Merge pull request #127 from tmaeno/main

Enabling Individual config URL and audience for each OIDC client

secrets/templates/panda.yaml

@@ -91,8 +91,16 @@ metadata:
 type: Opaque
 stringData:
   {{- range $client := .Values.auth.oidc.clients }}
+  {{- $config_url := $.Values.auth.oidc.config_url }}
+  {{- if $client.config_url }}
+  {{- $config_url = $client.config_url }}
+  {{- end }}
+  {{- $audience := $.Values.auth.oidc.audience }}
+  {{- if $client.audience }}
+  {{- $audience = $client.audience }}
+  {{- end }}
   {{ $client.name }}_auth_config.json: |-
-    {{ $.Files.Get "files/panda_auths/auth_config.json.template" | replace "ROBOT_IDS" $client.robot_ids | replace "ID" $client.client_id | replace "SECRET" $client.client_secret | replace "URL" $.Values.auth.oidc.config_url | replace "AUDIENCE" $.Values.auth.oidc.audience  | replace "NAME" $client.name }}
+    {{ $.Files.Get "files/panda_auths/auth_config.json.template" | replace "ROBOT_IDS" $client.robot_ids | replace "ID" $client.client_id | replace "SECRET" $client.client_secret | replace "URL" $config_url | replace "AUDIENCE" $audience  | replace "NAME" $client.name }}
   {{ end }}
 
 ---

secrets/values.yaml

@@ -11,13 +11,17 @@ auth:
   authVO: "panda_dev"
 
   oidc:
+    # default audience and config_url
     audience: "https://pandaserver-doma.cern.ch"
     config_url: "https://panda-iam-doma.cern.ch/.well-known/openid-configuration"
     clients:
       - name: "panda_dev"
         client_id: "FIXME"
         client_secret: "FIXME"
         robot_ids: "FIXME"
+        # override default audience and config_url if needed
+        audience: "https://pandaserver-doma.cern.ch"
+        config_url: "https://panda-iam-doma.cern.ch/.well-known/openid-configuration"
       - name: "Rubin"
         client_id: "FIXME"
         client_secret: "FIXME"