fix: sdk_config using wrong client_id and client_secret keys

opentdf · Aug 15, 2024 · 70fa5e6 · 70fa5e6
1 parent a72e5ef
commit 70fa5e6
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 19 deletions.
diff --git a/charts/platform/README.md b/charts/platform/README.md
@@ -303,8 +303,8 @@ realms:
 | postgresql.tls.enabled | bool | `true` |  |
 | replicaCount | int | `1` | The number of Platform pods to run |
 | resources | object | `{}` | Resources to allocate to the container |
-| sdk_config.clientid | string | `""` | Oauth2 Client Id |
-| sdk_config.clientsecret | string | `""` | Oauth2 Client Secret |
+| sdk_config.client_id | string | `""` | Oauth2 Client Id |
+| sdk_config.client_secret | string | `""` | Oauth2 Client Secret |
 | sdk_config.endpoint | string | `""` | The core platform endpoint |
 | sdk_config.existingSecret | object | `{"key":"","name":""}` | Oauth2 Client Secret Kubernetes Secret |
 | sdk_config.existingSecret.key | string | `""` | The key in the secret containing the client secret |

diff --git a/charts/platform/templates/_helpers.tpl b/charts/platform/templates/_helpers.tpl
@@ -76,10 +76,10 @@ Create the name of the service account to use
 {{- end -}}
 
 {{- define "sdk_config.validate" -}}
-{{- if and ( .Values.sdk_config.clientsecret) ( .Values.sdk_config.existingSecret.name) ( .Values.sdk_config.existingSecret.key)}}
-{{- fail "You cannot set both clientsecret and existingSecret in sdk_config." }}
+{{- if and ( .Values.sdk_config.client_secret) ( .Values.sdk_config.existingSecret.name) ( .Values.sdk_config.existingSecret.key)}}
+{{- fail "You cannot set both client_secret and existingSecret in sdk_config." }}
 {{- end -}}
-{{- if and (not (or (contains "core" .Values.mode) (contains "all" .Values.mode))) (and (not .Values.sdk_config.clientsecret) (not .Values.sdk_config.existingSecret.name) (not .Values.sdk_config.existingSecret.key)) }}
+{{- if and (not (or (contains "core" .Values.mode) (contains "all" .Values.mode))) (and (not .Values.sdk_config.client_secret) (not .Values.sdk_config.existingSecret.name) (not .Values.sdk_config.existingSecret.key)) }}
 {{- fail "Mode does not contain 'core' or 'all'. You must configure the sdk_config" }}
 {{- end }}
 {{- end -}}

diff --git a/charts/platform/templates/config.yaml b/charts/platform/templates/config.yaml
@@ -17,9 +17,9 @@ data:
     sdk_config:
       endpoint: {{ .Values.sdk_config.endpoint | quote }}
       plaintext: {{ .Values.sdk_config.plaintext }}
-      clientid: {{ .Values.sdk_config.clientid | quote }}
-      {{- if .Values.sdk_config.clientsecret }}
-      clientsecret: {{ .Values.sdk_config.clientsecret | quote }}
+      client_id: {{ .Values.sdk_config.client_id | quote }}
+      {{- if .Values.sdk_config.client_secret }}
+      client_secret: {{ .Values.sdk_config.client_secret | quote }}
       {{- end }}
     services:
       {{- if or (contains .Values.mode "all") (contains .Values.mode "core") }}

diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml
@@ -288,9 +288,9 @@ sdk_config:
   # -- Plaintext Insecure Connection
   plaintext: false
   # -- Oauth2 Client Id
-  clientid: ""
+  client_id: ""
   # -- Oauth2 Client Secret
-  clientsecret: ""
+  client_secret: ""
   # -- Oauth2 Client Secret Kubernetes Secret
   existingSecret:
     # -- The kubernetes secret containing the client secret

diff --git a/tests/chart_platform_template_test.go b/tests/chart_platform_template_test.go
@@ -38,8 +38,8 @@ func (suite *PlatformChartTemplateSuite) TestBasicDeploymentTemplateRender() {
 	options := &helm.Options{
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 		SetValues: map[string]string{
-			"image.tag":               "latest",
-			"sdk_config.clientsecret": "test",
+			"image.tag":                "latest",
+			"sdk_config.client_secret": "test",
 		},
 	}
 
@@ -62,15 +62,32 @@ func (suite *PlatformChartTemplateSuite) Test_SDK_Config_Set_Client_Secret_AND_E
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 		SetValues: map[string]string{
 			"image.tag":                      "latest",
-			"sdk_config.clientsecret":        "test",
+			"sdk_config.client_secret":       "test",
 			"sdk_config.existingSecret.name": "test",
 			"sdk_config.existingSecret.key":  "test",
 		},
 	}
 
 	_, err := helm.RenderTemplateE(suite.T(), options, suite.chartPath, releaseName, []string{})
 	suite.Require().Error(err)
-	suite.Require().ErrorContains(err, "You cannot set both clientsecret and existingSecret in sdk_config.")
+	suite.Require().ErrorContains(err, "You cannot set both client_secret and existingSecret in sdk_config.")
+}
+
+func (suite *PlatformChartTemplateSuite) Test_Set_Mode_KAS_No_SDK_Config_Defined_Expect_Error() {
+	releaseName := "basic"
+
+	namespaceName := "opentdf-" + strings.ToLower(random.UniqueId())
+
+	options := &helm.Options{
+		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
+		SetValues: map[string]string{
+			"mode": "kas",
+		},
+	}
+
+	_, err := helm.RenderTemplateE(suite.T(), options, suite.chartPath, releaseName, []string{})
+	suite.Require().Error(err)
+	suite.Require().ErrorContains(err, "Mode does not contain 'core' or 'all'. You must configure the sdk_config")
 }
 
 func (suite *PlatformChartTemplateSuite) Test_Playground_Enabled_AND_Keycloak_Ing_Enabled_Trusted_Cert_Mounted() {
@@ -297,11 +314,11 @@ func (suite *PlatformChartTemplateSuite) Test_Mode_Kas_Expect_Volumes_Mounted()
 	options := &helm.Options{
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 		SetValues: map[string]string{
-			"image.tag":               "latest",
-			"mode":                    "kas",
-			"sdk_config.endpoint":     "http://localhost:8080",
-			"sdk_config.clientid":     "test",
-			"sdk_config.clientsecret": "test",
+			"image.tag":                "latest",
+			"mode":                     "kas",
+			"sdk_config.endpoint":      "http://localhost:8080",
+			"sdk_config.client_id":     "test",
+			"sdk_config.client_secret": "test",
 		},
 	}