From e2d8ad6856cca2b4320aa57be741f79d729c2b97 Mon Sep 17 00:00:00 2001 From: Chandra Keshav Mishra Date: Tue, 11 Feb 2025 15:10:48 +0530 Subject: [PATCH 1/2] [MOSIP-39656] added google client secret as env variables Signed-off-by: Chandra Keshav Mishra --- deploy/mimoto/install.sh | 24 ++++++++++++++++--- helm/mimoto/templates/clusterrolebinding.yaml | 19 --------------- helm/mimoto/templates/serets.yaml | 24 +++++++++++++++++++ helm/mimoto/values.yaml | 9 ++++++- 4 files changed, 53 insertions(+), 23 deletions(-) delete mode 100644 helm/mimoto/templates/clusterrolebinding.yaml create mode 100644 helm/mimoto/templates/serets.yaml diff --git a/deploy/mimoto/install.sh b/deploy/mimoto/install.sh index 8fa1f30f5..9e279370f 100755 --- a/deploy/mimoto/install.sh +++ b/deploy/mimoto/install.sh @@ -30,10 +30,10 @@ function installing_mimoto() { echo "Do you have public domain & valid SSL? (Y/n) " echo "Y: if you have public domain & valid ssl certificate" echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments." - read -p "" flag + read -p -r "" flag if [ -z "$flag" ]; then - echo "'flag' was provided; EXITING;" + echo "'flag' was not provided; EXITING;" exit 1; fi ENABLE_INSECURE='' @@ -55,8 +55,26 @@ function installing_mimoto() { kubectl -n config-server rollout restart deployment config-server kubectl -n config-server rollout status deployment config-server + echo "Please share relevant google client id "> + read -p -r "" clientId + + if [ -z "$clientId" ]; then + echo "'clientId' was not provided; EXITING;" + exit 1; + fi + echo "Please share relevant google secret key" + read -p -r "" secretKey + + if [ -z "$secretKey" ]; then + echo "'secretKey' was not provided; EXITING;" + exit 1; + fi + + echo Installing mimoto - helm -n $NS install mimoto mosip/mimoto --version $MIMOTO_CHART_VERSION $ENABLE_INSECURE + helm -n $NS install mimoto mosip/mimoto --version $MIMOTO_CHART_VERSION $ENABLE_INSECURE \ + --set mimoto.secrets.googleClient.MOSIP_INJIWEB_GOOGLE_CLIENT_ID="$clientId" \ + --set mimoto.secrets.googleClient.MOSIP_INJIWEB_GOOGLE_CLIENT_SECRET="$secretKey" kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status diff --git a/helm/mimoto/templates/clusterrolebinding.yaml b/helm/mimoto/templates/clusterrolebinding.yaml deleted file mode 100644 index a00045072..000000000 --- a/helm/mimoto/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "mimoto.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/helm/mimoto/templates/serets.yaml b/helm/mimoto/templates/serets.yaml new file mode 100644 index 000000000..667dba388 --- /dev/null +++ b/helm/mimoto/templates/serets.yaml @@ -0,0 +1,24 @@ +{{- if .Values.mimoto.secrets }} +{{- range $secret_name, $secret_value := .Values.mimoto.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secret_name }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- range $key, $value := $secret_value }} + {{ $key }}: {{ $value | b64enc | quote }} + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/helm/mimoto/values.yaml b/helm/mimoto/values.yaml index 3a0f132de..205af39f9 100644 --- a/helm/mimoto/values.yaml +++ b/helm/mimoto/values.yaml @@ -251,7 +251,8 @@ extraEnvVarsCM: ## Secret with extra environment variables ## -extraEnvVarsSecret: [] +extraEnvVarsSecret: + - googleClient ## Extra volumes to add to the deployment ## @@ -468,3 +469,9 @@ volumes: mimotooidc: key: oidckeystore.p12 path: /home/mosip/certs + +mimoto: + secrets: + googleClient: + MOSIP_INJIWEB_GOOGLE_CLIENT_ID: "your-app-google-client-id" + MOSIP_INJIWEB_GOOGLE_CLIENT_SECRET: "your-app-google-client-secret" From c7584c9487032928a0bf5fe935e5906ec81cec35 Mon Sep 17 00:00:00 2001 From: Chandra Keshav Mishra Date: Tue, 11 Feb 2025 15:13:14 +0530 Subject: [PATCH 2/2] [MOSIP-39656] Rename serets.yaml to secrets.yaml Signed-off-by: Chandra Keshav Mishra --- helm/mimoto/templates/{serets.yaml => secrets.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename helm/mimoto/templates/{serets.yaml => secrets.yaml} (100%) diff --git a/helm/mimoto/templates/serets.yaml b/helm/mimoto/templates/secrets.yaml similarity index 100% rename from helm/mimoto/templates/serets.yaml rename to helm/mimoto/templates/secrets.yaml