From f7f38a191f77ac127e5b1c00457738fd62bdb7c1 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Tue, 30 Apr 2024 12:57:13 -0600
Subject: [PATCH 1/6] chore: fix sso being disabled

---
 bundle/uds-config.yaml                 |  1 +
 chart/templates/gitlab-sso-secret.yaml | 14 ++++++++++++++
 chart/templates/uds-package.yaml       |  4 ++--
 chart/values.yaml                      |  4 +++-
 values/common-values.yaml              |  2 +-
 zarf.yaml                              |  4 ++++
 6 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 chart/templates/gitlab-sso-secret.yaml

diff --git a/bundle/uds-config.yaml b/bundle/uds-config.yaml
index b484aea5..504543be 100644
--- a/bundle/uds-config.yaml
+++ b/bundle/uds-config.yaml
@@ -32,6 +32,7 @@ variables:
     gitlab_db_endpoint: "pg-cluster.postgres.svc.cluster.local"
     DISABLE_REGISTRY_REDIRECT: "true"
     GITLAB_PAGES_ENABLED: true
+    GITLAB_SSO_ENABLED: false
     # # Overrides for scaled down cluster for local dev and CI
     webservice_replicas: 1
     webservice_resources:
diff --git a/chart/templates/gitlab-sso-secret.yaml b/chart/templates/gitlab-sso-secret.yaml
new file mode 100644
index 00000000..7f9de83d
--- /dev/null
+++ b/chart/templates/gitlab-sso-secret.yaml
@@ -0,0 +1,14 @@
+# This secret will be used if sso is disabled, instead of the templated one in uds-package.yaml. 
+# Sonarqube needs to mount the secret and creating it this way avoids creating an unnecessary 
+# client in the keycloak realm and unnecessary secret data in the cluster.
+{{- if not .Values.sso.enabled }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.sso.secretName }}
+  namespace:  {{ .Release.Namespace }}
+type: "Opaque"
+stringData:
+  providers: "{}"
+{{- end }}
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index b9b535b0..1091699a 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -4,13 +4,13 @@ metadata:
   name: gitlab
   namespace: {{ .Release.Namespace }}
 spec:
-  {{- if .Values.sso }}
+  {{- if .Values.sso.enabled }}
   sso:
     - name: Gitlab SSO
       clientId: uds-core-gitlab
       redirectUris:
         - "https://gitlab.{{ .Values.domain }}/users/auth/openid_connect/callback"
-      secretName: gitlab-sso-provider-json
+      secretName: {{ .Values.sso.secretName }}
       secretTemplate:
         # GitLab expects a providers JSON file that is documented more here: https://gitlab-org.gitlab.io/technical-writing-group/gitlab-docs-hugo/administration/auth/oidc/
         # Note: the `authorization_endpoint`, `issuer`, and `userinfo_endpoint` must be the external URL
diff --git a/chart/values.yaml b/chart/values.yaml
index 1fb42f80..f8eb2b87 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1,5 +1,7 @@
 domain: "###ZARF_VAR_DOMAIN###"
-sso: true
+sso:
+  enabled: true
+  secretName: "###ZARF_CONST_GITLAB_SSO_SECRET_NAME###"
 storage:
   # Set to false to use external storage
   internal: true
diff --git a/values/common-values.yaml b/values/common-values.yaml
index 5c267aa7..4fc5512f 100644
--- a/values/common-values.yaml
+++ b/values/common-values.yaml
@@ -78,7 +78,7 @@ global:
       syncProfileAttributes: ['email']
       syncProfileFromProvider: []
       providers:
-        - secret: gitlab-sso-provider-json
+        - secret: ###ZARF_CONST_GITLAB_SSO_SECRET_NAME###
           key: providers
     initialDefaults:
       signupEnabled: ###ZARF_VAR_GITLAB_SIGNUP_ENABLED###
diff --git a/zarf.yaml b/zarf.yaml
index b249dca4..e30cc4d8 100644
--- a/zarf.yaml
+++ b/zarf.yaml
@@ -7,6 +7,10 @@ metadata:
   version: "16.10.2-uds.0"
   # x-release-please-end
 
+constants:
+  - name: GITLAB_SSO_SECRET_NAME
+    value: gitlab-sso
+
 variables:
   - name: DOMAIN
     default: "uds.dev"

From b08f0bd0915bcdc36434ffbf8cfde71e287508bb Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Tue, 30 Apr 2024 12:59:11 -0600
Subject: [PATCH 2/6] fix values

---
 bundle/uds-bundle.yaml | 2 +-
 bundle/uds-config.yaml | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml
index 6c96bd3f..687b64af 100644
--- a/bundle/uds-bundle.yaml
+++ b/bundle/uds-bundle.yaml
@@ -45,7 +45,7 @@ packages:
           variables:
             - name: GITLAB_SSO_ENABLED
               description: "Boolean to enable or disable sso things"
-              path: "sso"
+              path: "sso.enabled"
         gitlab:
           variables:
             - name: GITLAB_SSO_ENABLED
diff --git a/bundle/uds-config.yaml b/bundle/uds-config.yaml
index 504543be..b484aea5 100644
--- a/bundle/uds-config.yaml
+++ b/bundle/uds-config.yaml
@@ -32,7 +32,6 @@ variables:
     gitlab_db_endpoint: "pg-cluster.postgres.svc.cluster.local"
     DISABLE_REGISTRY_REDIRECT: "true"
     GITLAB_PAGES_ENABLED: true
-    GITLAB_SSO_ENABLED: false
     # # Overrides for scaled down cluster for local dev and CI
     webservice_replicas: 1
     webservice_resources:

From d6baa11e6f0654b0feee4ecdbcde76d169cc5505 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Tue, 30 Apr 2024 13:29:14 -0600
Subject: [PATCH 3/6] add dummy secret

---
 chart/templates/gitlab-sso-secret.yaml | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/chart/templates/gitlab-sso-secret.yaml b/chart/templates/gitlab-sso-secret.yaml
index 7f9de83d..f28a2c2f 100644
--- a/chart/templates/gitlab-sso-secret.yaml
+++ b/chart/templates/gitlab-sso-secret.yaml
@@ -10,5 +10,27 @@ metadata:
   namespace:  {{ .Release.Namespace }}
 type: "Opaque"
 stringData:
-  providers: "{}"
+  providers: |
+    {
+      "name": "openid_connect",
+      "label": "Dummy SSO",
+      "args": {
+        "name": "openid_connect",
+        "scope": [
+          "openid",
+          "profile"
+        ],
+        "response_type": "code",
+        "issuer": "https://sso.{{ .Values.domain }}/realms/uds",
+        "client_auth_method": "query",
+        "discovery": true,
+        "uid_field": "preferred_username",
+        "client_options": {
+          "identifier": "dummy_identifier",
+          "secret": "dummy_secret",
+          "redirect_uri": "https://dummy_redirect_uri.com",
+          "end_session_endpoint": "https://dummy_end_session_endpoint.com"
+        }
+      }
+    }
 {{- end }}

From 3a32f931daaf66a93af9d8bff790f2c7e8a2a87f Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Tue, 30 Apr 2024 13:48:15 -0600
Subject: [PATCH 4/6] change to swf client

---
 chart/templates/uds-package.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index 1091699a..00da64fa 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -7,7 +7,7 @@ spec:
   {{- if .Values.sso.enabled }}
   sso:
     - name: Gitlab SSO
-      clientId: uds-core-gitlab
+      clientId: uds-swf-gitlab
       redirectUris:
         - "https://gitlab.{{ .Values.domain }}/users/auth/openid_connect/callback"
       secretName: {{ .Values.sso.secretName }}

From e361717b33af20246bbaeb0aa47c9dec66a4f87d Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Tue, 30 Apr 2024 13:55:07 -0600
Subject: [PATCH 5/6] Change the default secret name

---
 chart/values.yaml         | 2 +-
 values/common-values.yaml | 2 +-
 zarf.yaml                 | 4 ----
 3 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/chart/values.yaml b/chart/values.yaml
index f8eb2b87..ad587a63 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1,7 +1,7 @@
 domain: "###ZARF_VAR_DOMAIN###"
 sso:
   enabled: true
-  secretName: "###ZARF_CONST_GITLAB_SSO_SECRET_NAME###"
+  secretName: gitlab-sso
 storage:
   # Set to false to use external storage
   internal: true
diff --git a/values/common-values.yaml b/values/common-values.yaml
index 4fc5512f..d120678a 100644
--- a/values/common-values.yaml
+++ b/values/common-values.yaml
@@ -78,7 +78,7 @@ global:
       syncProfileAttributes: ['email']
       syncProfileFromProvider: []
       providers:
-        - secret: ###ZARF_CONST_GITLAB_SSO_SECRET_NAME###
+        - secret: gitlab-sso
           key: providers
     initialDefaults:
       signupEnabled: ###ZARF_VAR_GITLAB_SIGNUP_ENABLED###
diff --git a/zarf.yaml b/zarf.yaml
index 1ac02c67..72839edd 100644
--- a/zarf.yaml
+++ b/zarf.yaml
@@ -7,10 +7,6 @@ metadata:
   version: "16.10.2-uds.0"
   # x-release-please-end
 
-constants:
-  - name: GITLAB_SSO_SECRET_NAME
-    value: gitlab-sso
-
 variables:
   - name: DOMAIN
     default: "uds.dev"

From c544ed5a1def24c8fd796b4788f7b672fd60764f Mon Sep 17 00:00:00 2001
From: Wayne Starr <Racer159@users.noreply.github.com>
Date: Tue, 30 Apr 2024 13:57:51 -0600
Subject: [PATCH 6/6] Update chart/templates/gitlab-sso-secret.yaml

Co-authored-by: Eric Wyles <23637493+ericwyles@users.noreply.github.com>
---
 chart/templates/gitlab-sso-secret.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chart/templates/gitlab-sso-secret.yaml b/chart/templates/gitlab-sso-secret.yaml
index f28a2c2f..ffec117b 100644
--- a/chart/templates/gitlab-sso-secret.yaml
+++ b/chart/templates/gitlab-sso-secret.yaml
@@ -1,5 +1,5 @@
 # This secret will be used if sso is disabled, instead of the templated one in uds-package.yaml. 
-# Sonarqube needs to mount the secret and creating it this way avoids creating an unnecessary 
+# GitLab needs to mount the secret and creating it this way avoids creating an unnecessary 
 # client in the keycloak realm and unnecessary secret data in the cluster.
 {{- if not .Values.sso.enabled }}