From a78c17722742aa4511a51588a45267512a6e3b6a Mon Sep 17 00:00:00 2001
From: Zadkiel AHARONIAN <zadkiel_aharonian@carrefour.com>
Date: Tue, 9 Apr 2024 12:20:50 +0200
Subject: [PATCH 1/4] feat: add proxyVarsFromSecret value

Signed-off-by: Zadkiel AHARONIAN <zadkiel_aharonian@carrefour.com>
---
 helm/oauth2-proxy/Chart.yaml                | 8 ++++----
 helm/oauth2-proxy/templates/deployment.yaml | 5 +++++
 helm/oauth2-proxy/values.yaml               | 3 +++
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
index 7d1108f8..89c1b5da 100644
--- a/helm/oauth2-proxy/Chart.yaml
+++ b/helm/oauth2-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 7.4.1
+version: 7.5.0
 apiVersion: v2
 appVersion: 7.6.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/
@@ -34,8 +34,8 @@ maintainers:
 kubeVersion: ">=1.9.0-0"
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: Fix link in readme to existingSecret needed fields
+    - kind: added
+      description: Add proxyVarsFromSecret value
       links:
         - name: Github PR
-          url: https://github.com/oauth2-proxy/manifests/pull/193
+          url: https://github.com/oauth2-proxy/manifests/pull/196
diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml
index 218bef44..9cada2ff 100644
--- a/helm/oauth2-proxy/templates/deployment.yaml
+++ b/helm/oauth2-proxy/templates/deployment.yaml
@@ -146,6 +146,11 @@ spec:
         lifecycle:
 {{ toYaml .Values.lifecycle | indent 10 }}
 {{- end }}
+        {{- with .Values.proxyVarsFromSecret }}
+        envFrom:
+        - secretRef:
+            name: {{  . }}
+        {{- end }}
         env:
         {{- if .Values.proxyVarsAsSecrets }}
         - name: OAUTH2_PROXY_CLIENT_ID
diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml
index 219f45ad..fbd262e9 100644
--- a/helm/oauth2-proxy/values.yaml
+++ b/helm/oauth2-proxy/values.yaml
@@ -221,6 +221,9 @@ nodeSelector: {}
 # Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
 proxyVarsAsSecrets: true
 
+# Import all environment variables from an existing secret. Not compatible with 'proxyVarsAsSecrets'.
+# proxyVarsFromSecret: my-secret-name
+
 # Configure Kubernetes liveness and readiness probes.
 # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
 # Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks

From 5d2ffbe46265d9d35cb86c1f5914da221785ff79 Mon Sep 17 00:00:00 2001
From: Pierluigi Lenoci <pierluigi.lenoci@sap.com>
Date: Wed, 8 Jan 2025 11:19:23 +0100
Subject: [PATCH 2/4] Update Chart.yaml

---
 helm/oauth2-proxy/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
index 0fd58158..ce88a812 100644
--- a/helm/oauth2-proxy/Chart.yaml
+++ b/helm/oauth2-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 7.9.2
+version: 7.9.3
 apiVersion: v2
 appVersion: 7.7.1
 home: https://oauth2-proxy.github.io/oauth2-proxy/

From 12e5cc8393f879d5b2724b768625a608bb5107f6 Mon Sep 17 00:00:00 2001
From: Pierluigi Lenoci <pierluigi.lenoci@sap.com>
Date: Mon, 10 Feb 2025 16:33:36 +0100
Subject: [PATCH 3/4] Update helm/oauth2-proxy/Chart.yaml

Co-authored-by: Jan Larwig <jan@larwig.com>
---
 helm/oauth2-proxy/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
index bc34895e..83153f37 100644
--- a/helm/oauth2-proxy/Chart.yaml
+++ b/helm/oauth2-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 7.10.5
+version: 7.11.0
 apiVersion: v2
 appVersion: 7.8.1
 home: https://oauth2-proxy.github.io/oauth2-proxy/

From e2ae4b8445e88389df1042caf6ebc9edfbb3543b Mon Sep 17 00:00:00 2001
From: tuunit <jan@larwig.com>
Date: Mon, 10 Feb 2025 20:17:13 +0100
Subject: [PATCH 4/4] rename proxyVarsFromSecret to envFromExistingSecret

---
 helm/oauth2-proxy/Chart.yaml                |  2 +-
 helm/oauth2-proxy/templates/deployment.yaml |  8 ++++----
 helm/oauth2-proxy/values.yaml               | 13 +++++++------
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
index 83153f37..65b915de 100644
--- a/helm/oauth2-proxy/Chart.yaml
+++ b/helm/oauth2-proxy/Chart.yaml
@@ -32,7 +32,7 @@ kubeVersion: ">=1.16.0-0"
 annotations:
   artifacthub.io/changes: |
     - kind: added
-      description: Add proxyVarsFromSecret value
+      description: Add envFromExistingSecret value for loading environment variables from an existing secret
       links:
         - name: Github PR
           url: https://github.com/oauth2-proxy/manifests/pull/196
diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml
index b2bef958..ea401ce0 100644
--- a/helm/oauth2-proxy/templates/deployment.yaml
+++ b/helm/oauth2-proxy/templates/deployment.yaml
@@ -172,13 +172,13 @@ spec:
         lifecycle:
 {{ toYaml .Values.lifecycle | indent 10 }}
 {{- end }}
-        {{- with .Values.proxyVarsFromSecret }}
+        {{- with .Values.envFromExistingSecret }}
         envFrom:
         - secretRef:
-            name: {{  . }}
+            name: {{ . }}
         {{- end }}
         env:
-        {{- if .Values.proxyVarsAsSecrets }}
+        {{- if and (not .Values.envFromExistingSecret) .Values.proxyVarsAsSecrets }}
         - name: OAUTH2_PROXY_CLIENT_ID
           valueFrom:
             secretKeyRef:
@@ -242,7 +242,7 @@ spec:
         {{- if .Values.extraEnv }}
 {{ tpl (toYaml .Values.extraEnv) . | indent 8 }}
         {{- end }}
-        {{- if .Values.envFrom }}
+        {{- if and (not .Values.envFromExistingSecret) .Values.envFrom }}
         envFrom:
 {{ tpl (toYaml .Values.envFrom) . | indent 8 }}
         {{- end }}
diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml
index 742124cd..a7eafa8d 100644
--- a/helm/oauth2-proxy/values.yaml
+++ b/helm/oauth2-proxy/values.yaml
@@ -107,6 +107,13 @@ envFrom: []
 #  - secretRef:
 #      name: special-config-secret
 
+# Import all environment variables from an existing secret. Will overwrite 'proxyVarsAsSecrets' and 'envFrom'.
+envFromExistingSecret: ""
+
+# Whether to create a secret instead of plain environment values for configuring
+# the client_id, client_secret and cookie_secret
+proxyVarsAsSecrets: true
+
 # -- Custom labels to add into metadata
 customLabels: {}
 
@@ -245,12 +252,6 @@ tolerations: []
 # Ref: https://kubernetes.io/docs/user-guide/node-selection/
 nodeSelector: {}
 
-# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
-proxyVarsAsSecrets: true
-
-# Import all environment variables from an existing secret. Not compatible with 'proxyVarsAsSecrets'.
-# proxyVarsFromSecret: my-secret-name
-
 # Configure Kubernetes liveness and readiness probes.
 # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
 # Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks