From 336141f508e3d465760deb835d88e0446bf8063d Mon Sep 17 00:00:00 2001
From: ddl-ebrown <ethan.brown@dominodatalab.com>
Date: Thu, 11 Jul 2024 20:51:17 -0700
Subject: [PATCH] Formalize oidc_client_secret in flyte-admin-secrets

 - When setting up integrations with an IdP like Keycloak, the
   oidc_client_secret must also be set in flyte-admin-secrets.

   Formalize that and make it more discoverable

Signed-off-by: ddl-ebrown <ethan.brown@dominodatalab.com>
---
 charts/flyte-core/templates/admin/secret.yaml          | 4 ++++
 deployment/eks/flyte_aws_scheduler_helm_generated.yaml | 1 +
 deployment/eks/flyte_helm_controlplane_generated.yaml  | 1 +
 deployment/eks/flyte_helm_generated.yaml               | 1 +
 deployment/gcp/flyte_helm_controlplane_generated.yaml  | 1 +
 deployment/gcp/flyte_helm_generated.yaml               | 1 +
 6 files changed, 9 insertions(+)

diff --git a/charts/flyte-core/templates/admin/secret.yaml b/charts/flyte-core/templates/admin/secret.yaml
index 2b3ca07885c..316a9aea0aa 100644
--- a/charts/flyte-core/templates/admin/secret.yaml
+++ b/charts/flyte-core/templates/admin/secret.yaml
@@ -13,6 +13,7 @@ data:
   cookie_hash_key: {{ index $secret.data "cookie_hash_key" }}
   cookie_block_key: {{ index $secret.data "cookie_block_key" }}
   claim_symmetric_key: {{ index $secret.data "claim_symmetric_key" }}
+  oidc_client_secret: {{ index $secret.data "oidc_client_secret" }}
 {{- else }}
   token_rsa_key.pem: |
     {{ genPrivateKey "rsa" | b64enc }}
@@ -22,6 +23,9 @@ stringData:
   cookie_hash_key: {{ randAlphaNum 64 | b64enc | quote }}
   cookie_block_key: {{ randAlphaNum 32 | b64enc | quote }}
   claim_symmetric_key: {{ randAlphaNum 32 | b64enc | quote }}
+{{- if .Values.secrets.adminOauthClientCredentials.enabled }}
+  oidc_client_secret: {{ .Values.secrets.adminOauthClientCredentials.clientSecret }}
+{{- end }}
 {{- end }}
 {{- with .Values.flyteadmin.secrets -}}
 {{ tpl (toYaml .) $ | nindent 2 }}
diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
index 35f1f2d53e0..5313370241b 100644
--- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
+++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml
@@ -63,6 +63,7 @@ stringData:
   cookie_hash_key: "QkszemVLWGdFU3h5UlhVS0JuU0oyWUNHcUNUdnhwQ2w2RTJsQktaR3gwcFg3MldNMGY0eFE0Z2VWS0t0bHp2QQ=="
   cookie_block_key: "TVhSV3dVZjZlYkduQWtWWlFVZENkcE13bWpqYnk3NE8="
   claim_symmetric_key: "RkptQ1dJODJvTGk0NGphb1ZSVWRpb1RZbEFaWHBIZTQ="
+  oidc_client_secret: foobar
 ---
 # Source: flyte-core/templates/common/secret-auth.yaml
 apiVersion: v1
diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml
index d898ef1b66d..77aaf21d04e 100644
--- a/deployment/eks/flyte_helm_controlplane_generated.yaml
+++ b/deployment/eks/flyte_helm_controlplane_generated.yaml
@@ -53,6 +53,7 @@ stringData:
   cookie_hash_key: "VlY3UEcxNFY2SFFLeUpucUdxSnRSNFJUbnpyOVNnaXZjOEZnMHF4NU4zaDFBaDhPT3FhMU9BaHREU05UWExhRw=="
   cookie_block_key: "WXk3WDFQb2w2MFhTRjdCa3ZsTDNqVlNjTDBmOFN3aVY="
   claim_symmetric_key: "cEVhdGFUNzRMOVFlZnBScVlDOVJ6SVBoZXE4dEpPRDg="
+  oidc_client_secret: foobar
 ---
 # Source: flyte-core/templates/common/secret-auth.yaml
 apiVersion: v1
diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml
index 023662ae54f..0de858d44e9 100644
--- a/deployment/eks/flyte_helm_generated.yaml
+++ b/deployment/eks/flyte_helm_generated.yaml
@@ -75,6 +75,7 @@ stringData:
   cookie_hash_key: "SmVNNUxQb0NmbG40VDFnTlF2TmtuRTBMNHJHNG9qRG5UNmQ5aGRqdGRoZ05GWE5uZUViS2trVm5IT2k3OGRRNA=="
   cookie_block_key: "bnB5NlBudHFleHB1WUx2SWRDd1RYR09IY1BpaUxVZUo="
   claim_symmetric_key: "WUlJN0NyRmhaaFpGQVVUZXc3bnRSTTJoS1hnTVMzMUU="
+  oidc_client_secret: foobar
 ---
 # Source: flyte-core/templates/common/secret-auth.yaml
 apiVersion: v1
diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml
index 65b20fe81ea..143321b5a6d 100644
--- a/deployment/gcp/flyte_helm_controlplane_generated.yaml
+++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml
@@ -53,6 +53,7 @@ stringData:
   cookie_hash_key: "YUZoeEtEcGJsZUs3SkVzaWxIM1U4dEZ0bUIyV1I2cVpQbThBcHJaQVloSlJySGQ4bkpGVk54RGhPQ0Jzc085eA=="
   cookie_block_key: "SXFrNnhZRzBodklheWxHM1lDd3VhbkdqcjRmdjFkSUo="
   claim_symmetric_key: "U3ZWSjRhTVk5RFhXb0VnRGFJQXNqbzZKWDY3aWp5b2I="
+  oidc_client_secret: foobar
 ---
 # Source: flyte-core/templates/common/secret-auth.yaml
 apiVersion: v1
diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml
index 701f3ebaf24..f229a3aeab6 100644
--- a/deployment/gcp/flyte_helm_generated.yaml
+++ b/deployment/gcp/flyte_helm_generated.yaml
@@ -75,6 +75,7 @@ stringData:
   cookie_hash_key: "Q0FnZkdlcHhGYUlTbkxYTGtSazk5ZDRjb1ByeGQ4YmdiWHhQM2lTZEc0M0ZRbGVFRUJCNmk1WUFUdEU3SXpZUQ=="
   cookie_block_key: "RHhtQkhTcmRUZGh6bjZMcWZuZTlNaGdWcTZiWGR4TkY="
   claim_symmetric_key: "d0VFNU1wZ2Uyc1FvcTNDbXd4ZHJsSmtYVmE2SGd6M0s="
+  oidc_client_secret: foobar
 ---
 # Source: flyte-core/templates/common/secret-auth.yaml
 apiVersion: v1