defenseunicorns · ericwyles · May 3, 2024 · Mar 27, 2024 · Mar 28, 2024 · Mar 28, 2024
diff --git a/chart/templates/mattermost-sso-secret.yaml b/chart/templates/mattermost-sso-secret.yaml
@@ -0,0 +1,15 @@
+# This secret will be used if sso is disabled, instead of the templated one in uds-package.yaml. 
+# Mattermost needs to mount the secret and creating it this way avoids creating an unnecessary 
+# client in the keycloak realm and unnecessary secret data in the cluster.
+{{- if not .Values.sso.enabled }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.sso.secretName }}
+  namespace:  {{ .Release.Namespace }}
+type: "Opaque"
+stringData:
+  MM_GITLABSETTINGS_ENABLE: "{{ .Values.sso.enabled | toString }}"
+
+{{- end }}
diff --git a/chart/templates/mattermost-sso.yaml b/chart/templates/mattermost-sso.yaml
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
@@ -4,6 +4,30 @@ metadata:
   name: mattermost
   namespace: {{ .Release.Namespace }}
 spec:
+  {{- if .Values.sso.enabled }}
+  sso:
+    - name: Mattermost Login
+      clientId: uds-swf-mattermost
+      redirectUris:
+        - "https://chat.uds.dev/*"
+      defaultClientScopes:
+        - "openid"
+        - "mapper-oidc-username-username"
+        - "mapper-oidc-mattermostid-id"
+        - "mapper-oidc-email-email" 
+
+      secretName: {{ .Values.sso.secretName }}
+      secretTemplate:
+        MM_GITLABSETTINGS_ENABLE: "{{ .Values.sso.enabled | toString }}"
+        MM_GITLABSETTINGS_ID: "clientField(clientId)"
+        MM_GITLABSETTINGS_SECRET: "clientField(secret)"
+        MM_GITLABSETTINGS_AUTHENDPOINT: "https://sso.{{ .Values.domain }}/realms/uds/protocol/openid-connect/auth"
+        MM_GITLABSETTINGS_TOKENENDPOINT: "http://keycloak-http.keycloak.svc.cluster.local:8080/realms/uds/protocol/openid-connect/token"
+        MM_GITLABSETTINGS_USERAPIENDPOINT: "https://sso.{{ .Values.domain }}/realms/uds/protocol/openid-connect/userinfo"
+        MM_EMAILSETTINGS_ENABLESIGNUPWITHEMAIL: "{{ .Values.sso.enable_sign_up_with_email | toString }}"
+        MM_EMAILSETTINGS_ENABLESIGNINWITHEMAIL: "{{ .Values.sso.enable_sign_in_with_email | toString }}"
+        MM_EMAILSETTINGS_ENABLESIGNINWITHUSERNAME: "{{ .Values.sso.enable_sign_in_with_username | toString }}"
+  {{- end }}
   network:
     expose:
       - service: mattermost-enterprise-edition

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -1,3 +1,5 @@
+domain: "###ZARF_VAR_DOMAIN###"
+
 objectStorage:
   secure: true
   accessKey: ""
@@ -16,16 +18,13 @@ postgres:
   connectionOptions: ""
 
 sso:
-  enabled: false
-  client_id: ""
-  client_secret: ""
-  auth_endpoint: ""
-  token_endpoint: ""
-  user_api_endpoint: ""
+  enabled: true
+  secretName: mattermost-sso
+
   # These should typically be disabled if SSO is enabled
-  enable_sign_up_with_email: true
-  enable_sign_in_with_email: true
-  enable_sign_in_with_username: true
+  enable_sign_up_with_email: false
+  enable_sign_in_with_email: false
+  enable_sign_in_with_username: false
 
 # The subdomain for the mattermost server, will be prefixed to your domain (ex: mattermost.example.com)
 subdomain: "chat"

@@ -2,11 +2,11 @@ includes:
   - cleanup: ./tasks/cleanup.yaml
   - dependencies: ./tasks/dependencies.yaml
   - test: ./tasks/test.yaml
-  - create: https://github.com/defenseunicorns/uds-common/v0.4.0/tasks/create.yaml
-  - lint: https://github.com/defenseunicorns/uds-common/v0.4.0/tasks/lint.yaml
-  - pull: https://github.com/defenseunicorns/uds-common/v0.4.0/tasks/pull.yaml
-  - deploy: https://github.com/defenseunicorns/uds-common/v0.4.0/tasks/deploy.yaml
-  - setup: https://github.com/defenseunicorns/uds-common/v0.4.0/tasks/setup.yaml
+  - create: https://github.com/defenseunicorns/uds-common/v0.4.2/tasks/create.yaml
+  - lint: https://github.com/defenseunicorns/uds-common/v0.4.2/tasks/lint.yaml
+  - pull: https://github.com/defenseunicorns/uds-common/v0.4.2/tasks/pull.yaml
+  - deploy: https://github.com/defenseunicorns/uds-common/v0.4.2/tasks/deploy.yaml
+  - setup: https://github.com/defenseunicorns/uds-common/v0.4.2/tasks/setup.yaml
 
 tasks:
   - name: default
@@ -39,6 +39,12 @@ tasks:
       - task: dependencies:create
       - task: create:test-bundle
 
+  - name: dev
+    description: Create and deploy the bundle on an existing cluster (for iteration/dev speed)
+    actions:
+      - task: create-mm-test-bundle
+      - task: deploy:test-bundle
+
 # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
 
   - name: test-package