feat(dispatch) add support for authentication plugins. Starting with auth header and doing the ground work for PKCE and basic auth.

2023-12-16 20:33:01 +01:00 · 2023-12-16 20:33:01 +01:00 · efcafb9ccb
commit efcafb9ccb
parent dde1030afa
6 changed files with 50 additions and 1 deletions
--- a/charts/dispatch/Chart.yaml
+++ b/charts/dispatch/Chart.yaml
@ -1,4 +1,4 @@
 apiVersion: v2
 name: dispatch
 description: Netflix Dispatch incident management system
-version: 0.3.0
+version: 0.3.1
--- a/charts/dispatch/templates/core-deployment.yaml
+++ b/charts/dispatch/templates/core-deployment.yaml
@ -26,6 +26,8 @@ spec:
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          env:
+            - name: MJML_PATH
+              value: /node_modules/.bin
            - name:  DISPATCH_UI_URL
              value: "{{ .Values.url }}"
            - name:  DATABASE_HOSTNAME
@ -34,6 +36,12 @@ spec:
              value: "{{ .Values.postgres.port }}"
            - name:  DATABASE_NAME
              value: "{{ .Values.postgres.database_name }}"
+            {{ if eq .Values.authentication.provider_slug "dispatch-auth-provider-header" }}
+            - name:  DISPATCH_AUTHENTICATION_PROVIDER_SLUG
+              value: "{{ .Values.authentication.provider_slug }}"
+            - name:  DISPATCH_AUTHENTICATION_PROVIDER_HEADER_NAME
+              value: "{{ .Values.authentication.header.header_name }}"
+            {{ end }} 
          envFrom:
            - secretRef:
                name: {{ .Values.envFromSecret }}
--- a/charts/dispatch/templates/dispatch-db-init.yaml
+++ b/charts/dispatch/templates/dispatch-db-init.yaml
@ -21,6 +21,8 @@ spec:
          image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}"
          command: ["dispatch", "database", "init"]
          env: &dispatchEnv
+            - name: MJML_PATH
+              value: /node_modules/.bin
            - name:  DISPATCH_UI_URL
              value: "{{ .Values.url }}"
            - name:  DATABASE_HOSTNAME
@ -29,6 +31,12 @@ spec:
              value: "{{ .Values.postgres.port }}"
            - name:  DATABASE_NAME
              value: "{{ .Values.postgres.database_name }}"
+            {{ if eq .Values.authentication.provider_slug "dispatch-auth-provider-header" }}
+            - name:  DISPATCH_AUTHENTICATION_PROVIDER_SLUG
+              value: "{{ .Values.authentication.provider_slug }}"
+            - name:  DISPATCH_AUTHENTICATION_PROVIDER_HEADER_NAME
+              value: "{{ .Values.authentication.header.header_name }}"
+            {{ end }} 
          envFrom:
            - secretRef:
                name: {{ .Values.envFromSecret }}
--- a/charts/dispatch/templates/scheduler-deployment.yaml
+++ b/charts/dispatch/templates/scheduler-deployment.yaml
@ -21,6 +21,12 @@ spec:
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command: ["dispatch", "scheduler", "start"]
          env:
+            - name: MJML_PATH
+              value: /node_modules/.bin
+            - name: DISPATCH_AUTHENTICATION_PROVIDER_SLUG
+              value: "{{ .Values.authentication.provider_slug }}"
+            - name: DISPATCH_AUTHENTICATION_DEFAULT_USER
+              value: dispatch@
            - name:  DISPATCH_UI_URL
              value: "{{ .Values.url }}"
            - name:  DATABASE_HOSTNAME
@ -29,6 +35,12 @@ spec:
              value: "{{ .Values.postgres.port }}"
            - name:  DATABASE_NAME
              value: "{{ .Values.postgres.database_name }}"
+            {{ if eq .Values.authentication.provider_slug "dispatch-auth-provider-header" }}
+            - name:  DISPATCH_AUTHENTICATION_PROVIDER_SLUG
+              value: "{{ .Values.authentication.provider_slug }}"
+            - name:  DISPATCH_AUTHENTICATION_PROVIDER_HEADER_NAME
+              value: "{{ .Values.authentication.header.header_name }}"
+            {{ end }} 
          envFrom:
            - secretRef:
                name: {{ .Values.envFromSecret }}
--- a/charts/dispatch/templates/web-deployment.yaml
+++ b/charts/dispatch/templates/web-deployment.yaml
@ -20,6 +20,8 @@ spec:
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          command: ["dispatch", "database", "upgrade"]
          env: &dispatchEnv
+            - name: MJML_PATH
+              value: /node_modules/.bin
            - name:  DISPATCH_UI_URL
              value: "{{ .Values.url }}"
            - name:  DATABASE_HOSTNAME
@ -28,6 +30,12 @@ spec:
              value: "{{ .Values.postgres.port }}"
            - name:  DATABASE_NAME
              value: "{{ .Values.postgres.database_name }}"
+            {{ if eq .Values.authentication.provider_slug "dispatch-auth-provider-header" }}
+            - name:  DISPATCH_AUTHENTICATION_PROVIDER_SLUG
+              value: "{{ .Values.authentication.provider_slug }}"
+            - name:  DISPATCH_AUTHENTICATION_PROVIDER_HEADER_NAME
+              value: "{{ .Values.authentication.header.header_name }}"
+            {{ end }} 
          envFrom: &envFrom
            - secretRef:
                name: {{ .Values.envFromSecret }}
--- a/charts/dispatch/values.yaml
+++ b/charts/dispatch/values.yaml
@ -16,6 +16,19 @@ initContainers:

 url: http://localhost:80

+authentication:
+  #provider_slug: dispatch-auth-provider-basic
+  # provider_slug: dispatch-auth-provider-pkce
+  pkce:
+    dont_verify_at_hash: false
+    openid_connect_url: 
+    client_id: 
+    use_id_token: 
+  provider_slug: dispatch-auth-provider-header
+  header:
+    header_name: Tailscale-User-Login
+
+
 core:
  enabled: true