From d7682780f9878d94a8616ca23324ed770f43c5c8 Mon Sep 17 00:00:00 2001
From: tmaeno <tmaeno@bnl.gov>
Date: Wed, 20 Nov 2024 09:32:13 +0100
Subject: [PATCH] moved darkside stuff to doma.init-harvester

---
 secrets/templates/panda.yaml | 10 +++++++++-
 secrets/values.yaml          |  4 ++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/secrets/templates/panda.yaml b/secrets/templates/panda.yaml
index 7c39fc48..549852e9 100644
--- a/secrets/templates/panda.yaml
+++ b/secrets/templates/panda.yaml
@@ -91,8 +91,16 @@ metadata:
 type: Opaque
 stringData:
   {{- range $client := .Values.auth.oidc.clients }}
+  {{- $config_url := $.Values.auth.oidc.config_url }}
+  {{- if $client.config_url }}
+  {{- $config_url = $client.config_url }}
+  {{- end }}
+  {{- $audience := $.Values.auth.oidc.audience }}
+  {{- if $client.audience }}
+  {{- $audience = $client.audience }}
+  {{- end }}
   {{ $client.name }}_auth_config.json: |-
-    {{ $.Files.Get "files/panda_auths/auth_config.json.template" | replace "ROBOT_IDS" $client.robot_ids | replace "ID" $client.client_id | replace "SECRET" $client.client_secret | replace "URL" $.Values.auth.oidc.config_url | replace "AUDIENCE" $.Values.auth.oidc.audience  | replace "NAME" $client.name }}
+    {{ $.Files.Get "files/panda_auths/auth_config.json.template" | replace "ROBOT_IDS" $client.robot_ids | replace "ID" $client.client_id | replace "SECRET" $client.client_secret | replace "URL" $config_url | replace "AUDIENCE" $audience  | replace "NAME" $client.name }}
   {{ end }}
 
 ---
diff --git a/secrets/values.yaml b/secrets/values.yaml
index 49757140..8cb1161d 100644
--- a/secrets/values.yaml
+++ b/secrets/values.yaml
@@ -11,6 +11,7 @@ auth:
   authVO: "panda_dev"
 
   oidc:
+    # default audience and config_url
     audience: "https://pandaserver-doma.cern.ch"
     config_url: "https://panda-iam-doma.cern.ch/.well-known/openid-configuration"
     clients:
@@ -18,6 +19,9 @@ auth:
         client_id: "FIXME"
         client_secret: "FIXME"
         robot_ids: "FIXME"
+        # override default audience and config_url if needed
+        audience: "https://pandaserver-doma.cern.ch"
+        config_url: "https://panda-iam-doma.cern.ch/.well-known/openid-configuration"
       - name: "Rubin"
         client_id: "FIXME"
         client_secret: "FIXME"