From 984d77ae0287313f98860f0b841ddc246f406f4f Mon Sep 17 00:00:00 2001 From: Imre Farkas Date: Tue, 20 Oct 2020 16:44:21 +0200 Subject: [PATCH] Add FortiAuthenticator configuration --- .../charts/sidekiq/templates/configmap.yaml | 1 + .../task-runner/templates/configmap.yaml | 1 + .../charts/webservice/templates/configmap.yml | 1 + .../webservice/templates/deployment.yaml | 1 + .../gitlab/templates/_forti_authenticator.tpl | 38 +++++++++++++++++++ values.yaml | 6 +++ 6 files changed, 48 insertions(+) create mode 100644 charts/gitlab/templates/_forti_authenticator.tpl diff --git a/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/charts/sidekiq/templates/configmap.yaml index d018c43852..bf7a1d8ba4 100644 --- a/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -99,6 +99,7 @@ data: gitlab_ci: {{- include "gitlab.appConfig.ldap.configuration" $ | nindent 6 }} {{- include "gitlab.appConfig.omniauth.configuration" $ | nindent 6 }} + {{- include "gitlab.appConfig.fortiAuthenticator.configuration" $ | nindent 6 }} kerberos: enabled: false shared: diff --git a/charts/gitlab/charts/task-runner/templates/configmap.yaml b/charts/gitlab/charts/task-runner/templates/configmap.yaml index 1cbe362a58..59847f472c 100644 --- a/charts/gitlab/charts/task-runner/templates/configmap.yaml +++ b/charts/gitlab/charts/task-runner/templates/configmap.yaml @@ -86,6 +86,7 @@ data: gitlab_ci: {{- include "gitlab.appConfig.ldap.configuration" $ | nindent 6 }} {{- include "gitlab.appConfig.omniauth.configuration" $ | nindent 6 }} + {{- include "gitlab.appConfig.fortiAuthenticator.configuration" $ | nindent 6 }} kerberos: enabled: false shared: diff --git a/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/charts/webservice/templates/configmap.yml index 4e9ea57798..b179cb8667 100644 --- a/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/charts/webservice/templates/configmap.yml @@ -107,6 +107,7 @@ data: gitlab_ci: {{- include "gitlab.appConfig.ldap.configuration" $ | nindent 6 }} {{- include "gitlab.appConfig.omniauth.configuration" $ | nindent 6 }} + {{- include "gitlab.appConfig.fortiAuthenticator.configuration" $ | nindent 6 }} kerberos: enabled: false shared: diff --git a/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/charts/webservice/templates/deployment.yaml index f62a15ed15..59c871959f 100644 --- a/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -414,6 +414,7 @@ spec: {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "pages" "config" $.Values.global.pages.objectStore) | nindent 10 }} {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }} + {{- include "gitlab.appConfig.fortiAuthenticator.mountSecrets" $ | nindent 10 }} {{- if and $.Values.global.smtp.enabled $.Values.global.smtp.authentication }} - secret: name: {{ $.Values.global.smtp.password.secret | required "Missing required secret containing the SMTP password. Make sure to set `global.smtp.password.secret`" }} diff --git a/charts/gitlab/templates/_forti_authenticator.tpl b/charts/gitlab/templates/_forti_authenticator.tpl new file mode 100644 index 0000000000..ba5e95d755 --- /dev/null +++ b/charts/gitlab/templates/_forti_authenticator.tpl @@ -0,0 +1,38 @@ +{{- define "gitlab.appConfig.fortiAuthenticator.configuration" -}} +{{ with $.Values.global.appConfig }} +forti_authenticator: + enabled: {{ .fortiAuthenticator.enabled }} + {{- if .fortiAuthenticator.host }} + host: {{ .fortiAuthenticator.host }} + {{- end }} + {{- if .fortiAuthenticator.port }} + port: {{ .fortiAuthenticator.port }} + {{- end }} + {{- if .fortiAuthenticator.username }} + username: {{ .fortiAuthenticator.username | quote }} + {{- end }} + {{- if .fortiAuthenticator.access_token }} + access_token: "<%= File.read('/etc/gitlab/forti_authenticator/forti_authenticator_access_token').strip.dump[1..-2] %>" + {{- end }} +{{- end -}} +{{- end -}}{{/* "gitlab.appConfig.fortiAuthenticator.configuration" */}} + +{{- define "gitlab.appConfig.fortiAuthenticator.mountSecrets" -}} +{{ with $.Values.global.appConfig }} +{{- if .fortiAuthenticator.enabled -}} +- secret: + name: {{ template "gitlab.fortiAuthenticator.accessToken.secret" . }} + items: + - key: {{ template "gitlab.fortiAuthenticator.accessToken.key" . }} + path: forti_authenticator/forti_authenticator_access_token +{{- end -}} +{{- end }} +{{- end -}}{{/* "gitlab.appConfig.fortiAuthenticator.mountSecrets" */}} + +{{- define "gitlab.fortiAuthenticator.accessToken.secret" -}} +{{- default (printf "%s-forti_authenticator-secret" .Release.Name) $.Values.global.fortiAuthenticator.accessToken.secret | quote -}} +{{- end -}} + +{{- define "gitlab.fortiAuthenticator.accessToken.key" -}} +{{- default "shared_secret" $.Values.global.fortiAuthenticator.accessToken.key | quote -}} +{{- end -}} diff --git a/values.yaml b/values.yaml index b0aa352af5..395cf71003 100644 --- a/values.yaml +++ b/values.yaml @@ -399,6 +399,12 @@ global: providers: [] # - secret: gitlab-google-oauth2 # key: provider + fortiAuthenticator: + enabled: false + # access_token: + # secret: + # key: + ## doc/charts/globals.md#configure-appconfig-settings sentry: enabled: false -- GitLab