feat(directus): add oidc

pluralsh · Apr 13, 2023 · 6660554 · 6660554
1 parent e075090
commit 6660554
Show file tree

Hide file tree

Showing 12 changed files with 64 additions and 59 deletions.
diff --git a/directus/helm/directus/Chart.yaml b/directus/helm/directus/Chart.yaml
@@ -3,9 +3,9 @@ name: directus
 description: helm chart for directus
 type: application
 version: 0.1.0
-appVersion: 9.25.0
+appVersion: 9.25.1
 dependencies:
   - name: postgres
     version: 0.1.16
     repository: https://pluralsh.github.io/module-library
-    condition: postgres.enabled
+    condition: postgres.enabled
diff --git a/directus/helm/directus/main.yaml b/directus/helm/directus/main.yaml
diff --git a/directus/helm/directus/templates/deployment.yaml b/directus/helm/directus/templates/deployment.yaml
@@ -53,6 +53,23 @@ spec:
                 secretKeyRef:
                   name: {{ include "directus-plural.secretName" . }}
                   key: secret
+            {{- if .Values.directus.oidc.enabled }}
+            - name: AUTH_PLURAL_ISSUER_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "directus-plural.secretName" . }}
+                  key: oidc-issuer
+            - name: AUTH_PLURAL_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "directus-plural.secretName" . }}
+                  key: oidc-client-id
+            - name: AUTH_PLURAL_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "directus-plural.secretName" . }}
+                  key: oidc-client-secret
+            {{- end }}
           ports:
             - name: http
               containerPort: 8055

diff --git a/directus/helm/directus/templates/secret.yaml b/directus/helm/directus/templates/secret.yaml
@@ -7,3 +7,8 @@ metadata:
 stringData:
   key: {{ .Values.directus.key }}
   secret: {{ .Values.directus.secret }}
+  {{- if .Values.directus.oidc.enabled }}}
+  oidc-issuer: {{ .Values.directus.oidc.issuer }}
+  oidc-client-id: {{ .Values.directus.oidc.clientId }}
+  oidc-client-secret: {{ .Values.directus.oidc.clientSecret }}
+  {{- end }}
diff --git a/directus/helm/directus/values.yaml b/directus/helm/directus/values.yaml
@@ -91,4 +91,4 @@ affinity: {}
 
 env:
   DB_CLIENT: pg
-  NODE_TLS_REJECT_UNAUTHORIZED: 0
+  NODE_TLS_REJECT_UNAUTHORIZED: 0
diff --git a/directus/helm/directus/values.yaml.tpl b/directus/helm/directus/values.yaml.tpl
@@ -18,10 +18,23 @@ postgres:
 
 env:
   PUBLIC_URL: https://{{ $hostname }}
+  {{ if .OIDC }}
+  AUTH_PROVIDERS: plural
+  AUTH_PLURAL_DRIVER: openid
+  AUTH_PLURAL_SCOPE: openid profile
+  AUTH_PLURAL_ALLOW_PUBLIC_REGISTRATION: true
+  {{ end }}
 
 directus:
   key: {{ $key }}
   secret: {{ $secret }}
+  {{ if .OIDC }}
+  oidc:
+    enabled: true
+    clientId: {{ .OIDC.ClientId }}
+    clientSecret: {{ .OIDC.ClientSecret }}
+    issuer: {{ .OIDC.Configuration.Issuer }}
+  {{ end }}
 
 ingress:
   enabled: true

diff --git a/directus/plural/notes.tpl b/directus/plural/notes.tpl
@@ -1 +1,8 @@
 Your directus installation is available at https://{{ .Values.hostname }}
+
+{{ if .OIDC }}
+Your directus has been configured with OAuth against your plural account!
+{{ else }}
+You are using standard username/password authentication, so user management will be manual via the ADMIN_EMAIL and ADMIN_PASSWORD environment variables.
+We strongly recommend that you consider installing with OIDC enabled.
+{{ end }}
diff --git a/directus/plural/recipes/directus-aws.yaml b/directus/plural/recipes/directus-aws.yaml
@@ -6,6 +6,10 @@ dependencies:
   name: aws-k8s
 - repo: ingress-nginx
   name: ingress-nginx-aws
+oidcSettings:
+  authMethod: POST
+  uriFormat: https://{domain}/auth/login/plural/callback
+  domainKey: hostname
 sections:
 - name: directus
   configuration:

diff --git a/directus/plural/recipes/directus-azure.yaml b/directus/plural/recipes/directus-azure.yaml
@@ -6,6 +6,10 @@ dependencies:
   name: azure-k8s
 - repo: ingress-nginx
   name: ingress-nginx-azure
+oidcSettings:
+  authMethod: POST
+  uriFormat: https://{domain}/auth/login/plural/callback
+  domainKey: hostname
 sections:
 - name: directus
   configuration:

diff --git a/directus/plural/recipes/directus-gcp.yaml b/directus/plural/recipes/directus-gcp.yaml
@@ -6,6 +6,10 @@ dependencies:
   name: gcp-k8s
 - repo: ingress-nginx
   name: ingress-nginx-gcp
+oidcSettings:
+  authMethod: POST
+  uriFormat: https://{domain}/auth/login/plural/callback
+  domainKey: hostname
 sections:
 - name: directus
   configuration:

diff --git a/directus/repository.yaml b/directus/repository.yaml
@@ -1,9 +1,14 @@
 name: directus
-description: directus deployed on plural
+description: The Modern Data Stack 🐰 — Directus is an instant REST+GraphQL API and intuitive no-code data collaboration app for any SQL database.
 category: DATA
 private: true
 releaseStatus: ALPHA
 icon: plural/icons/directus-logo-stacked.png
 notes: plural/notes.tpl
+homepage: https://directus.io/engine
+gitUrl: https://github.com/directus/directus
+oauthSettings:
+  uriFormat: https://{domain}/auth/login/plural/callback
+  authMethod: POST
 contributors:
 - [email protected]
diff --git a/directus/vendor_images.yaml b/directus/vendor_images.yaml
@@ -1,4 +1,4 @@
 docker.io:
   images:
     directus/directus:
-    - "9.25.0"
+    - "9.25.1"