add support for insecure skip verify in oauth flow

kubeshop · Aug 7, 2024 · 0cd2840 · 0cd2840
1 parent 2c6d1e4
commit 0cd2840
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 11 deletions.
diff --git a/charts/testkube-cloud-api/README.md b/charts/testkube-cloud-api/README.md
@@ -91,6 +91,7 @@ A Helm chart for Testkube Cloud API
 | api.oauth.issuerUrl | string | `""` | if oauth.secretRef is empty (""), then oauth.issuerUrl field will be used for the OAuth issuer URL |
 | api.oauth.redirectUri | string | `""` | if oauth.secretRef is empty (""), then oauth.redirectUri field will be used for the OAuth redirect URI |
 | api.oauth.secretRef | string | `""` | OAuth secret ref for OAuth configuration (secret must contain keys: OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, OAUTH_ISSUER_URL, OAUTH_REDIRECT_URI) (default is `testkube-cloud-oauth-secret`) |
+| api.oauth.skipVerify | bool | `false` | Toggle whether to skip TLS verification for OAuth issuer |
 | api.outputsBucket | string | `"testkube-cloud-outputs"` | S3 bucket in which outputs are stored |
 | api.redirectSubdomain | string | `""` | Different UI subdomain which gets prepended to the domain. May be used for the redirect from your actual uiSubdomain endpoint. Works is ingressRedirect option is enabled. |
 | api.sendgrid.apiKey | string | `""` | Sendgrid API key |
@@ -214,4 +215,4 @@ A Helm chart for Testkube Cloud API
 | websocketsIngress.labels | object | `{}` | Additional labels to add to the WebSocket Ingress resource |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/charts/testkube-cloud-api/templates/deployment.yaml b/charts/testkube-cloud-api/templates/deployment.yaml
@@ -272,6 +272,8 @@ spec:
             - name: OAUTH_REDIRECT_URI
               value: "{{ if .Values.api.oauth.redirectUri }}{{ .Values.api.oauth.redirectUri }}{{ else }}https://{{ .Values.global.restApiSubdomain }}.{{ .Values.global.domain }}/auth/callback{{ end }}"
               {{- end }}
+            - name: "OAUTH_SKIP_VERIFY"
+              value: "{{ if hasKey .Values.global.tls "skipVerify" }}{{ .Values.global.tls.skipVerify }}{{ else }}{{ .Values.api.oauth.skipVerify }}{{ end }}"
             {{- $natsUri := .Values.global.nats.uri | default .Values.api.nats.uri }}
             - name: NATS_URI
               value: {{ $natsUri }}

diff --git a/charts/testkube-cloud-api/values.yaml b/charts/testkube-cloud-api/values.yaml
@@ -301,6 +301,8 @@ api:
     redirectUri: ""
     # -- Comma-separated list of allowed external redirect URIs (example: `https://cloud.testkube.xyz,http://localhost:3000`)
     allowedExternalRedirectURIs: ""
+    # -- Toggle whether to skip TLS verification for OAuth issuer
+    skipVerify: false
   # -- External log server connection configuration
   logServer:
     # -- Toggle whether to enable external log server connection

diff --git a/charts/testkube-enterprise/README.md b/charts/testkube-enterprise/README.md
@@ -69,7 +69,6 @@ A Helm chart for Testkube Enterprise
 | global.imageRegistry | string | `""` | Global image registry to be prepended for to all images (usually defined in parent chart) |
 | global.ingress.enabled | bool | `true` | Global toggle whether to create Ingress resources |
 | global.labels | object | `{}` | Common labels which will be added to all resources |
-| global.logsSubdomain | string | `"logs"` | UI subdomain which get prepended to the domain |
 | global.mongo.allowDiskUse | bool | `false` | Allow or prohibit writing temporary files on disk when a pipeline stage exceeds the 100 megabyte limit. |
 | global.mongo.database | string | `"testkubeEnterpriseDB"` | Mongo database name |
 | global.mongo.dsn | string | `"mongodb://testkube-enterprise-mongodb:27017"` | Mongo DSN connection string |
@@ -78,7 +77,6 @@ A Helm chart for Testkube Enterprise
 | global.nats.uri | string | `"nats://testkube-enterprise-nats:4222"` | NATS URI |
 | global.redirectSubdomain | string | `"app"` | Different UI subdomain which gets prepended to the domain. May be used for the redirect from your actual uiSubdomain endpoint. Works is ingressRedirect option is enabled. |
 | global.restApiSubdomain | string | `"api"` | REST API subdomain which get prepended to the domain |
-| global.statusPagesApiSubdomain | string | `"status"` | Status Pages API subdomain which get prepended to the domain |
 | global.storage.accessKeyId | string | `"testkube-enterprise"` | S3 Access Key ID |
 | global.storage.credsSecretRef | string | `""` | Credentials secret ref (secret should contain keys: root-user, root-password, token) (default is `testkube-cloud-minio-secret`) |
 | global.storage.endpoint | string | `"{{ .Values.global.storageApiSubdomain }}.{{ .Values.global.domain }}"` | Endpoint to a S3 compatible storage service (without protocol) |
@@ -216,6 +214,7 @@ A Helm chart for Testkube Enterprise
 | testkube-cloud-api.api.oauth.issuerUrl | string | `""` | if oauth.secretRef is empty (""), then oauth.issuerUrl field will be used for the OAuth issuer URL |
 | testkube-cloud-api.api.oauth.redirectUri | string | `""` | If oauth.secretRef is empty (""), then oauth.redirectUri field will be used for the OAuth redirect URI |
 | testkube-cloud-api.api.oauth.secretRef | string | `""` | OAuth secret ref for OAuth configuration (secret must contain keys: OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, OAUTH_ISSUER_URL, OAUTH_REDIRECT_URI) (default is `testkube-cloud-oauth-secret`) |
+| testkube-cloud-api.api.oauth.skipVerify | bool | `false` | Toggle whether to skip TLS verification for OAuth issuer |
 | testkube-cloud-api.api.outputsBucket | string | `"testkube-cloud-outputs"` | S3 bucket in which to store logs & artifacts |
 | testkube-cloud-api.api.sendgrid.apiKey | string | `""` | Sendgrid API key |
 | testkube-cloud-api.api.sendgrid.secretRef | string | `""` | Secret API key secret ref (secret must contain key SENDGRID_API_KEY) |
@@ -270,4 +269,4 @@ A Helm chart for Testkube Enterprise
 | testkube-worker-service.resources | object | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"75m","memory":"64Mi"}}` | Set resources requests and limits for Testkube Worker Service |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml
@@ -16,8 +16,6 @@ global:
   # -- Domain under which endpoints are exposed
   domain: ""
   # -- UI subdomain which get prepended to the domain
-  logsSubdomain: "logs"
-  # -- UI subdomain which get prepended to the domain
   uiSubdomain: "dashboard"
   # -- Different UI subdomain which gets prepended to the domain. May be used for the redirect from your actual uiSubdomain endpoint. Works is ingressRedirect option is enabled.
   redirectSubdomain: "app"
@@ -27,8 +25,6 @@ global:
   grpcApiSubdomain: "agent"
   # -- Websocket API subdomain which get prepended to the domain
   websocketApiSubdomain: "websockets"
-  # -- Status Pages API subdomain which get prepended to the domain
-  statusPagesApiSubdomain: "status"
   # -- Storage API subdomain which get prepended to the domain
   storageApiSubdomain: "storage"
   # -- TLS certificate provider. Set to "cert-manager" for integration with cert-manager or leave empty for other methods
@@ -87,8 +83,8 @@ global:
     # -- Credentials secret ref (secret should contain keys: root-user, root-password, token) (default is `testkube-cloud-minio-secret`)
     credsSecretRef: ""
   tls: {}
-  # -- Toggle whether to globally skip certificate verification
-  #skipVerify: false
+    # -- Toggle whether to globally skip certificate verification
+    #skipVerify: true
 # Testkube requires a variety of secrets to operate.
 # Any secret not provided manually will be automatically generated with a random value by the shared secret job.
 sharedSecretGenerator:
@@ -366,13 +362,15 @@ testkube-cloud-api:
       redirectUri: ""
       # -- if oauth.secretRef is empty (""), then oauth.issuerUrl field will be used for the OAuth issuer URL
       issuerUrl: ""
+      # -- Toggle whether to skip TLS verification for OAuth issuer
+      skipVerify: false
     # -- S3 bucket in which to store logs & artifacts
     outputsBucket: testkube-cloud-outputs
   prometheus:
     enabled: false
   ingress:
     className: nginx
-  ##Test Connection pod
+  ## Test Connection pod
   testConnection:
     enabled: false
 ## Testkube Cloud UI chart parameters