From e6904a9bec762d7b6658388b224149f24d4e0bbb Mon Sep 17 00:00:00 2001 From: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com> Date: Fri, 13 Dec 2024 13:53:02 +0100 Subject: [PATCH] fix(alpha): add missing auth for grpc api --- .../templates/core/configmap.yaml | 13 ++++++++++++- .../golden/configmap-authorizations.golden.yaml | 7 +++++++ .../unit/core/golden/configmap-log4j2.golden.yaml | 7 +++++++ .../test/unit/core/golden/configmap.golden.yaml | 7 +++++++ 4 files changed, 33 insertions(+), 1 deletion(-) diff --git a/charts/camunda-platform-alpha/templates/core/configmap.yaml b/charts/camunda-platform-alpha/templates/core/configmap.yaml index 2419d5e022..036d074ca4 100644 --- a/charts/camunda-platform-alpha/templates/core/configmap.yaml +++ b/charts/camunda-platform-alpha/templates/core/configmap.yaml @@ -38,7 +38,6 @@ data: redirect-uri: "{{ tpl .Values.global.identity.auth.core.redirectUrl $ | default $redirectURIDefault }}/login/oauth2/code/core" provider: oidcclient scope: openid,profile - {{- else }} spring: profiles: @@ -70,6 +69,18 @@ data: # zeebe.broker.gateway gateway: enable: true + # zeebe.broker.gateway.security + security: + authentication: + {{- if .Values.global.identity.auth.enabled }} + mode: identity + {{- $issuerURIDefault := (include "camundaPlatform.authIssuerBackendUrl" . | replace ":80" "") }} + issuerBackendUrl: {{ (include "camundaPlatform.authIssuerUrl" .) | default $issuerURIDefault | quote }} + audience: {{ include "core.authClientId" . | quote }} + type: {{ lower .Values.global.identity.auth.type | default "keycloak" }} + {{- else }} + mode: none + {{- end }} network: host: 0.0.0.0 port: {{ .Values.core.service.grpcPort }} diff --git a/charts/camunda-platform-alpha/test/unit/core/golden/configmap-authorizations.golden.yaml b/charts/camunda-platform-alpha/test/unit/core/golden/configmap-authorizations.golden.yaml index 99f3f89e06..948d34b73b 100644 --- a/charts/camunda-platform-alpha/test/unit/core/golden/configmap-authorizations.golden.yaml +++ b/charts/camunda-platform-alpha/test/unit/core/golden/configmap-authorizations.golden.yaml @@ -58,6 +58,13 @@ data: # zeebe.broker.gateway gateway: enable: true + # zeebe.broker.gateway.security + security: + authentication: + mode: identity + issuerBackendUrl: "http://localhost:18080/auth/realms/camunda-platform" + audience: "core" + type: keycloak network: host: 0.0.0.0 port: 26500 diff --git a/charts/camunda-platform-alpha/test/unit/core/golden/configmap-log4j2.golden.yaml b/charts/camunda-platform-alpha/test/unit/core/golden/configmap-log4j2.golden.yaml index c3ddecf19c..000e3b3ec3 100644 --- a/charts/camunda-platform-alpha/test/unit/core/golden/configmap-log4j2.golden.yaml +++ b/charts/camunda-platform-alpha/test/unit/core/golden/configmap-log4j2.golden.yaml @@ -58,6 +58,13 @@ data: # zeebe.broker.gateway gateway: enable: true + # zeebe.broker.gateway.security + security: + authentication: + mode: identity + issuerBackendUrl: "http://localhost:18080/auth/realms/camunda-platform" + audience: "core" + type: keycloak network: host: 0.0.0.0 port: 26500 diff --git a/charts/camunda-platform-alpha/test/unit/core/golden/configmap.golden.yaml b/charts/camunda-platform-alpha/test/unit/core/golden/configmap.golden.yaml index e96d235c0f..1f398437d5 100644 --- a/charts/camunda-platform-alpha/test/unit/core/golden/configmap.golden.yaml +++ b/charts/camunda-platform-alpha/test/unit/core/golden/configmap.golden.yaml @@ -58,6 +58,13 @@ data: # zeebe.broker.gateway gateway: enable: true + # zeebe.broker.gateway.security + security: + authentication: + mode: identity + issuerBackendUrl: "http://localhost:18080/auth/realms/camunda-platform" + audience: "core" + type: keycloak network: host: 0.0.0.0 port: 26500