diff --git a/charts/stable/mealie/Chart.yaml b/charts/stable/mealie/Chart.yaml index 988e5809eb4..06bd9ab8c0c 100644 --- a/charts/stable/mealie/Chart.yaml +++ b/charts/stable/mealie/Chart.yaml @@ -33,4 +33,4 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/stable/mealie - https://ghcr.io/mealie-recipes/mealie type: application -version: 21.10.4 +version: 21.11.0 diff --git a/charts/stable/mealie/questions.yaml b/charts/stable/mealie/questions.yaml index bbc0f409de9..c51408352a1 100644 --- a/charts/stable/mealie/questions.yaml +++ b/charts/stable/mealie/questions.yaml @@ -365,6 +365,68 @@ questions: schema: type: string default: mail + - variable: oidc + label: OIDC + schema: + additional_attrs: true + type: dict + attrs: + - variable: auth_enabled + label: Auth Enabled + description: Enables authentication via OpenID Connect in addition to built-in Mealie auth + schema: + type: boolean + default: false + - variable: signup_enabled + label: Signup Enabled + description: Enables new users to be created when signing in for the first time with OIDC + schema: + type: boolean + default: false + - variable: configuration_url + label: Configuration URL + description: The URL to the OIDC configuration of your provider. + schema: + type: string + default: "https://auth.example.com/.well-known/openid-configuration" + required: true + - variable: client_id + label: Client Id + description: The client id of your configured client in your provider + schema: + type: string + default: "mealie" + required: true + - variable: user_group + label: User Group + description: If specified, only users belonging to this group will be able to successfully authenticate, regardless of the OIDC_ADMIN_GROUP + schema: + type: string + default: "" + - variable: admin_group + label: Admin Group + description: If specified, users belonging to this group will be made an admin. + schema: + type: string + default: "" + - variable: auto_redirect + label: Auto Redirect + description: If True, then the login page will be bypassed an you will be sent directly to your Identity Provider. You can still get to the login page by adding ?direct=1 to the login URL + schema: + type: boolean + default: false + - variable: provider_name + label: Provider Name + description: The provider name is shown in SSO login button. "Login with " + schema: + type: string + default: "OAuth" + - variable: remember_me + label: Remember Me + description: Because redirects bypass the login screen, you cant extend your session by clicking the "Remember Me" checkbox. By setting this value to true, a session will be extended as if "Remember Me" was checked + schema: + type: boolean + default: false # Include{containerConfig} # Include{podOptions} # Include{serviceRoot} diff --git a/charts/stable/mealie/templates/_secrets.tpl b/charts/stable/mealie/templates/_secrets.tpl index 5c7f5413244..550aecfca6d 100644 --- a/charts/stable/mealie/templates/_secrets.tpl +++ b/charts/stable/mealie/templates/_secrets.tpl @@ -93,5 +93,32 @@ api: {{- with $api.ldap.mail_attribute }} LDAP_MAIL_ATTRIBUTE: {{ . | quote }} {{- end -}} + {{- with $api.oidc.auth_enabled }} + OIDC_AUTH_ENABLED: {{ . | quote }} + {{- end -}} + {{- with $api.oidc.signup_enabled }} + OIDC_SIGNUP_ENABLED: {{ . | quote }} + {{- end -}} + {{- with $api.oidc.configuration_url }} + OIDC_CONFIGURATION_URL: {{ . | quote }} + {{- end -}} + {{- with $api.oidc.client_id }} + OIDC_CLIENT_ID: {{ . | quote }} + {{- end -}} + {{- with $api.oidc.user_group }} + OIDC_USER_GROUP: {{ . | quote }} + {{- end -}} + {{- with $api.oidc.admin_group }} + OIDC_ADMIN_GROUP: {{ . | quote }} + {{- end -}} + {{- with $api.oidc.auto_redirect }} + OIDC_AUTO_REDIRECT: {{ . | quote }} + {{- end -}} + {{- with $api.oidc.provider_name }} + OIDC_PROVIDER_NAME: {{ . | quote }} + {{- end -}} + {{- with $api.oidc.remember_me }} + OIDC_REMEMBER_ME: {{ . | quote }} + {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/stable/mealie/values.yaml b/charts/stable/mealie/values.yaml index 27e776e6d72..b8faab5bbb6 100644 --- a/charts/stable/mealie/values.yaml +++ b/charts/stable/mealie/values.yaml @@ -55,6 +55,16 @@ mealie: id_attribute: uid name_attribute: name mail_attribute: mail + oidc: + auth_enabled: false + signup_enabled: true + configuration_url: "" + client_id: "" + user_group: "" + admin_group: "" + auto_redirect: false + provider_name: "OAuth" + remember_me: false workload: main: podSpec: