Make oidc config optional in discovery

aserto-dev · Jan 8, 2025 · a03b552 · a03b552
1 parent 4f1f29a
commit a03b552
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 79 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -90,6 +90,13 @@ jobs:
           TOPAZ_CERTS_DIR: ${{ env.TOPAZ_CERTS_DIR }}
         run: |
           uv run --project tools/ktest tools/ktest/ktest.py charts/topaz/test/tests.yaml
+      -
+        name: Test Discovery
+        timeout-minutes: 10
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          uv run --project tools/ktest tools/ktest/ktest.py charts/discovery/test/tests.yaml
       -
         name: Deploy Postgres
         run: |
@@ -126,10 +133,3 @@ jobs:
           TOPAZ_CERTS_DIR: ${{ env.TOPAZ_CERTS_DIR }}
         run: |
           uv run --project tools/ktest tools/ktest/ktest.py charts/directory/test/tests.yaml
-      -
-        name: Test Discovery
-        timeout-minutes: 10
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          uv run --project tools/ktest tools/ktest/ktest.py charts/discovery/test/tests.yaml
diff --git a/charts/discovery/templates/config.yaml b/charts/discovery/templates/config.yaml
@@ -36,7 +36,7 @@ stringData:
 
     ds0:
       {{- include "aserto-lib.rootDirectoryClient" . | nindent 6 }}
-  
+
     authorization:
       enabled: {{ .Values.authorization.enabled }}
       ignored_methods:
@@ -47,10 +47,14 @@ stringData:
     authentication:
       authenticators_enabled:
         root_key: true
+        {{- with .Values.oidc }}
         oidc: true
+        {{- end }}
 
+      {{- with .Values.oidc -}}
       oidc:
         {{- include "aserto-lib.oidcConfig" . | nindent 8 }}
+      {{- end }}
 
       root_keys:
         keys:

diff --git a/charts/discovery/test/no-tls.values.yaml b/charts/discovery/test/no-tls.values.yaml
@@ -1,85 +1,19 @@
+---
 image:
-  repository: ghcr.io/aserto-dev/self-hosted-discovery
-  pullPolicy: IfNotPresent
   tag: 0.1.4-9679fe1-amd64
 
-# REQUIRED: specify and OIDC domain and audience
-oidc:
-  domain: "fake.domain"
-  audience: "fake.audience"
-
 apiKey:
   secretName: discovery-keys
   secretKey: api-key
 
 rootDS:
   address: "topaz.discovery-no-tls.svc.cluster.local:8282"
   apiKey: " "
-  tenantID: ""  
+  tenantID: ""
   noTLS: true
 
 registries:
   ghcr.io:
     scheme: bearer
     tokenSecretName: discovery-ghcr-token
     tokenSecretKey: token
-
-
-bundleDefaults:
-  responseHeaderTimeoutSeconds: 60
-  minDelaySeconds: 600
-  maxDelaySeconds: 1200
-
-cacheSettings:
-  type: "bigcache"
-  cacheConfig:
-    ttl: 900000000000  # 15 minutes
-
-replicaCount: 1
-
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:  
-  create: false  
-  annotations: {}  
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext: {}
-
-securityContext: {}
-
-service:
-  type: ClusterIP
-
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: discovery.example.com
-      port: https
-    - host: grpc.discovery.example.com
-      port: grpc
-      paths:
-        - path: /
-          pathType: Prefix
-  tls: []  
-
-resources: {}  
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80  
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
diff --git a/charts/discovery/values.yaml b/charts/discovery/values.yaml
@@ -1,3 +1,4 @@
+---
 # Default values for directory.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
@@ -8,10 +9,10 @@ image:
   # Overrides the image tag whose default is the chart appVersion.
   # tag: x.y.z
 
-# REQUIRED: specify and OIDC domain and audience
+# Optional: OpenID Connect domain and audience.
 oidc:
-  domain: ""
-  audience: ""
+#   domain: ""
+#   audience: ""
 
 apiKey:
   secretName: discovery-keys