Merge pull request #725 from quanghungb/dex-addon-oauth-connector

[Addon] [dex] upgrade chart version and add support of oauth connector
kubevela · Sep 26, 2023 · 9d8c812 · 9d8c812
2 parents 4e447da + 01a8d30
commit 9d8c812
Show file tree

Hide file tree

Showing 5 changed files with 125 additions and 6 deletions.
diff --git a/addons/dex/config-templates/dex-connector.cue b/addons/dex/config-templates/dex-connector.cue
@@ -41,10 +41,13 @@ template: {
 		if parameter.type == "google" && parameter.google != _|_ {
 			stringData: google: json.Marshal(parameter.google)
 		}
+		if parameter.type == "oauth" && parameter.oauth != _|_ {
+			stringData: oauth: json.Marshal(parameter.oauth)
+		}
 	}
 	parameter: {
 		// +usage=Connetor type
-		type: *"github" | "ldap" | "gitlab" | "oidc" | "saml" | "google"
+		type: *"github" | "ldap" | "gitlab" | "oidc" | "saml" | "google" | "oauth"
 		// +usage=GitHub connector
 		github?: {
 			// +usage=GitHub client ID
@@ -132,5 +135,42 @@ template: {
 			// +usage=Email of attributes in the returned assertions to map to ID token claims.
 			emailAttr: string
 		}
+		// +usage=OAuth connector
+		oauth?: {
+			// +usage=OAuth client ID
+			clientID: string
+			// +usage=OAuth client secret
+			clientSecret: string
+			// +usage=OAuth redirect URI - for instance [VelaUX address:port]/dex/callback
+			redirectURI: string
+			// +usage=OAuth token URL
+			tokenURL: string
+			// +usage=OAuth authorization URL
+			authorizationURL: string
+			// +usage=OAuth user info URL
+			userInfoURL: string
+			// +usage=Optional: Specify whether to communicate to Auth provider without validating SSL certificates
+			insecureSkipVerify?: bool | *false
+			// +usage=Optional: The location of file containing SSL certificates to communicate to Auth provider
+			rootCAs?: string
+			// +usage=Optional: Configurable keys for user ID look up
+			userIDKey?: string | *"username"
+			// +usage=Optional: List of scopes to request Auth provider for access user account
+			scopes?: [...string]
+			// +usage=Auth providers return non-standard user identity profile. Use claimMapping to map those user informations to standard claims:
+			claimMapping: {
+				// +usage=Optional: Configurable keys for user name look up
+				userNameKey?: string | *"name"
+				// +usage=Optional: Configurable keys for preferred username look up
+				preferredUsernameKey? : string | *"username"
+				// +usage=Optional: Configurable keys for user groups look up
+				groupsKey?: string
+				// +usage=Optional: Configurable keys for email look up
+				emailKey?: string
+				// +usage=Configurable keys for email verified look up
+				emailVerifiedKey?: string
+			}
+
+		}
 	}
 }
diff --git a/addons/dex/metadata.yaml b/addons/dex/metadata.yaml
@@ -1,5 +1,5 @@
 name: dex
-version: 0.6.6
+version: 0.7.0
 description: Enable dex for login
 icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/dex/horizontal/color/dex-horizontal-color.png
 
@@ -12,4 +12,4 @@ dependencies:
   - name: fluxcd
 
 system:
-  vela: ">=v1.6.0-alpha.6"
+  vela: ">=v1.6.0-alpha.6"
diff --git a/addons/dex/readme.md b/addons/dex/readme.md
@@ -9,6 +9,10 @@ Please refer to [Dex's Website](https://dexidp.io/docs/) for more details.
 
 ## Versions
 
+* 0.7.0
+    * upgrade the dex chart to [v 0.15.3](https://artifacthub.io/packages/helm/dex/dex/0.15.3) that deploys dex `2.37.0`
+    * add support of [Dex OAuth connector](https://dexidp.io/docs/connectors/oauth/
+
 * 0.6.6
+    * Change the dex-connector component definition to the config template.
 
-Change the dex-connector component definition to the config template.
diff --git a/addons/dex/schemas/config-uischema-dex-connector.yaml b/addons/dex/schemas/config-uischema-dex-connector.yaml
@@ -172,3 +172,78 @@
         colSpan: 12
     - jsonKey: startTLS
       sort: 103
+
+- jsonKey: oauth
+  sort: 15
+  uiType: Ignore
+  validate:
+    required: true
+  conditions:
+    - jsonKey: type
+      op: "=="
+      value: "oauth"
+  subParameters:
+    - jsonKey: clientID
+      uiType: Password
+      sort: 3
+      style:
+        colSpan: 12
+    - jsonKey: clientSecret
+      uiType: Password
+      sort: 5
+      style:
+        colSpan: 12
+    - jsonKey: redirectURI
+      sort: 7
+      style:
+        colSpan: 12
+    - jsonKey: tokenURL
+      sort: 9
+      style:
+        colSpan: 12
+    - jsonKey: authorizationURL
+      sort: 11
+      style:
+        colSpan: 12
+    - jsonKey: userInfoURL
+      sort: 13
+      style:
+        colSpan: 12
+
+    - jsonKey: claimMapping
+      sort: 15
+      style:
+        colSpan: 24
+      subParameters:
+      - jsonKey: userNameKey
+        style:
+          colSpan: 12
+      - jsonKey: preferredUsernameKey
+        style:
+          colSpan: 12
+      - jsonKey: groupsKey
+        style:
+          colSpan: 12
+      - jsonKey: emailKey
+        style:
+          colSpan: 12
+      - jsonKey: emailVerifiedKey
+        style:
+          colSpan: 12
+
+    - jsonKey: insecureSkipVerify
+      sort: 19
+      style:
+        colSpan: 24
+    - jsonKey: userIDKey
+      sort: 21
+      style:
+        colSpan: 12
+    - jsonKey: scopes
+      sort: 23
+      style:
+        colSpan: 24
+    - jsonKey: rootCAs
+      sort: 25
+      style:
+        colSpan: 24
diff --git a/addons/dex/template.yaml b/addons/dex/template.yaml
@@ -9,7 +9,7 @@ spec:
       type: helm
       properties:
         chart: dex
-        version: "0.6.5"
+        version: "0.15.3"
         url: "https://charts.dexidp.io"
         repoType: helm
         values:
@@ -56,4 +56,4 @@ spec:
               secretName: kubevela-logo
               items:
               - key: favicon-dark
-                path: favicon.png
+                path: favicon.png