mirror of https://gerrit.hackerspace.pl/hscloud
app/matrix: make cas deployment configurable
This is an alternative to https://gerrit.hackerspace.pl/509 that was reverted in https://gerrit.hackerspace.pl/541 . This has already been deployed. Change-Id: I7d54943c970804cac910e0e15201d1c3fa337489changes/23/523/2
parent
9e5a8b8520
commit
8483d37581
|
@ -54,6 +54,15 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
||||||
cas: {
|
cas: {
|
||||||
# whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
|
# whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
|
||||||
enable: false,
|
enable: false,
|
||||||
|
# generate client ID and secret in with your OAuth2 provider, refer to https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/
|
||||||
|
oauth2: {
|
||||||
|
clientID: error "cas.oauth2.clientID must be set",
|
||||||
|
clientSecret: error "cas.oauth2.clientSecret must be set",
|
||||||
|
scope: error "cas.oauth2.scope must be set",
|
||||||
|
authorizeURL: error "cas.oauth2.authorizeURL must be set",
|
||||||
|
tokenURL: error "cas.oauth2.tokenURL must be set",
|
||||||
|
userinfoURL: error "cas.oauth2.userinfoURL must be set",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -138,8 +147,12 @@ local postgres = import "../../../kube/postgres.libsonnet";
|
||||||
env_: {
|
env_: {
|
||||||
BASE_URL: "https://%s" % [cfg.webDomain],
|
BASE_URL: "https://%s" % [cfg.webDomain],
|
||||||
SERVICE_URL: "https://%s" % [cfg.webDomain],
|
SERVICE_URL: "https://%s" % [cfg.webDomain],
|
||||||
OAUTH2_CLIENT: "matrix",
|
OAUTH2_CLIENT: cfg.cas.oauth2.clientID,
|
||||||
OAUTH2_SECRET: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
|
OAUTH2_SECRET: cfg.cas.oauth2.clientSecret,
|
||||||
|
OAUTH2_SCOPE: cfg.cas.oauth2.scope,
|
||||||
|
OAUTH2_AUTHORIZE: cfg.cas.oauth2.authorizeURL,
|
||||||
|
OAUTH2_TOKEN: cfg.cas.oauth2.tokenURL,
|
||||||
|
OAUTH2_USERINFO: cfg.cas.oauth2.userinfoURL,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -11,6 +11,14 @@ matrix {
|
||||||
serverName: "hackerspace.pl",
|
serverName: "hackerspace.pl",
|
||||||
cas: {
|
cas: {
|
||||||
enable: true,
|
enable: true,
|
||||||
|
oauth2: {
|
||||||
|
clientID: "matrix",
|
||||||
|
clientSecret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
|
||||||
|
scope: "profile:read",
|
||||||
|
authorizeURL: "https://sso.hackerspace.pl/oauth/authorize",
|
||||||
|
tokenURL: "https://sso.hackerspace.pl/oauth/token",
|
||||||
|
userinfoURL: "https://sso.hackerspace.pl/api/1/profile",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue