app/matrix: make cas deployment configurable
This is an alternative to https://gerrit.hackerspace.pl/509 that was
reverted in https://gerrit.hackerspace.pl/541 .
This has already been deployed.
Change-Id: I7d54943c970804cac910e0e15201d1c3fa337489
diff --git a/app/matrix/lib/matrix.libsonnet b/app/matrix/lib/matrix.libsonnet
index 9887f58..4190941 100644
--- a/app/matrix/lib/matrix.libsonnet
+++ b/app/matrix/lib/matrix.libsonnet
@@ -54,6 +54,15 @@
cas: {
# whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
enable: false,
+ # generate client ID and secret in with your OAuth2 provider, refer to https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/
+ oauth2: {
+ clientID: error "cas.oauth2.clientID must be set",
+ clientSecret: error "cas.oauth2.clientSecret must be set",
+ scope: error "cas.oauth2.scope must be set",
+ authorizeURL: error "cas.oauth2.authorizeURL must be set",
+ tokenURL: error "cas.oauth2.tokenURL must be set",
+ userinfoURL: error "cas.oauth2.userinfoURL must be set",
+ },
},
},
@@ -138,8 +147,12 @@
env_: {
BASE_URL: "https://%s" % [cfg.webDomain],
SERVICE_URL: "https://%s" % [cfg.webDomain],
- OAUTH2_CLIENT: "matrix",
- OAUTH2_SECRET: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
+ OAUTH2_CLIENT: cfg.cas.oauth2.clientID,
+ OAUTH2_SECRET: cfg.cas.oauth2.clientSecret,
+ OAUTH2_SCOPE: cfg.cas.oauth2.scope,
+ OAUTH2_AUTHORIZE: cfg.cas.oauth2.authorizeURL,
+ OAUTH2_TOKEN: cfg.cas.oauth2.tokenURL,
+ OAUTH2_USERINFO: cfg.cas.oauth2.userinfoURL,
},
},
},