OAuth2 configuration options (#123)

I opened up the OAuth2 authentication option. I needed this feature, and it is available in the gitea cli. So I opened it up for configuration through this pull request.

Hope it can help others.

Co-authored-by: Marc Went <marc.went+git@redkubes.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/123
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Dunky13 <dunky13@noreply.gitea.io>
Co-committed-by: Dunky13 <dunky13@noreply.gitea.io>

README.md

@@ -288,6 +288,47 @@ kebab-case:
       bind-password: JustAnotherBindPw
       username-attribute: CN
 ```
+### OAuth2 Settings
+
+Like the admin user the OAuth2 settings can be updated but also disabled or deleted.
+All OAuth2 values from <https://docs.gitea.io/en-us/command-line/#admin> are available.
+You can either use them in camel case or kebab case.
+
+camelCase:
+
+```yaml
+  gitea:
+    oauth:
+      enabled: true
+      name: 'MyAwesomeGiteaOAuth'
+      provider: 'openidConnect'
+      key: 'hello'
+      secret: 'world'
+      autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration'
+      #useCustomUrls:
+      #customAuthUrl:
+      #customTokenUrl:
+      #customProfileUrl:
+      #customEmailUrl:
+```
+
+kebab-case:
+
+```yaml
+  gitea:
+    oauth:
+      enabled: true
+      name: 'MyAwesomeGiteaOAuth'
+      provider: 'openidConnect'
+      key: 'hello'
+      secret: 'world'
+      auto-discover-url: 'https://gitea.example.com/.well-known/openid-configuration'
+      #use-custom-urls:
+      #custom-auth-url:
+      #custom-token-url:
+      #custom-profile-url:
+      #custom-email-url:
+```
 
 ### Metrics and profiling
 

templates/_helpers.tpl

@@ -108,3 +108,11 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- end -}}
 {{- end -}}
+
+{{- define "gitea.oauth_settings" -}}
+{{- range $key, $val := .Values.gitea.oauth -}}
+{{- if ne $key "enabled" -}}
+{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}

templates/gitea/init.yaml

@@ -40,4 +40,14 @@ stringData:
       {{- include "gitea.ldap_settings" . | nindent 6 }} \
     ) \
     {{- end }}
+    {{- if .Values.gitea.oauth.enabled }}
+    gitea admin auth add-oauth \
+    {{- include "gitea.oauth_settings" . | nindent 6 }} \
+    || \
+    ( \
+      export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.oauth.name | quote }} | awk -F " "  "{print \$1}"); \
+      gitea admin auth update-oauth --id ${GITEA_AUTH_ID} \
+      {{- include "gitea.oauth_settings" . | nindent 6 }} \
+    ) \
+    {{- end }}
     '

templates/gitea/statefulset.yaml

@@ -15,6 +15,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
         checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }}
+        checksum/oauth: {{ include "gitea.oauth_settings" . | sha256sum }}
         {{- with .Values.gitea.podAnnotations }}
         {{- toYaml . | nindent 8 }}
         {{- end }}

values.yaml

@@ -131,6 +131,19 @@ gitea:
     #usernameAttribute: 
     #sshPublicKeyAttribute:
 
+  oauth:
+    enabled: false
+    #name:
+    #provider:
+    #key: 
+    #secret: 
+    #autoDiscoverUrl:
+    #useCustomUrls:
+    #customAuthUrl:
+    #customTokenUrl:
+    #customProfileUrl:
+    #customEmailUrl:
+
   config: {}
   #  APP_NAME: "Gitea: Git with a cup of tea"
   #  RUN_MODE: dev