From fadc083ea06ccb7ca518a15ff3936ab667476644 Mon Sep 17 00:00:00 2001 From: Nikhil Jha Date: Tue, 23 Apr 2024 16:52:43 -0700 Subject: [PATCH] :sparkles: enable oauth2 --- .transpire.py | 20 ++++++++++++++++++++ gamja/config.json | 4 ++++ 2 files changed, 24 insertions(+) diff --git a/.transpire.py b/.transpire.py index a1e7ea5..67abeb7 100644 --- a/.transpire.py +++ b/.transpire.py @@ -174,6 +174,15 @@ def objects(): "kill-timeout": "1s", "max-concurrency": 64, }, + "oauth2": { + "enabled": True, + "autocreate": True, + "introspection-url": "https://idm.ocf.berkeley.edu/realms/ocf/protocol/openid-connect/token/introspect", + "introspection-timeout": "10s", + "client-id": "ergo", + # Set via ERGO__ACCOUNTS__OAUTH2__CLIENT_SECRET + # "client-secret": "" + } }, "channels": { "default-modes": "+ntC", @@ -318,6 +327,16 @@ def objects(): }, } + # Secrets + yield { + "apiVersion": "v1", + "kind": "Secret", + "metadata": {"name": "ircd-secrets"}, + "stringData": { + "ERGO__ACCOUNTS__OAUTH2__CLIENT_SECRET": "", + }, + } + ircd_labels = {"k8s.ocf.io/app": name, "k8s.ocf.io/component": "ircd"} yield { "apiVersion": "apps/v1", @@ -340,6 +359,7 @@ def objects(): {"name": "ircd-config", "mountPath": "/ircd"}, {"name": "ircd-tls", "mountPath": "/etc/ssl"}, ], + "envFrom": [{"secretRef": {"name": "ircd-secrets"}}], }, { "name": "gamja", diff --git a/gamja/config.json b/gamja/config.json index 79233c7..26df664 100644 --- a/gamja/config.json +++ b/gamja/config.json @@ -2,5 +2,9 @@ "server": { "url": "wss://irc-dev.ocf.berkeley.edu:8097", "autojoin": "#rebuild" + }, + "oauth2": { + "url": "https://idm.ocf.berkeley.edu/realms/ocf", + "client_id": "ergo" } }