attr2') or json representation str (e.g. '["attr1", "attr2"]')
64+
oauth2_attributes: ""
6265

6366
# --
6467
fullnameOverride: ""

0 commit comments

Comments
 (0)