-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: (WIP) getting through Guilhem's comments
Signed-off-by: Léo-Paul HAUET <[email protected]>
- Loading branch information
1 parent
2ba55a2
commit ddf5ba8
Showing
10 changed files
with
38 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,7 +12,6 @@ organizationName: owkin | |
## | ||
DataSampleStorageInServerMedia: false | ||
|
||
|
||
privateCa: | ||
## @param privateCa.enabled Run the init container injecting the private CA certificate | ||
## | ||
|
@@ -427,7 +426,6 @@ schedulerWorker: | |
runAsGroup: 1001 | ||
fsGroup: 1001 | ||
|
||
|
||
## @section Celery task scheduler settings | ||
scheduler: | ||
## @param scheduler.enabled Enable scheduler service | ||
|
@@ -654,7 +652,7 @@ addAccountOperator: | |
## @descriptionStart Uses the authorization code flow. | ||
## | ||
## By default, `oidc.users.useRefreshToken` is enabled. This makes sure the user still has an account at the identity provider, without damaging user experience. | ||
## | ||
## | ||
## The way it works is that a OIDC user that spent more than `oidc.users.loginValidityDuration` since their last login must undergo a refresh to keep using their access tokens -- but these refreshes are done in the background if `oidc.users.useRefreshToken` is enabled (otherwise a new manual authorization is necessary). The identity provider must support `offline_access` and configuration discovery. | ||
## | ||
## With this option active, you can set `oidc.users.loginValidityDuration` to low values (minutes). | ||
|
@@ -666,10 +664,10 @@ oidc: | |
## @param oidc.enabled Whether to enable OIDC authentication | ||
## | ||
enabled: false | ||
|
||
## @param oidc.clientSecretName The name of a secret containing the keys `OIDC_RP_CLIENT_ID` and `OIDC_RP_CLIENT_SECRET` (client ID and secret, typically issued by the provider) | ||
clientSecretName: null | ||
|
||
provider: | ||
## @param oidc.provider.url The identity provider URL (with scheme). | ||
url: null | ||
|
@@ -683,10 +681,10 @@ oidc: | |
token: null | ||
## @param oidc.provider.endpoints.user Typically https://provider/me | ||
user: null | ||
|
||
## @param oidc.provider.jwksUri Typically https://provider/jwks. Only required for public-key-based signing algorithms. If not given, read from `/.well-known/openid-configuration` at startup. | ||
jwksUri: null | ||
|
||
## @param oidc.signAlgo Either RS256 or HS256 | ||
signAlgo: RS256 | ||
users: | ||
|
@@ -696,6 +694,8 @@ oidc: | |
loginValidityDuration: 3600 | ||
## @param oidc.users.channel The channel to assign OIDC users to (mandatory) | ||
channel: null | ||
## @param oidc.users.requireApproval Is not compatible with default channel | ||
requireApproval: false | ||
## @param oidc.users.appendDomain As usernames are assigned based on e-mail address, whether to suffix user names with the email domain ([email protected] would then be `john-doe-example`) | ||
appendDomain: false | ||
|
||
|
@@ -708,17 +708,16 @@ database: | |
username: &psql-username postgres | ||
## @param database.auth.password what password to use for connecting | ||
password: &psql-password postgres | ||
|
||
## @param database.auth.credentialsSecretName An alternative to giving username and password; must have `DATABASE_USERNAME` and `DATABASE_PASSWORD` keys. | ||
## | ||
credentialsSecretName: null | ||
|
||
## @param database.host Hostname of the database to connect to (defaults to local) | ||
host: null | ||
## @param database.port Port of an external database to connect to | ||
port: 5432 | ||
|
||
|
||
## @section PostgreSQL settings | ||
## @descriptionStart | ||
## Database included as a subchart used by default. | ||
|