chore(authelia): cleanup secret a bit (#7768)
* chore(authelia): cleanup secret a bit * Daemonset -> DaemonSet * fix some typos * no group on nested var * more typos * cspell * lowercase all
This commit is contained in:
@@ -36,7 +36,7 @@ sources:
|
||||
- https://github.com/authelia/chartrepo
|
||||
- https://github.com/authelia/authelia
|
||||
type: application
|
||||
version: 15.0.8
|
||||
version: 15.0.9
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- security
|
||||
|
||||
@@ -22,8 +22,8 @@ questions:
|
||||
required: true
|
||||
- variable: default_redirection_url
|
||||
group: "App Configuration"
|
||||
label: "Default Redirection Url"
|
||||
description: "If user tries to authenticate without any referer, this is used"
|
||||
label: "Default Redirection URL"
|
||||
description: "If user tries to authenticate without any referrer, this is used"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
@@ -44,7 +44,7 @@ questions:
|
||||
description: "dark"
|
||||
- variable: log
|
||||
group: "App Configuration"
|
||||
label: "Log Configuration "
|
||||
label: "Log Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
@@ -179,7 +179,7 @@ questions:
|
||||
- variable: regulation
|
||||
group: "App Configuration"
|
||||
label: "Regulation Configuration"
|
||||
description: "his mechanism prevents attackers from brute forcing the first factor."
|
||||
description: "This mechanism prevents attackers from brute forcing the first factor."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
@@ -241,15 +241,15 @@ questions:
|
||||
subquestions:
|
||||
- variable: implementation
|
||||
label: "Implementation"
|
||||
description: "The LDAP implementation, this affects elements like the attribute utilised for resetting a password"
|
||||
description: "The LDAP implementation, this affects elements like the attribute utilized for resetting a password"
|
||||
schema:
|
||||
type: string
|
||||
default: "custom"
|
||||
enum:
|
||||
- value: "activedirectory"
|
||||
description: "activedirectory"
|
||||
description: "Active Directory"
|
||||
- value: "custom"
|
||||
description: "custom"
|
||||
description: "Custom"
|
||||
- variable: url
|
||||
label: "URL"
|
||||
description: "The url to the ldap server. Format: <scheme>://<address>[:<port>]"
|
||||
@@ -446,7 +446,7 @@ questions:
|
||||
- variable: notifier
|
||||
group: "App Configuration"
|
||||
label: "Notifier Configuration"
|
||||
description: "otifications are sent to users when they require a password reset, a u2f registration or a TOTP registration."
|
||||
description: "Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
@@ -804,7 +804,7 @@ questions:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: "enabled"
|
||||
label: "Enabled"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
@@ -2,26 +2,31 @@
|
||||
{{- define "authelia.secrets" -}}
|
||||
{{- $basename := include "tc.v1.common.lib.chart.names.fullname" $ -}}
|
||||
{{- $fetchname := printf "%s-authelia-secrets" $basename -}}
|
||||
{{- $autheliaprevious := lookup "v1" "Secret" .Release.Namespace $fetchname }}
|
||||
{{- $oidckey := "" }}
|
||||
{{- $oidcsecret := "" }}
|
||||
{{- $jwtsecret := "" }}
|
||||
{{- $sessionsecret := "" }}
|
||||
{{- $encryptionkey := "" }}
|
||||
|
||||
{{/* Initialize all keys */}}
|
||||
{{- $oidckey := genPrivateKey "rsa" }}
|
||||
{{- $oidcsecret := randAlphaNum 32 }}
|
||||
{{- $jwtsecret := randAlphaNum 50 }}
|
||||
{{- $sessionsecret := randAlphaNum 50 }}
|
||||
{{- $encryptionkey := randAlphaNum 100 }}
|
||||
|
||||
enabled: true
|
||||
data:
|
||||
{{- if $autheliaprevious }}
|
||||
SESSION_ENCRYPTION_KEY: {{ index $autheliaprevious.data "SESSION_ENCRYPTION_KEY" | b64dec }}
|
||||
JWT_TOKEN: {{ index $autheliaprevious.data "JWT_TOKEN" | b64dec }}
|
||||
ENCRYPTION_KEY: {{ index $autheliaprevious.data "ENCRYPTION_KEY" | b64dec }}
|
||||
{{- else }}
|
||||
{{- $jwtsecret := randAlphaNum 50 }}
|
||||
{{- $sessionsecret := randAlphaNum 50 }}
|
||||
{{- $encryptionkey := randAlphaNum 100 }}
|
||||
{{ with (lookup "v1" "Secret" .Release.Namespace $fetchname) }}
|
||||
{{/* Get previous values and decode */}}
|
||||
{{ $sessionsecret = (index .data "SESSION_ENCRYPTION_KEY") | b64dec }}
|
||||
{{ $jwtsecret = (index .data "JWT_TOKEN") | b64dec }}
|
||||
{{ $encryptionkey = (index .data "ENCRYPTION_KEY") | b64dec }}
|
||||
|
||||
{{/* Check if those keys ever existed. as OIDC is optional */}}
|
||||
{{ if and (hasKey .data "OIDC_PRIVATE_KEY") (hasKey .data "OIDC_HMAC_SECRET") }}
|
||||
{{ $oidckey = (index .data "OIDC_PRIVATE_KEY") | b64dec }}
|
||||
{{ $oidcsecret = (index .data "OIDC_HMAC_SECRET") | b64dec }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
SESSION_ENCRYPTION_KEY: {{ $sessionsecret }}
|
||||
JWT_TOKEN: {{ $jwtsecret}}
|
||||
JWT_TOKEN: {{ $jwtsecret }}
|
||||
ENCRYPTION_KEY: {{ $encryptionkey }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.authentication_backend.ldap.enabled }}
|
||||
LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }}
|
||||
@@ -42,15 +47,8 @@ data:
|
||||
REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" }}
|
||||
{{- end }}
|
||||
|
||||
{{- if $autheliaprevious }}
|
||||
{{- if and ( hasKey $autheliaprevious.data "OIDC_PRIVATE_KEY" ) ( hasKey $autheliaprevious.data "OIDC_HMAC_SECRET" ) }}
|
||||
OIDC_PRIVATE_KEY: {{ index $autheliaprevious.data "OIDC_PRIVATE_KEY" | b64dec }}
|
||||
OIDC_HMAC_SECRET: {{ index $autheliaprevious.data "OIDC_HMAC_SECRET" | b64dec }}
|
||||
{{- else }}
|
||||
{{- $oidckey := genPrivateKey "rsa" }}
|
||||
{{- $oidcsecret := randAlphaNum 32 }}
|
||||
{{- if .Values.identity_providers.oidc.enabled }}
|
||||
OIDC_PRIVATE_KEY: {{ $oidckey }}
|
||||
OIDC_HMAC_SECRET: {{ $oidcsecret }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
+26
-25
@@ -10,6 +10,7 @@ words:
|
||||
- appname
|
||||
- appnamehere
|
||||
- auditlog
|
||||
- authelia
|
||||
- authentik
|
||||
- authexample
|
||||
- authkey
|
||||
@@ -22,7 +23,7 @@ words:
|
||||
- basicauthexample
|
||||
- batnoter
|
||||
- bazarr
|
||||
- Blocklists
|
||||
- blocklists
|
||||
- blocktype
|
||||
- briefkasten
|
||||
- bugfixer's
|
||||
@@ -46,8 +47,8 @@ words:
|
||||
- csgo
|
||||
- cuda
|
||||
- daemonset
|
||||
- DASHDOT
|
||||
- DATAPOINTS
|
||||
- dashdot
|
||||
- datapoints
|
||||
- datascience
|
||||
- dbcreds
|
||||
- dbengine
|
||||
@@ -65,11 +66,11 @@ words:
|
||||
- emby
|
||||
- entrypoints
|
||||
- eptgmk
|
||||
- EXIF
|
||||
- exif
|
||||
- fireshare
|
||||
- flatnotes
|
||||
- flemarr
|
||||
- Flemmarr
|
||||
- flemmarr
|
||||
- flushtables
|
||||
- forcegc
|
||||
- fullname
|
||||
@@ -78,8 +79,8 @@ words:
|
||||
- gibibyte
|
||||
- gluster
|
||||
- goauthentik
|
||||
- Gotify
|
||||
- Groupname
|
||||
- gotify
|
||||
- groupname
|
||||
- gunicorn
|
||||
- healthcheck
|
||||
- healthchecks
|
||||
@@ -111,7 +112,7 @@ words:
|
||||
- kavita
|
||||
- keepalive
|
||||
- killswitch
|
||||
- Kiwix
|
||||
- kiwix
|
||||
- kjeld
|
||||
- kube
|
||||
- kubeconfig
|
||||
@@ -148,7 +149,7 @@ words:
|
||||
- meshroom
|
||||
- metallb
|
||||
- microbin
|
||||
- Midarr
|
||||
- midarr
|
||||
- middlewares
|
||||
- middlewaretcps
|
||||
- mikrotik
|
||||
@@ -156,7 +157,7 @@ words:
|
||||
- mimetypes
|
||||
- minecraft
|
||||
- minio
|
||||
- Misskey
|
||||
- misskey
|
||||
- modelstore
|
||||
- modports
|
||||
- mongosh
|
||||
@@ -176,11 +177,11 @@ words:
|
||||
- nodeports
|
||||
- nohardlinks
|
||||
- noisedash
|
||||
- Nordigen
|
||||
- nordigen
|
||||
- notebookbar
|
||||
- ODBC
|
||||
- OIDC
|
||||
- OOKLA
|
||||
- odbc
|
||||
- oidc
|
||||
- ookla
|
||||
- organizr
|
||||
- ornias
|
||||
- ovpn
|
||||
@@ -207,7 +208,7 @@ words:
|
||||
- putregexhere
|
||||
- pvcname
|
||||
- pvcpath
|
||||
- Pyspark
|
||||
- pyspark
|
||||
- qbitmanage
|
||||
- quotum
|
||||
- radarr
|
||||
@@ -226,12 +227,12 @@ words:
|
||||
- replacementurlhere
|
||||
- resolv
|
||||
- restreamer
|
||||
- Retrobot
|
||||
- retrobot
|
||||
- rtmp
|
||||
- rtmps
|
||||
- sabnzbd
|
||||
- schouten
|
||||
- Scipy
|
||||
- scipy
|
||||
- selfsigned
|
||||
- sendgrid
|
||||
- serpbear
|
||||
@@ -242,7 +243,7 @@ words:
|
||||
- sgateway
|
||||
- signup
|
||||
- smallblock
|
||||
- SNMP
|
||||
- snmp
|
||||
- somefile
|
||||
- somethingelse
|
||||
- sonarr
|
||||
@@ -255,7 +256,7 @@ words:
|
||||
- statefulset
|
||||
- staticdhcpleases
|
||||
- staticfiles
|
||||
- Statping
|
||||
- statping
|
||||
- steamcommunica
|
||||
- steammasterser
|
||||
- subchart
|
||||
@@ -274,10 +275,10 @@ words:
|
||||
- themenamehere
|
||||
- tlsoptions
|
||||
- tlsstores
|
||||
- TOTP
|
||||
- totp
|
||||
- traefik
|
||||
- traefikservices
|
||||
- Traggo
|
||||
- traggo
|
||||
- trakt
|
||||
- truecharts
|
||||
- truenas
|
||||
@@ -285,9 +286,9 @@ words:
|
||||
- umami
|
||||
- unet
|
||||
- unifi
|
||||
- Upsnap
|
||||
- UPSNAP
|
||||
- Upstreams
|
||||
- upsnap
|
||||
- upsnap
|
||||
- upstreams
|
||||
- userspace
|
||||
- vaapi
|
||||
- valheim
|
||||
@@ -306,6 +307,6 @@ words:
|
||||
- wger
|
||||
- whisparr
|
||||
- xsystems
|
||||
- Zabbix
|
||||
- zabbix
|
||||
- zerotier
|
||||
- zwavejs
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
- variable: envList
|
||||
label: Extra Environment Variables
|
||||
description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
|
||||
group: "General Settings"
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
description: Set the number of Replicas
|
||||
schema:
|
||||
type: int
|
||||
show_if: [["type", "!=", "Daemonset"]]
|
||||
show_if: [["type", "!=", "DaemonSet"]]
|
||||
default: 1
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
description: Set the number of Replicas
|
||||
schema:
|
||||
type: int
|
||||
show_if: [["type", "!=", "Daemonset"]]
|
||||
show_if: [["type", "!=", "DaemonSet"]]
|
||||
default: 2
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
description: Set the number of Replicas
|
||||
schema:
|
||||
type: int
|
||||
show_if: [["type", "!=", "Daemonset"]]
|
||||
show_if: [["type", "!=", "DaemonSet"]]
|
||||
default: 3
|
||||
|
||||
@@ -2,9 +2,9 @@
|
||||
label: Type (Advanced)
|
||||
schema:
|
||||
type: string
|
||||
default: Daemonset
|
||||
default: DaemonSet
|
||||
enum:
|
||||
- value: Deployment
|
||||
description: Deployment
|
||||
- value: Daemonset
|
||||
description: Daemonset
|
||||
- value: DaemonSet
|
||||
description: DaemonSet
|
||||
|
||||
@@ -6,5 +6,5 @@
|
||||
enum:
|
||||
- value: Deployment
|
||||
description: Deployment
|
||||
- value: Daemonset
|
||||
description: Daemonset
|
||||
- value: DaemonSet
|
||||
description: DaemonSet
|
||||
|
||||
Reference in New Issue
Block a user