Merge pull request #156 from neicnordic/feature/update-auth-svc

Feature/update auth svc
neicnordic · May 10, 2023 · 903279b · 903279b
2 parents 60ab487 + b5bfbde
commit 903279b
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/charts/sda-svc/README.md b/charts/sda-svc/README.md
@@ -76,6 +76,9 @@ Parameter | Description | Default
 `global.auth.jwtKey` | Private key used to sign the JWT. |`""`
 `global.auth.jwtPub` | Public key ues to verify the JWT. |`""`
 `global.auth.useTLS` | Run a TLS secured server. |`true`
+`global.auth.corsOrigins` | Domain name allowed for cross-domain requests. |`""`
+`global.auth.corsMethods` | Allowed cross-domain request methods. |`""`
+`global.auth.corsCreds` | Include credentials in cross-domain requests. |`false`
 `global.broker.host` | Domain name or IP address to the message broker. |`""`
 `global.broker.exchange` | Exchange to publish messages to. |`""`
 `global.broker.port` | Port for the message broker. |`5671`

diff --git a/charts/sda-svc/templates/auth-deploy.yaml b/charts/sda-svc/templates/auth-deploy.yaml
@@ -107,6 +107,16 @@ spec:
           value: "{{ .Values.global.elixir.provider }}"
         - name: ELIXIR_SCOPE
           value: "ga4gh_passport_v1"
+        - name: ELIXIR_JWKPATH
+          value: {{ .Values.global.elixir.jwkPath | quote }}
+        {{- if .Values.global.auth.corsOrigins }}
+        - name: CORS_ORIGINS
+          value: {{ .Values.global.auth.corsOrigins | quote }}
+        - name: CORS_METHODS
+          value: {{ .Values.global.auth.corsMethods | quote }}
+        - name: CORS_CREDENTIALS
+          value: {{ .Values.global.auth.corsCreds | quote }}
+        {{- end }}
         {{- if or ( eq "federated" .Values.global.schemaType) ( eq "" .Values.global.schemaType) }}
         - name: CEGA_AUTHURL
           value: {{ .Values.global.cega.host | quote }}

diff --git a/charts/sda-svc/values.yaml b/charts/sda-svc/values.yaml
@@ -137,9 +137,9 @@ global:
     copyHeader: false
 
   auth:
-    # @param elixirID, client ID to the Elixir OIDC for the service endpoint 
+    # @param elixirID, client ID to the Elixir OIDC for the service endpoint
     elixirID:
-    # @param elixirSecret, client secret to the Elixir OIDC for the service endpoint 
+    # @param elixirSecret, client secret to the Elixir OIDC for the service endpoint
     elixirSecret:
     # @param jwtSecret, name of the secret holding the jwt signing key
     jwtSecret:
@@ -149,6 +149,12 @@ global:
     jwtKey:
     # @param jwtPub, name of the public signing key
     jwtPub:
+    # @param corsOrigins, domain name of allowed origin for cross-domain requests
+    corsOrigins: ""
+    # @param corsMethods, allowed methods for cross-domain requests
+    corsMethods: ""
+    # @param corsCreds, allow credentials in the request, cors is disabled if false
+    corsCreds: false
 
   broker:
     durable: true
@@ -164,7 +170,7 @@ global:
     vhost: "/"
 
   cega:
-    ## @param host, URI to CEGA NSS server users endpoint 
+    ## @param host, URI to CEGA NSS server users endpoint
     host: ""
     ## @param user, usernamen for accessing the CEGA NSS host
     user: ""
@@ -258,7 +264,7 @@ credentials:
   doa:
     dbUser: ""
     dbPassword: ""
-  
+
   download:
     dbUser: ""
     dbPassword: ""