✨ SAML integration prototype (#1475)

* 🔨 Add `AUTH_TYPE` field to `ConfigMap` * 🔨 Add `AUTH_SAML_IDP_METADATA_URL` field to `ConfigMap` * 🔨 Add `AUTH_SAML_X509_CRT` field to `Secret` * 🔨 Add `AUTH_SAML_X509_KEY` field to `Secret` * 🔨 Mount SAML X.509 key pair into `hub` * 🔨 Add `REACT_APP_AUTH_TYPE` environment variable to `front` * 🔧 Add Nginx path rewrite for `/saml` * 🔧 Raise request size to accept big SAML responses * 🔨 Add `REACT_APP_AUTH_TYPE` environment default value * 📝 Update `README.md` * 📝 Update `README.md` * 🔨 Add `AUTH_TYPE` config map key * 🔨 Add `AUTH_SAML_IDP_METADATA_URL` config map key * ☸ Set `CONFIG_AUTH_TYPE` from `TapConfig` * ☸ Set `CONFIG_AUTH_SAML_IDP_METADATA_URL` from `TapConfig` * ✨ Create `SamlConfig` in `TapConfig.AuthConfig` * 🔨 Use updated `tap.auth.saml.idpMetadataUrl` tap config field * 📝 Update `README.md` * 🔨 Add `tap.insgress.enabled/host` to `ConfigMap` * 🔨 Add `tap.proxy.front.port` to `ConfigMap` * 🔨 Add `REACT_APP_AUTH_SAML_IDP_METADATA_URL` env to `front` * 🔧 Supply `auth.saml` fields to `helm-chart/values.yaml` * 🐛 Fix indentation for X.509 secrets * 📝 Provide SAML setup docs * 📝 Update SAML setup docs * 📝 Update SAML setup docs * Added callback URL indication * 💥 Disable standard `Descope` auth --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
2025-09-01 18:47:39 +00:00 · 2024-01-24 02:47:29 +08:00
parent 8e5df14f49
commit a8dd332ff8
10 changed files with 196 additions and 26 deletions
--- a/kubernetes/config.go
+++ b/kubernetes/config.go
@@ -10,16 +10,21 @@ import (
 )

 const (
-	SUFFIX_SECRET                = "secret"
-	SUFFIX_CONFIG_MAP            = "config-map"
-	SECRET_LICENSE               = "LICENSE"
-	CONFIG_POD_REGEX             = "POD_REGEX"
-	CONFIG_NAMESPACES            = "NAMESPACES"
-	CONFIG_SCRIPTING_ENV         = "SCRIPTING_ENV"
-	CONFIG_AUTH_ENABLED          = "AUTH_ENABLED"
-	CONFIG_AUTH_APPROVED_EMAILS  = "AUTH_APPROVED_EMAILS"
-	CONFIG_AUTH_APPROVED_DOMAINS = "AUTH_APPROVED_DOMAINS"
-	CONFIG_AUTH_APPROVED_TENANTS = "AUTH_APPROVED_TENANTS"
+	SUFFIX_SECRET                     = "secret"
+	SUFFIX_CONFIG_MAP                 = "config-map"
+	SECRET_LICENSE                    = "LICENSE"
+	CONFIG_POD_REGEX                  = "POD_REGEX"
+	CONFIG_NAMESPACES                 = "NAMESPACES"
+	CONFIG_SCRIPTING_ENV              = "SCRIPTING_ENV"
+	CONFIG_INGRESS_ENABLED            = "INGRESS_ENABLED"
+	CONFIG_INGRESS_HOST               = "INGRESS_HOST"
+	CONFIG_PROXY_FRONT_PORT           = "PROXY_FRONT_PORT"
+	CONFIG_AUTH_ENABLED               = "AUTH_ENABLED"
+	CONFIG_AUTH_TYPE                  = "AUTH_TYPE"
+	CONFIG_AUTH_APPROVED_EMAILS       = "AUTH_APPROVED_EMAILS"
+	CONFIG_AUTH_APPROVED_DOMAINS      = "AUTH_APPROVED_DOMAINS"
+	CONFIG_AUTH_APPROVED_TENANTS      = "AUTH_APPROVED_TENANTS"
+	CONFIG_AUTH_SAML_IDP_METADATA_URL = "AUTH_SAML_IDP_METADATA_URL"
 )

 func SetSecret(provider *Provider, key string, value string) (updated bool, err error) {