Rework OAuth sources (#244)

This change request includes two different things to improve OAuth source handling: - Allow multiple OAuth source configuration (Fixes: #191) - Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242) ⚠️ BREAKING ⚠️ --- Users need to migrate their `gitea.oauth` configuration. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-20 22:43:55 +08:00 · 2021-12-20 22:43:55 +08:00 · 6d9362ed39
commit 6d9362ed39
parent cd09ccfcdb
5 changed files with 95 additions and 32 deletions
--- a/README.md
+++ b/README.md
@ -87,6 +87,13 @@ gitea:
  podAnnotations: {}
 ```

+### Multiple OAuth authentication sources
+
+With `5.0.0` of this Chart it is now possible to configure Gitea with multiple
+OAuth sources. As a result, you need to update an existing OAuth configuration
+in your customized `values.yaml` by replacing the object with settings to a list
+of settings objects. See [OAuth2 Settings](#oauth-settings) section for details.
+
 ## Chart upgrade from 3.x.x to 4.0.0

 :warning: The most recent `4.0.0` update brings some breaking changes. Please note
@ -521,20 +528,42 @@ deleted. Deleting OAuth2 settings has to be done in the ui. All OAuth2 values,
 which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are
 available.

+Multiple OAuth2 sources can be configured with additional OAuth list items.
+
 ```yaml
 gitea:
  oauth:
-    enabled: true
-    name: 'MyAwesomeGiteaOAuth'
-    provider: 'openidConnect'
-    key: 'hello'
-    secret: 'world'
-    autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration'
-    #useCustomUrls:
-    #customAuthUrl:
-    #customTokenUrl:
-    #customProfileUrl:
-    #customEmailUrl:
+    - name: 'MyAwesomeGiteaOAuth'
+      provider: 'openidConnect'
+      key: 'hello'
+      secret: 'world'
+      autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration'
+      #useCustomUrls:
+      #customAuthUrl:
+      #customTokenUrl:
+      #customProfileUrl:
+      #customEmailUrl:
+```
+
+You can also use an existing secret to set the `key` and `secret`:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-oauth-secret
+type: Opaque
+stringData:
+  key: hello
+  secret: world
+```
+
+```yaml
+gitea:
+  oauth:
+    - name: 'MyAwesomeGiteaOAuth'
+      existingSecret: gitea-oauth-secret
+        ...
 ```

 ### Metrics and profiling