feat(directus): add oidc (#641)

* feat: onboard directus

* fix: fix pr review

* feat: add postgres as backend using postgres-operator

* feat(directus): add oidc

Author: walkoss

directus/helm/directus/Chart.yaml

@@ -3,7 +3,7 @@ name: directus
 description: helm chart for directus
 type: application
 version: 0.1.0
-appVersion: 9.25.0
+appVersion: 9.25.1
 dependencies:
   - name: postgres
     version: 0.1.16

directus/helm/directus/templates/deployment.yaml

@@ -53,6 +53,23 @@ spec:
                 secretKeyRef:
                   name: {{ include "directus-plural.secretName" . }}
                   key: secret
+            {{- if .Values.directus.oidc.enabled }}
+            - name: AUTH_PLURAL_ISSUER_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "directus-plural.secretName" . }}
+                  key: oidc-issuer
+            - name: AUTH_PLURAL_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "directus-plural.secretName" . }}
+                  key: oidc-client-id
+            - name: AUTH_PLURAL_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "directus-plural.secretName" . }}
+                  key: oidc-client-secret
+            {{- end }}
           ports:
             - name: http
               containerPort: 8055

directus/helm/directus/templates/secret.yaml

@@ -7,3 +7,8 @@ metadata:
 stringData:
   key: {{ .Values.directus.key }}
   secret: {{ .Values.directus.secret }}
+  {{- if .Values.directus.oidc.enabled }}}
+  oidc-issuer: {{ .Values.directus.oidc.issuer }}
+  oidc-client-id: {{ .Values.directus.oidc.clientId }}
+  oidc-client-secret: {{ .Values.directus.oidc.clientSecret }}
+  {{- end }}

directus/helm/directus/values.yaml.tpl

@@ -18,10 +18,23 @@ postgres:
 
 env:
   PUBLIC_URL: https://{{ $hostname }}
+  {{ if .OIDC }}
+  AUTH_PROVIDERS: plural
+  AUTH_PLURAL_DRIVER: openid
+  AUTH_PLURAL_SCOPE: openid profile
+  AUTH_PLURAL_ALLOW_PUBLIC_REGISTRATION: true
+  {{ end }}
 
 directus:
   key: {{ $key }}
   secret: {{ $secret }}
+  {{ if .OIDC }}
+  oidc:
+    enabled: true
+    clientId: {{ .OIDC.ClientId }}
+    clientSecret: {{ .OIDC.ClientSecret }}
+    issuer: {{ .OIDC.Configuration.Issuer }}
+  {{ end }}
 
 ingress:
   enabled: true

directus/plural/notes.tpl

@@ -1 +1,8 @@
 Your directus installation is available at https://{{ .Values.hostname }}
+
+{{ if .OIDC }}
+Your directus has been configured with OAuth against your plural account!
+{{ else }}
+You are using standard username/password authentication, so user management will be manual via the ADMIN_EMAIL and ADMIN_PASSWORD environment variables.
+We strongly recommend that you consider installing with OIDC enabled.
+{{ end }}

directus/plural/recipes/directus-aws.yaml

@@ -6,6 +6,10 @@ dependencies:
   name: aws-k8s
 - repo: ingress-nginx
   name: ingress-nginx-aws
+oidcSettings:
+  authMethod: POST
+  uriFormat: https://{domain}/auth/login/plural/callback
+  domainKey: hostname
 sections:
 - name: directus
   configuration:

directus/plural/recipes/directus-azure.yaml

@@ -6,6 +6,10 @@ dependencies:
   name: azure-k8s
 - repo: ingress-nginx
   name: ingress-nginx-azure
+oidcSettings:
+  authMethod: POST
+  uriFormat: https://{domain}/auth/login/plural/callback
+  domainKey: hostname
 sections:
 - name: directus
   configuration:

directus/plural/recipes/directus-gcp.yaml

@@ -6,6 +6,10 @@ dependencies:
   name: gcp-k8s
 - repo: ingress-nginx
   name: ingress-nginx-gcp
+oidcSettings:
+  authMethod: POST
+  uriFormat: https://{domain}/auth/login/plural/callback
+  domainKey: hostname
 sections:
 - name: directus
   configuration:

directus/repository.yaml

@@ -1,9 +1,14 @@
 name: directus
-description: directus deployed on plural
+description: The Modern Data Stack 🐰 — Directus is an instant REST+GraphQL API and intuitive no-code data collaboration app for any SQL database.
 category: DATA
 private: true
 releaseStatus: ALPHA
 icon: plural/icons/directus-logo-stacked.png
 notes: plural/notes.tpl
+homepage: https://directus.io/engine
+gitUrl: https://github.com/directus/directus
+oauthSettings:
+  uriFormat: https://{domain}/auth/login/plural/callback
+  authMethod: POST
 contributors:
 - [email protected]

directus/vendor_images.yaml

@@ -1,4 +1,4 @@
 docker.io:
   images:
     directus/directus:
-    - "9.25.0"
+    - "9.25.1"