Skip to content

Commit

Permalink
[bitnami/oauth2-proxy] add useApplicationDefaultCredentials google (#…
Browse files Browse the repository at this point in the history 
…30309)

* [bitnami/oauth2-proxy] add useApplicationDefaultCredentials google

Signed-off-by: claudio_viera <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

* [bitnami/oauth2-proxy] add useApplicationDefaultCredentials google

Signed-off-by: claudio_viera <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

---------

Signed-off-by: claudio_viera <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
Co-authored-by: Bitnami Containers <[email protected]>
  • Loading branch information
@franviera92 @bitnami-bot
franviera92 and bitnami-bot authored Nov 28, 2024
1 parent 7409ca4 commit 5ee114c
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 25 deletions.
10 changes: 8 additions & 2 deletions bitnami/oauth2-proxy/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
# Changelog

## 6.0.6 (2024-11-07)
## 6.1.0 (2024-11-26)

* [bitnami/oauth2-proxy] Release 6.0.6 ([#30288](https://github.com/bitnami/charts/pull/30288))
* [bitnami/oauth2-proxy] add useApplicationDefaultCredentials google ([#30309](https://github.com/bitnami/charts/pull/30309))

## <small>6.0.6 (2024-11-07)</small>

* [bitnami/*] Remove wrong comment about imagePullPolicy (#30107) ([a51f9e4](https://github.com/bitnami/charts/commit/a51f9e4bb0fbf77199512d35de7ac8abe055d026)), closes [#30107](https://github.com/bitnami/charts/issues/30107)
* [bitnami/oauth2-proxy] Release 6.0.6 (#30288) ([763b6aa](https://github.com/bitnami/charts/commit/763b6aad5acfa854f0e62dfdb026ef78e2803f57)), closes [#30288](https://github.com/bitnami/charts/issues/30288)
* Update documentation links to techdocs.broadcom.com (#29931) ([f0d9ad7](https://github.com/bitnami/charts/commit/f0d9ad78f39f633d275fc576d32eae78ded4d0b8)), closes [#29931](https://github.com/bitnami/charts/issues/29931)

## <small>6.0.5 (2024-10-08)</small>

Expand Down
2 changes: 1 addition & 1 deletion bitnami/oauth2-proxy/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,4 @@ maintainers:
name: oauth2-proxy
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/oauth2-proxy
version: 6.0.6
version: 6.1.0
45 changes: 23 additions & 22 deletions bitnami/oauth2-proxy/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,28 +209,29 @@ The [Bitnami OAuth2 Proxy](https://github.com/bitnami/containers/tree/main/bitna

### OAuth2 Proxy configuration parameters

| Name | Description | Value |
| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | ------------------ |
| `configuration.clientID` | OAuth client ID | `XXXXXXX` |
| `configuration.clientSecret` | OAuth client secret | `XXXXXXXX` |
| `configuration.cookieSecret` | OAuth cookie secret | `XXXXXXXXXXXXXXXX` |
| `configuration.existingSecret` | Secret with the client ID, secret and cookie secret | `""` |
| `configuration.google.enabled` | Enable Google service account | `false` |
| `configuration.google.adminEmail` | Google admin email | `""` |
| `configuration.google.groups` | Restrict logins to members of these google groups | `[]` |
| `configuration.google.serviceAccountJson` | Google Service account JSON | `""` |
| `configuration.google.existingSecret` | Existing secret containing Google Service Account | `""` |
| `configuration.content` | Default configuration | `""` |
| `configuration.existingConfigmap` | Configmap with the OAuth2 Proxy configuration | `""` |
| `configuration.authenticatedEmailsFile.enabled` | Enable authenticated emails file | `false` |
| `configuration.authenticatedEmailsFile.content` | Restricted access list (one email per line) | `""` |
| `configuration.authenticatedEmailsFile.existingSecret` | Secret with the authenticated emails file | `""` |
| `configuration.htpasswdFile.enabled` | Enable htpasswd file | `false` |
| `configuration.htpasswdFile.existingSecret` | Existing secret for htpasswd file | `""` |
| `configuration.htpasswdFile.content` | htpasswd file entries (one row per user) | `""` |
| `configuration.oidcIssuerUrl` | OpenID Connect issuer URL | `""` |
| `configuration.redirectUrl` | OAuth Redirect URL | `""` |
| `configuration.whiteList` | Allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains | `""` |
| Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------ |
| `configuration.clientID` | OAuth client ID | `XXXXXXX` |
| `configuration.clientSecret` | OAuth client secret | `XXXXXXXX` |
| `configuration.cookieSecret` | OAuth cookie secret | `XXXXXXXXXXXXXXXX` |
| `configuration.existingSecret` | Secret with the client ID, secret and cookie secret | `""` |
| `configuration.google.enabled` | Enable Google service account | `false` |
| `configuration.google.useApplicationDefaultCredentials` | Use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON | `false` |
| `configuration.google.adminEmail` | Google admin email | `""` |
| `configuration.google.groups` | Restrict logins to members of these google groups | `[]` |
| `configuration.google.serviceAccountJson` | Google Service account JSON | `""` |
| `configuration.google.existingSecret` | Existing secret containing Google Service Account | `""` |
| `configuration.content` | Default configuration | `""` |
| `configuration.existingConfigmap` | Configmap with the OAuth2 Proxy configuration | `""` |
| `configuration.authenticatedEmailsFile.enabled` | Enable authenticated emails file | `false` |
| `configuration.authenticatedEmailsFile.content` | Restricted access list (one email per line) | `""` |
| `configuration.authenticatedEmailsFile.existingSecret` | Secret with the authenticated emails file | `""` |
| `configuration.htpasswdFile.enabled` | Enable htpasswd file | `false` |
| `configuration.htpasswdFile.existingSecret` | Existing secret for htpasswd file | `""` |
| `configuration.htpasswdFile.content` | htpasswd file entries (one row per user) | `""` |
| `configuration.oidcIssuerUrl` | OpenID Connect issuer URL | `""` |
| `configuration.redirectUrl` | OAuth Redirect URL | `""` |
| `configuration.whiteList` | Allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains | `""` |

### OAuth2 Proxy deployment parameters

Expand Down
4 changes: 4 additions & 0 deletions bitnami/oauth2-proxy/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,11 @@ spec:
{{- end }}
{{- if .Values.configuration.google.enabled }}
- --google-admin-email={{ .Values.configuration.google.adminEmail }}
{{- if .Values.configuration.google.useApplicationDefaultCredentials }}
- --google-use-application-default-credentials=true
{{- else }}
- --google-service-account-json=/bitnami/oauth2-proxy/conf/google/service-account.json
{{- end }}
{{- if .Values.configuration.google.groups }}
{{- range $group := .Values.configuration.google.groups }}
- --google-group={{ $group }}
Expand Down
2 changes: 2 additions & 0 deletions bitnami/oauth2-proxy/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -352,13 +352,15 @@ configuration:
## Alternatively, use an existing secret (see secret-google.yaml for required fields)
##
## @param configuration.google.enabled Enable Google service account
## @param configuration.google.useApplicationDefaultCredentials Use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON
## @param configuration.google.adminEmail Google admin email
## @param configuration.google.groups Restrict logins to members of these google groups
## @param configuration.google.serviceAccountJson Google Service account JSON
## @param configuration.google.existingSecret Existing secret containing Google Service Account
##
google:
enabled: false
useApplicationDefaultCredentials: false
adminEmail: ""
groups: []
serviceAccountJson: ""
Expand Down

0 comments on commit 5ee114c

Please sign in to comment.