Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add oidc integration example for nextcloud (#252) #253

Merged
merged 9 commits into from
Sep 18, 2023
Merged

feat: Add oidc integration example for nextcloud (#252) #253

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
e4b517c
feat: add oidc integration example for nextcloud (#252)
JensAc Aug 10, 2023
abee1cc
style: remove redundant comma (#252)
JensAc Aug 10, 2023
a24e2da
feat: use oidc_login as oidc provider for nextcloud (#252)
JensAc Sep 8, 2023
4e8feed
docs: add documentation for nextcloud oidc support (#252)
JensAc Sep 8, 2023
be7b634
style: remove redundant commas (#252)
JensAc Sep 8, 2023
506a416
style: remove redundat safe call (#252)
JensAc Sep 8, 2023
7dc2a22
fix: define oidc spec as nullable (#252)
JensAc Sep 8, 2023
ee5831d
docs: add description for oidcSecret (#252)
JensAc Sep 15, 2023
e3b360f
style: use spread operator instead of redundant safe calls (#252)
JensAc Sep 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .idea/vcs.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 17 additions & 0 deletions deploy/crd/nextclouds.glasskube.eu-v1.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,23 @@ spec:
host:
type: string
type: object
oidc:
nullable: true
properties:
name:
type: string
oidcSecret:
properties:
name:
type: string
type: object
issuerUrl:
type: string
required:
- name
- oidcSecret
- issuerUrl
type: object
type: object
resources:
properties:
Expand Down
1 change: 1 addition & 0 deletions docs/docs/03_crd-reference/nextcloud/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ spec:
| Name | Type | |
|--------|------------------------|--------|
| office | [OfficeSpec](./office) | `null` |
| oidc | [OidcSpec](./oidc) | `null` |

### StorageSpec {#storage}

Expand Down
28 changes: 28 additions & 0 deletions docs/docs/03_crd-reference/nextcloud/oidc.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Oidc

The Glasskube operator can configure the [`oidc_login`](https://apps.nextcloud.com/apps/oidc_login) nextcloud app for you. Currently, the operator only passes the most basic configuration options throuh.

## Example

```yaml title=spec.apps.office
oidc:
name: my-oidc-issuer
issuerUrl: https://my-oidc-issuer.org
oidcSecret:
name: oidc-login
```

## Spec

| Name | Type | |
|------------|------------------------------------------------------------------------------------------------------------------------|------------|
| name | String | (required) |
| issuerUrl | String | (required) |
| oidcSecret | [LocalObjectReference](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/local-object-reference/) | (required) |

### OidcSecret

| Key | Description | |
|--------------|------------------------------------------------------------|------------|
| clientId | Id of the client/application in your OIDC provider | (required) |
| clientSecret | Secret corresponding to the clientId in your OIDC provider | (required) |
14 changes: 13 additions & 1 deletion operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,24 @@
package eu.glasskube.operator.apps.nextcloud

import io.fabric8.generator.annotation.Nullable
import io.fabric8.generator.annotation.Required
import io.fabric8.kubernetes.api.model.LocalObjectReference

data class NextcloudAppsSpec(
@field:Nullable
val office: Office? = null
val office: Office? = null,
@field:Nullable
val oidc: Oidc? = null
kosmoz marked this conversation as resolved.
Show resolved Hide resolved
) {
data class Office(
val host: String
)
data class Oidc(
kosmoz marked this conversation as resolved.
Show resolved Hide resolved
@field:Required
val name: String,
@field:Required
val oidcSecret: LocalObjectReference,
@field:Required
val issuerUrl: String
)
}
16 changes: 15 additions & 1 deletion ...ator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,21 @@ class NextcloudConfigMap : CRUDKubernetesDependentResource<ConfigMap, Nextcloud>
"192.168.0.0/16"
),
"log_type" to "errorlog",
"log_level" to 2
"log_level" to 2,
*spec.apps.oidc?.let {
arrayOf(
"oidc_login_provider_url" to it.issuerUrl,
"oidc_login_logout_url" to spec.host,
"oidc_login_button_text" to "Login with " + it.name,
"oidc_login_disable_registration" to false,
"oidc_login_scope" to "openid profile email",
"oidc_login_attributes" to mapOf(
"id" to "sub",
"name" to "name",
"mail" to "email"
)
)
}.orEmpty()
).toMap(),
listOfNotNull(
spec.apps.office?.let {
Expand Down
31 changes: 24 additions & 7 deletions ...tor/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,12 +108,15 @@ class NextcloudDeployment : CRUDKubernetesDependentResource<Deployment, Nextclou
command = listOf("sh")
args = listOf(
"-c",
"""
php $OCC_PATH app:install richdocuments
php $OCC_PATH app:install contacts
php $OCC_PATH app:install calendar
true
""".trimIndent()
listOf(
"php $OCC_PATH app:install richdocuments",
"php $OCC_PATH app:install contacts",
"php $OCC_PATH app:install calendar",
primary.spec.apps.oidc.let {
"php $OCC_PATH app:install oidc_login"
},
"true"
).joinToString("\n") { it }
)
securityContext {
runAsUser = 33
Expand Down Expand Up @@ -175,7 +178,8 @@ class NextcloudDeployment : CRUDKubernetesDependentResource<Deployment, Nextclou
name = Nextcloud.APP_NAME
image = Nextcloud.APP_IMAGE
resources = primary.spec.resources
env = primary.defaultEnv + primary.databaseEnv + primary.smtpEnv + primary.storageEnv
env =
primary.defaultEnv + primary.databaseEnv + primary.smtpEnv + primary.oidcEnv + primary.storageEnv
volumeMounts {
volumeMount {
name = DATA_VOLUME
Expand Down Expand Up @@ -271,6 +275,19 @@ class NextcloudDeployment : CRUDKubernetesDependentResource<Deployment, Nextclou
envVar("SMTP_PASSWORD") { secretKeyRef(authSecret.name, "password") }
}

private val Nextcloud.oidcEnv
get() = createEnv {
spec.apps.oidc?.let { envVar("NC_oidc_login_client_id") { secretKeyRef(it.oidcSecret.name, "clientId") } }
spec.apps.oidc?.let {
envVar("NC_oidc_login_client_secret") {
secretKeyRef(
it.oidcSecret.name,
"clientSecret"
)
}
}
kosmoz marked this conversation as resolved.
Show resolved Hide resolved
}

private val Nextcloud.storageEnv
get() = createEnv {
spec.storage?.s3?.apply {
Expand Down
Loading