Skip to content

Added SAML settings for switcher-api chart #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
petruki merged 2 commits into from
Sep 15, 2025
Merged

Added SAML settings for switcher-api chart #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7b39a8a
Added SAML settings for switcher-api chart
petruki Sep 14, 2025
e04af1a
Added manager settings for SAML auth, fixed CM, secrets
petruki Sep 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/switcher-api/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@ maintainers:
url: https://github.com/petruki

type: application
version: 1.3.4
version: 1.3.5
appVersion: "latest"
23 changes: 23 additions & 0 deletions charts/switcher-api/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,15 @@ helm uninstall switcherapi --namespace switcherapi
| `api.env.switcherSlackJwtSecret` | Switcher Slack Secret | `` |
| `api.env.switcherGitOpsJwtSecret` | Switcher GitOps Secret | `` |
| `api.env.switcherGitOpsUrl` | Switcher GitOps URL | `` |
| `api.env.samlEntryPoint` | SAML Entry Point URL | `` |
| `api.env.samlIssuer` | SAML Issuer | `` |
| `api.env.samlCertificate` | SAML Certificate (Base64 encoded) | `` |
| `api.env.samlPrivateKey` | SAML Private Key (Base64 encoded) | `` |
| `api.env.samlSessionSecret` | SAML Session Secret (Base64 encoded) | `` |
| `api.env.samlCallbackEndpointUrl` | SAML Callback Endpoint URL | `` |
| `api.env.samlRedirectEndpointUrl` | SAML Redirect Endpoint URL | `` |
| `api.env.samlIdentifierFormat` | SAML Identifier Format | `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` |
| `api.env.samlAcceptedClockSkewMs` | SAML Accepted Clock Skew in ms | 5000 |

### Resolver API parameters

Expand Down Expand Up @@ -89,6 +98,8 @@ helm uninstall switcherapi --namespace switcherapi
| `management.env.switcherManagementUrl`| Management callback URL | `http://localhost:8080` |
| `management.env.switcherSlackUrl` | Switcher Slack App URL | `http://localhost:5000` |
| `management.env.allowHomeView` | Allow Home View | false |
| `management.env.allowInternalAuth` | Allow Internal Authentication (email/password) | true |
| `management.env.allowSamlAuth` | Allow SAML Authentication | false |
| `management.env.googleRecaptcha` | Google ReCaptcha Public Key | `` |
| `management.env.bitbucketClientId` | Bitbucket Client Id | `` |
| `management.env.githubClientId` | GitHub Client Id | `` |
Expand All @@ -108,4 +119,16 @@ helm install -f charts/switcher-api/values.yaml switcherapi ./charts/switcher-ap
--set api.env.sslSecretName="[CHANGE_ME]" \
--set management.env.switcherApiUrl="https://localhost:3000" \
--set management.env.switcherManagementUrl="https://localhost:8080"
```

SAML Enabled
```console
helm install -f charts/switcher-api/values.yaml switcherapi ./charts/switcher-api/ \
--namespace=switcherapi --create-namespace \
--set management.env.allowSamlAuth=true \
--set api.env.samlEntryPoint="https://<idp-url>" \
--set api.env.samlCertificate="[BASE64_ENCODED_CERTIFICATE]" \
--set api.env.samlSessionSecret="[BASE64_ENCODED_SESSION_SECRET]" \
--set api.env.samlCallbackEndpointUrl="http://localhost:3000" \
--set api.env.samlRedirectEndpointUrl="http://localhost:8080"
```
20 changes: 15 additions & 5 deletions charts/switcher-api/templates/api/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ data:
{{- if .Values.api.env.sslSecretName }}
SSL_CERT: "/etc/certs/tls.crt"
SSL_KEY: "/etc/certs/tls.key"
{{- end -}}
{{- end }}

# Global settings
SWITCHER_API_LOGGER: {{ .Values.api.env.switcherApiLogger | quote }}
Expand All @@ -25,12 +25,22 @@ data:
JWT_ADMIN_TOKEN_RENEW_INTERVAL: {{ default "5m" .Values.api.env.jwtAdminTokenRenewInterval | quote }}

# Auth Integration
{{- if and .Values.api.env.bitbucketClientId .Values.api.env.bitbucketClientSecret -}}
{{- if and .Values.api.env.bitbucketClientId .Values.api.env.bitbucketClientSecret }}
BITBUCKET_OAUTH_CLIENT_ID: {{ .Values.api.env.bitbucketClientId | quote }}
{{- end -}}
{{- if and .Values.api.env.githubClientId .Values.api.env.githubClientSecret -}}
{{- end }}
{{- if and .Values.api.env.githubClientId .Values.api.env.githubClientSecret }}
GIT_OAUTH_CLIENT_ID: {{ .Values.api.env.githubClientId | quote }}
{{- end -}}
{{- end }}

# SAML Integration
{{- if and .Values.api.env.samlEntryPoint .Values.api.env.samlCallbackEndpointUrl }}
SAML_ENTRY_POINT: {{ .Values.api.env.samlEntryPoint | quote }}
SAML_ISSUER: {{ .Values.api.env.samlIssuer | quote }}
SAML_CALLBACK_ENDPOINT_URL: {{ .Values.api.env.samlCallbackEndpointUrl | quote }}
SAML_REDIRECT_ENDPOINT_URL: {{ .Values.api.env.samlRedirectEndpointUrl | quote }}
SAML_IDENTIFIER_FORMAT: {{ .Values.api.env.samlIdentifierFormat | quote }}
SAML_ACCEPTED_CLOCK_SKEW_MS: {{ default 5000 .Values.api.env.samlAcceptedClockSkewMs | quote }}
{{- end }}

# Switcher GitOps
SWITCHER_GITOPS_URL: {{ .Values.api.env.switcherGitOpsUrl | quote }}
31 changes: 21 additions & 10 deletions charts/switcher-api/templates/api/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,20 +12,31 @@ data:
RESOURCE_SECRET: {{ default "admin" .Values.api.env.resourceSecret | b64enc | quote }}

# Auth Integration
{{- if and .Values.api.env.bitbucketClientId .Values.api.env.bitbucketClientSecret -}}
{{- if and .Values.api.env.bitbucketClientId .Values.api.env.bitbucketClientSecret }}
BITBUCKET_OAUTH_SECRET: {{ .Values.api.env.bitbucketClientSecret | b64enc | quote }}
{{- end -}}
{{- if and .Values.api.env.githubClientId .Values.api.env.githubClientSecret -}}
{{- end }}
{{- if and .Values.api.env.githubClientId .Values.api.env.githubClientSecret }}
GIT_OAUTH_SECRET: {{ .Values.api.env.githubClientSecret | b64enc | quote }}
{{- end -}}
{{- end }}

# Platform/Services Integration
{{- if .Values.api.env.googleRecaptchaSecret -}}
{{- if .Values.api.env.googleRecaptchaSecret }}
GOOGLE_RECAPTCHA_SECRET: {{ .Values.api.env.googleRecaptchaSecret | b64enc | quote }}
{{- end -}}
{{- if .Values.api.env.switcherSlackJwtSecret -}}
{{- end }}
{{- if .Values.api.env.switcherSlackJwtSecret }}
SWITCHER_SLACK_JWT_SECRET: {{ .Values.api.env.switcherSlackJwtSecret | b64enc | quote }}
{{- end -}}
{{- if .Values.api.env.switcherGitOpsJwtSecret -}}
{{- end }}
{{- if .Values.api.env.switcherGitOpsJwtSecret }}
SWITCHER_GITOPS_JWT_SECRET: {{ .Values.api.env.switcherGitOpsJwtSecret | b64enc | quote }}
{{- end -}}
{{- end }}

# SAML Integration
{{- if .Values.api.env.samlCertificate }}
SAML_CERT: {{ .Values.api.env.samlCertificate | b64enc | quote }}
{{- end }}
{{- if .Values.api.env.samlPrivateKey }}
SAML_PRIVATE_KEY: {{ .Values.api.env.samlPrivateKey | b64enc | quote }}
{{- end }}
{{- if .Values.api.env.samlSessionSecret }}
SESSION_SECRET: {{ .Values.api.env.samlSessionSecret | b64enc | quote }}
{{- end }}
2 changes: 2 additions & 0 deletions charts/switcher-api/templates/manager/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ metadata:
{{- include "switcher-management.labels" . | nindent 4 }}
data:
ALLOW_HOME_VIEW: {{ .Values.management.env.allowHomeView | quote }}
ALLOW_INTERNAL_AUTH: {{ .Values.management.env.allowInternalAuth | quote }}
ALLOW_SAML_AUTH: {{ .Values.management.env.allowSamlAuth | quote }}
SWITCHERAPI_URL: {{ .Values.management.env.switcherApiUrl }}
SM_IP: {{ .Values.management.env.switcherManagementUrl }}
GOOGLE_RECAPTCHA: {{ .Values.management.env.googleRecaptcha }}
Expand Down
2 changes: 1 addition & 1 deletion charts/switcher-api/templates/resolver/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ data:
{{- if .Values.resolver.env.sslSecretName }}
SSL_CERT: "/etc/certs/tls.crt"
SSL_KEY: "/etc/certs/tls.key"
{{- end -}}
{{- end }}

# Global settings
SWITCHER_API_LOGGER: {{ .Values.resolver.env.switcherApiLogger | quote }}
Expand Down
108 changes: 108 additions & 0 deletions charts/switcher-api/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,81 @@
"mongoUri": {
"type": "string"
},
"resourceSecret": {
"type": "string"
},
"permissionCacheActivated": {
"type": "boolean"
},
"metricsMaxPage": {
"type": "integer"
},
"strategyMaxOperation": {
"type": "integer"
},
"relayBypassHttps": {
"type": "boolean"
},
"relayBypassVerification": {
"type": "boolean"
},
"maxRequestPerMinute": {
"type": "integer"
},
"jwtAdminTokenRenewInterval": {
"type": "string"
},
"googleRecaptchaSecret": {
"type": "string"
},
"switcherSlackJwtSecret": {
"type": "string"
},
"switcherGitOpsJwtSecret": {
"type": "string"
},
"switcherGitOpsUrl": {
"type": "string"
},
"bitbucketClientId": {
"type": "string"
},
"bitbucketClientSecret": {
"type": "string"
},
"githubClientId": {
"type": "string"
},
"githubClientSecret": {
"type": "string"
},
"samlEntryPoint": {
"type": "string"
},
"samlIssuer": {
"type": "string"
},
"samlCallbackEndpointUrl": {
"type": "string"
},
"samlRedirectEndpointUrl": {
"type": "string"
},
"samlIdentifierFormat": {
"type": "string"
},
"samlAcceptedClockSkewMs": {
"type": "integer"
},
"samlCertificate": {
"type": "string"
},
"samlPrivateKey": {
"type": "string"
},
"samlSessionSecret": {
"type": "string"
},
"sslSecretName": {
"type": "string"
},
Expand Down Expand Up @@ -150,6 +222,12 @@
"allowHomeView": {
"type": "boolean"
},
"allowInternalAuth": {
"type": "boolean"
},
"allowSamlAuth": {
"type": "boolean"
},
"switcherApiUrl": {
"type": "string"
},
Expand All @@ -158,6 +236,15 @@
},
"switcherSlackUrl": {
"type": "string"
},
"googleRecaptcha": {
"type": "string"
},
"githubClientId": {
"type": "string"
},
"githubClientSecret": {
"type": "string"
}
}
},
Expand Down Expand Up @@ -269,11 +356,32 @@
"mongoUri": {
"type": "string"
},
"resourceSecret": {
"type": "string"
},
"sslSecretName": {
"type": "string"
},
"switcherApiLogger": {
"type": "boolean"
},
"relayBypassHttps": {
"type": "boolean"
},
"relayBypassVerification": {
"type": "boolean"
},
"regexMaxTimeout": {
"type": "integer"
},
"regexMaxBlacklist": {
"type": "integer"
},
"maxRequestPerMinute": {
"type": "integer"
},
"jwtClientTokenExpTime": {
"type": "string"
}
}
},
Expand Down
43 changes: 43 additions & 0 deletions charts/switcher-api/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,47 @@ api:
port: 3000

env:
# Main Configuration
mongoUri: mongodb://db-mongodb.switcherapi.svc.cluster.local:27017/switcher-api
resourceSecret: "admin"
switcherApiLogger: true
historyActivated: true
metricsActivated: true
permissionCacheActivated: true
googleSkipAuth: true
metricsMaxPage: 50
strategyMaxOperation: 100
relayBypassHttps: false
relayBypassVerification: false
maxRequestPerMinute: 1000
jwtAdminTokenRenewInterval: "5m"
switcherGitOpsUrl: ""

# Platform/Services Integration
googleRecaptchaSecret: ""
switcherSlackJwtSecret: ""
switcherGitOpsJwtSecret: ""

# Enable SSL (tls.crt and tls.key)
sslSecretName: ""

# GitHub/Bitbucket OAuth
bitbucketClientId: ""
bitbucketClientSecret: ""
githubClientId: ""
githubClientSecret: ""

# SAML Integration
samlEntryPoint: ""
samlIssuer: "switcher-api"
samlCallbackEndpointUrl: ""
samlRedirectEndpointUrl: ""
samlIdentifierFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
samlAcceptedClockSkewMs: 5000
samlCertificate: ""
samlPrivateKey: ""
samlSessionSecret: ""

image:
repository: trackerforce/switcher-api
pullPolicy: IfNotPresent
Expand Down Expand Up @@ -63,8 +94,15 @@ resolver:

env:
mongoUri: mongodb://db-mongodb.switcherapi.svc.cluster.local:27017/switcher-api
resourceSecret: "admin"
switcherApiLogger: true
metricsActivated: true
relayBypassHttps: false
relayBypassVerification: false
regexMaxTimeout: 3000
regexMaxBlacklist: 50
maxRequestPerMinute: 0
jwtClientTokenExpTime: "5m"

# Enable SSL (tls.crt and tls.key)
sslSecretName: ""
Expand Down Expand Up @@ -120,9 +158,14 @@ management:

env:
allowHomeView: false
allowInternalAuth: true
allowSamlAuth: false
switcherApiUrl: "http://localhost:3000"
switcherManagementUrl: "http://localhost:8080"
switcherSlackUrl: "http://localhost:5000"
googleRecaptcha: ""
githubClientId: ""
bitbucketClientId: ""

image:
repository: trackerforce/switcher-management
Expand Down