From bebf2282f9f8c854c5aca3c19566faa81ae7cc7f Mon Sep 17 00:00:00 2001 From: lostlevels Date: Mon, 23 Jan 2023 12:23:01 -0800 Subject: [PATCH 1/3] Add environment variables related to Apple App Attestation. --- charts/tidepool/Chart.yaml | 2 +- charts/tidepool/charts/auth/README.md | 3 +++ .../charts/auth/templates/0-configmap.yaml | 3 +++ .../charts/auth/templates/1-deployment.yaml | 18 ++++++++++++++++++ charts/tidepool/charts/auth/values.yaml | 4 ++++ 5 files changed, 29 insertions(+), 1 deletion(-) diff --git a/charts/tidepool/Chart.yaml b/charts/tidepool/Chart.yaml index 3b7a8f884..5269b573b 100644 --- a/charts/tidepool/Chart.yaml +++ b/charts/tidepool/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart for Tidepool name: tidepool -version: 0.14.5 +version: 0.14.6 maintainers: - name: Todd Kazakov email: todd@tidepool.org diff --git a/charts/tidepool/charts/auth/README.md b/charts/tidepool/charts/auth/README.md index 7f41e6b5f..3158f3c13 100644 --- a/charts/tidepool/charts/auth/README.md +++ b/charts/tidepool/charts/auth/README.md @@ -14,6 +14,9 @@ Helm chart for the Tidepool auth service | configmap.data_.AppleDeviceCheckKeyId | string | `"B542R658GF"` | | | configmap.data_.AppleDeviceCheckKeyIssuer | string | `"75U4X84TEG"` | used for checking generating jwts, which are required for checking the validity of apple device tokens during the insulet authorization flow. | | configmap.data_.AppleDeviceCheckUseDevelopment | string | `"true"` | | +| configmap.data_.AppValidationUseDevelopment | string | `"true"` | | +| configmap.data_.AppValidationAppleAppID | string | `"75U4X84TEG.org.tidepool.coastal.Loop"` | | +| configmap.data_.AppValidationChallengeSize | string | `"16"` | | | deployment.image | string | `"tidepool/platform-auth:master-latest"` | auth Docker image | | deployment.replicas | int | `1` | number of replicas to deploy | | hpa.enabled | bool | `false` | whether to create a horizontal pod autoscalers for all pods of given deployment | diff --git a/charts/tidepool/charts/auth/templates/0-configmap.yaml b/charts/tidepool/charts/auth/templates/0-configmap.yaml index 8a9e4ed78..f8e98b6ed 100644 --- a/charts/tidepool/charts/auth/templates/0-configmap.yaml +++ b/charts/tidepool/charts/auth/templates/0-configmap.yaml @@ -11,4 +11,7 @@ data: AppleDeviceCheckKeyId: {{ .AppleDeviceCheckKeyId | default "" }} AppleDeviceCheckKeyIssuer: {{ .AppleDeviceCheckKeyIssuer | default "" }} AppleDeviceCheckUseDevelopment: "{{ .AppleDeviceCheckUseDevelopment | default "true" }}" + AppValidationUseDevelopment: "{{ .AppValidationUseDevelopment | default "true" }}" + AppValidationAppleAppID: "{{ .AppValidationAppleAppID | default "" }}" + AppValidationChallengeSize: "{{ .AppValidationChallengeSize | default "16" }}" {{- end }} \ No newline at end of file diff --git a/charts/tidepool/charts/auth/templates/1-deployment.yaml b/charts/tidepool/charts/auth/templates/1-deployment.yaml index bea129ecd..270eca805 100644 --- a/charts/tidepool/charts/auth/templates/1-deployment.yaml +++ b/charts/tidepool/charts/auth/templates/1-deployment.yaml @@ -120,6 +120,24 @@ spec: name: auth key: AppleDeviceCheckUseDevelopment optional: true + - name: TIDEPOOL_APPVALIDATION_USE_DEVELOPMENT + valueFrom: + configMapKeyRef: + name: auth + key: AppValidationUseDevelopment + optional: true + - name: TIDEPOOL_APPVALIDATION_APPLE_APP_ID + valueFrom: + configMapKeyRef: + name: auth + key: AppValidationAppleAppID + optional: true + - name: TIDEPOOL_APPVALIDATION_CHALLENGE_SIZE + valueFrom: + configMapKeyRef: + name: auth + key: AppValidationChallengeSize + optional: true image: "{{ .Values.deployment.image }}" securityContext: {{- .Values.podSecurityContext | toYaml | nindent 10 }} diff --git a/charts/tidepool/charts/auth/values.yaml b/charts/tidepool/charts/auth/values.yaml index 017d32dc9..5d50e5bc6 100644 --- a/charts/tidepool/charts/auth/values.yaml +++ b/charts/tidepool/charts/auth/values.yaml @@ -10,6 +10,10 @@ configmap: AppleDeviceCheckKeyIssuer: "75U4X84TEG" AppleDeviceCheckKeyId: "B542R658GF" AppleDeviceCheckUseDevelopment: "true" + # -- used for app attestation to determine if an app is a valid instance of an IOS app. + AppValidationUseDevelopment: "true" + AppValidationAppleAppID: "75U4X84TEG.org.tidepool.coastal.Loop" + AppValidationChallengeSize: "16" deployment: # -- auth Docker image image: tidepool/platform-auth:master-latest From 0f44d26ddc7f955333d350e5a2098b61334e1b00 Mon Sep 17 00:00:00 2001 From: lostlevels Date: Fri, 27 Jan 2023 14:18:30 -0800 Subject: [PATCH 2/3] Change singular apple app id to plural. --- .gitignore | 1 + charts/tidepool/charts/auth/README.md | 2 +- charts/tidepool/charts/auth/templates/0-configmap.yaml | 2 +- charts/tidepool/charts/auth/templates/1-deployment.yaml | 4 ++-- charts/tidepool/charts/auth/values.yaml | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 601791d1b..2cbc18123 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ local/* .helm tilt_modules/ .idea/ +.DS_Store diff --git a/charts/tidepool/charts/auth/README.md b/charts/tidepool/charts/auth/README.md index 3158f3c13..6efc1b754 100644 --- a/charts/tidepool/charts/auth/README.md +++ b/charts/tidepool/charts/auth/README.md @@ -15,7 +15,7 @@ Helm chart for the Tidepool auth service | configmap.data_.AppleDeviceCheckKeyIssuer | string | `"75U4X84TEG"` | used for checking generating jwts, which are required for checking the validity of apple device tokens during the insulet authorization flow. | | configmap.data_.AppleDeviceCheckUseDevelopment | string | `"true"` | | | configmap.data_.AppValidationUseDevelopment | string | `"true"` | | -| configmap.data_.AppValidationAppleAppID | string | `"75U4X84TEG.org.tidepool.coastal.Loop"` | | +| configmap.data_.AppValidationAppleAppIDs | string | `"75U4X84TEG.org.tidepool.coastal.Loop"` | | | configmap.data_.AppValidationChallengeSize | string | `"16"` | | | deployment.image | string | `"tidepool/platform-auth:master-latest"` | auth Docker image | | deployment.replicas | int | `1` | number of replicas to deploy | diff --git a/charts/tidepool/charts/auth/templates/0-configmap.yaml b/charts/tidepool/charts/auth/templates/0-configmap.yaml index f8e98b6ed..297ef0457 100644 --- a/charts/tidepool/charts/auth/templates/0-configmap.yaml +++ b/charts/tidepool/charts/auth/templates/0-configmap.yaml @@ -12,6 +12,6 @@ data: AppleDeviceCheckKeyIssuer: {{ .AppleDeviceCheckKeyIssuer | default "" }} AppleDeviceCheckUseDevelopment: "{{ .AppleDeviceCheckUseDevelopment | default "true" }}" AppValidationUseDevelopment: "{{ .AppValidationUseDevelopment | default "true" }}" - AppValidationAppleAppID: "{{ .AppValidationAppleAppID | default "" }}" + AppValidationAppleAppIDs: "{{ .AppValidationAppleAppIDs | default "" }}" AppValidationChallengeSize: "{{ .AppValidationChallengeSize | default "16" }}" {{- end }} \ No newline at end of file diff --git a/charts/tidepool/charts/auth/templates/1-deployment.yaml b/charts/tidepool/charts/auth/templates/1-deployment.yaml index 270eca805..d3ad93462 100644 --- a/charts/tidepool/charts/auth/templates/1-deployment.yaml +++ b/charts/tidepool/charts/auth/templates/1-deployment.yaml @@ -126,11 +126,11 @@ spec: name: auth key: AppValidationUseDevelopment optional: true - - name: TIDEPOOL_APPVALIDATION_APPLE_APP_ID + - name: TIDEPOOL_APPVALIDATION_APPLE_APP_IDS valueFrom: configMapKeyRef: name: auth - key: AppValidationAppleAppID + key: AppValidationAppleAppIDs optional: true - name: TIDEPOOL_APPVALIDATION_CHALLENGE_SIZE valueFrom: diff --git a/charts/tidepool/charts/auth/values.yaml b/charts/tidepool/charts/auth/values.yaml index 5d50e5bc6..79f338e3b 100644 --- a/charts/tidepool/charts/auth/values.yaml +++ b/charts/tidepool/charts/auth/values.yaml @@ -12,7 +12,7 @@ configmap: AppleDeviceCheckUseDevelopment: "true" # -- used for app attestation to determine if an app is a valid instance of an IOS app. AppValidationUseDevelopment: "true" - AppValidationAppleAppID: "75U4X84TEG.org.tidepool.coastal.Loop" + AppValidationAppleAppIDs: "75U4X84TEG.org.tidepool.coastal.Loop" AppValidationChallengeSize: "16" deployment: # -- auth Docker image From 82c4b59923caf51a6634bae7fa6efe51452f158b Mon Sep 17 00:00:00 2001 From: lostlevels Date: Mon, 30 Jan 2023 16:20:01 -0800 Subject: [PATCH 3/3] Add all supported app ids. --- charts/tidepool/charts/auth/README.md | 2 +- charts/tidepool/charts/auth/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tidepool/charts/auth/README.md b/charts/tidepool/charts/auth/README.md index 6efc1b754..e2baccadd 100644 --- a/charts/tidepool/charts/auth/README.md +++ b/charts/tidepool/charts/auth/README.md @@ -15,7 +15,7 @@ Helm chart for the Tidepool auth service | configmap.data_.AppleDeviceCheckKeyIssuer | string | `"75U4X84TEG"` | used for checking generating jwts, which are required for checking the validity of apple device tokens during the insulet authorization flow. | | configmap.data_.AppleDeviceCheckUseDevelopment | string | `"true"` | | | configmap.data_.AppValidationUseDevelopment | string | `"true"` | | -| configmap.data_.AppValidationAppleAppIDs | string | `"75U4X84TEG.org.tidepool.coastal.Loop"` | | +| configmap.data_.AppValidationAppleAppIDs | string | `"75U4X84TEG.org.tidepool.coastal.Loop,75U4X84TEG.org.tidepool.Loop"` | | | configmap.data_.AppValidationChallengeSize | string | `"16"` | | | deployment.image | string | `"tidepool/platform-auth:master-latest"` | auth Docker image | | deployment.replicas | int | `1` | number of replicas to deploy | diff --git a/charts/tidepool/charts/auth/values.yaml b/charts/tidepool/charts/auth/values.yaml index 79f338e3b..aaa2bbd68 100644 --- a/charts/tidepool/charts/auth/values.yaml +++ b/charts/tidepool/charts/auth/values.yaml @@ -12,7 +12,7 @@ configmap: AppleDeviceCheckUseDevelopment: "true" # -- used for app attestation to determine if an app is a valid instance of an IOS app. AppValidationUseDevelopment: "true" - AppValidationAppleAppIDs: "75U4X84TEG.org.tidepool.coastal.Loop" + AppValidationAppleAppIDs: "75U4X84TEG.org.tidepool.coastal.Loop,75U4X84TEG.org.tidepool.Loop" AppValidationChallengeSize: "16" deployment: # -- auth Docker image