Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] identity client-id for OIDC is not set when an existingSecret is used #2727

Closed
1 task done
hamza-m-masood opened this issue Dec 24, 2024 · 1 comment · Fixed by #2733
Closed
1 task done

[ISSUE] identity client-id for OIDC is not set when an existingSecret is used #2727

hamza-m-masood opened this issue Dec 24, 2024 · 1 comment · Fixed by #2733
Assignees
@hamza-m-masood
Labels
cycle/alpha3 Tasks will be done in alpha3 cycle kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between platform/aws Issues related to AWS platform/gcp Issues related to GCP version/8.5 Camunda applications/cycle version version/8.6 Camunda applications/cycle version version:10.4.7 Issues and PRs related to chart version 10.4.7 version:11.1.1 Issues and PRs related to chart version 11.1.1
Milestone
8.7 Release Cycle

Comments

@hamza-m-masood
Copy link
Contributor

hamza-m-masood commented Dec 24, 2024
edited
Loading

Describe the issue:

When global.identity.auth.[component].existingSecret.name is set in the values.yaml, the client-id in the identity configmap is not populated with a value.

This is because the if statement only allows string literal values and not existingSecrets:

camunda-platform-helm/charts/camunda-platform-8.5/templates/identity/configmap.yaml

Line 21 in c399f09

{{- if (tpl ( include "identity.authClientSecret" . ) .)}}

The above function only references the string literal:

camunda-platform-helm/charts/camunda-platform-8.5/templates/identity/_helpers.tpl

Line 219 in c399f09

{{- .Values.global.identity.auth.identity.existingSecret -}}

It does not reference .Values.global.identity.auth.identity.existingSecret.name as well to provide an existing k8s secret.

This is the case for 8.4 and above

Expected behavior:

I expect OIDC to function with existingSecrets and string literal values.

Logs:

Environment:

Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.

  • Platform:
  • Helm CLI version:
  • Chart version: 8.4,8.5,8.6
  • Values file:

Tasks
Preview Give feedback
  1. fix: client-secret should only be present when string literal provided for oidc #2733
    component/identity version/8.5 version/8.6 version/alpha version:10.4.7 version:11.1.1
@hamza-m-masood hamza-m-masood added the kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between label Dec 24, 2024
@github-actions github-actions bot added platform/aws Issues related to AWS platform/gcp Issues related to GCP labels Dec 24, 2024
@aabouzaid aabouzaid added the cycle/alpha3 Tasks will be done in alpha3 cycle label Dec 30, 2024
@aabouzaid aabouzaid added this to the 8.7 Release Cycle milestone Dec 30, 2024
@hamza-m-masood
Copy link
Contributor Author

hamza-m-masood commented Jan 6, 2025
edited
Loading

It does not reference .Values.global.identity.auth.identity.existingSecret.name as well to provide an existing k8s secret.

Digging into this problem further, I realized that the configmap should not reference the above value, because secrets can't be referenced through a configmap. Secrets must be referenced through env vars. That is currently the case in our helm chart.
The problem still exists with the client-secret when an existing k8s secret is provided from the above value. Here is what the rendered configmap looks like:

    identity:
      url: "url"
      client-id: "test-id"
      client-secret: "map[name:test-k8s-secret]"

I will create a PR to fix this

@hamza-m-masood hamza-m-masood mentioned this issue Jan 6, 2025
Merged
6 tasks
@github-actions github-actions bot added version/8.5 Camunda applications/cycle version version:10.4.7 Issues and PRs related to chart version 10.4.7 version/8.6 Camunda applications/cycle version version:11.1.1 Issues and PRs related to chart version 11.1.1 labels Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hamza-m-masood hamza-m-masood

Labels
cycle/alpha3 Tasks will be done in alpha3 cycle kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between platform/aws Issues related to AWS platform/gcp Issues related to GCP version/8.5 Camunda applications/cycle version version/8.6 Camunda applications/cycle version version:10.4.7 Issues and PRs related to chart version 10.4.7 version:11.1.1 Issues and PRs related to chart version 11.1.1
Projects
None yet
Milestone
8.7 Release Cycle
2 participants
@aabouzaid @hamza-m-masood