From 77a5cfd4037e4b3381d04b8f93656a9354699413 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Thu, 31 Aug 2023 02:42:12 +0200
Subject: [PATCH] feat(hedgedoc): Add ability to specify oauth role claim and
 access role

This patch adds the ability to the restrict oauth access to certain
roles. These roles have to be available in an attribute of the profile
info.

This also upgrades to 1.9.9
---
 charts/hedgedoc/Chart.yaml               | 4 ++--
 charts/hedgedoc/README.md                | 4 +++-
 charts/hedgedoc/templates/configmap.yaml | 6 ++++++
 charts/hedgedoc/values.yaml              | 2 ++
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/charts/hedgedoc/Chart.yaml b/charts/hedgedoc/Chart.yaml
index 261ac1d23..b565f3c91 100644
--- a/charts/hedgedoc/Chart.yaml
+++ b/charts/hedgedoc/Chart.yaml
@@ -14,9 +14,9 @@ keywords:
 sources:
     - https://github.com/hedgedoc/hedgedoc/tree/master
     - https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/hedgedoc
-version: 0.3.3
+version: 0.4.0
 # renovate: image=quay.io/hedgedoc/hedgedoc
-appVersion: "1.9.8"
+appVersion: "1.9.9"
 maintainers:
 - name: Sheogorath
   url: https://shivering-isles.com
diff --git a/charts/hedgedoc/README.md b/charts/hedgedoc/README.md
index 1ef1939df..2a9647c39 100644
--- a/charts/hedgedoc/README.md
+++ b/charts/hedgedoc/README.md
@@ -1,6 +1,6 @@
 # hedgedoc
 
-![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.8](https://img.shields.io/badge/AppVersion-1.9.8-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.9](https://img.shields.io/badge/AppVersion-1.9.9-informational?style=flat-square)
 
 A platform to write and share markdown.
 
@@ -41,10 +41,12 @@ A platform to write and share markdown.
 | config.minio.port | int | `443` |  |
 | config.minio.secretKey | string | `nil` |  |
 | config.minio.secure | bool | `true` |  |
+| config.oauth.accessRole | string | `nil` |  |
 | config.oauth.authorisationUrl | string | `nil` |  |
 | config.oauth.clientId | string | `nil` |  |
 | config.oauth.clientSecret | string | `nil` |  |
 | config.oauth.providerName | string | `nil` |  |
+| config.oauth.roleClaim | string | `nil` |  |
 | config.oauth.scope | string | `"openid email profile"` |  |
 | config.oauth.tokenUrl | string | `nil` |  |
 | config.oauth.userProfileDisplayName | string | `"name"` |  |
diff --git a/charts/hedgedoc/templates/configmap.yaml b/charts/hedgedoc/templates/configmap.yaml
index 4dfc1f973..2f739b423 100644
--- a/charts/hedgedoc/templates/configmap.yaml
+++ b/charts/hedgedoc/templates/configmap.yaml
@@ -65,6 +65,12 @@ data:
   {{- with .Values.config.oauth.scope }}
   CMD_OAUTH2_SCOPE: {{ . | quote }}
   {{- end }}
+  {{- with .Values.config.oauth.roleClaim }}
+  CMD_OAUTH2_ROLES_CLAIM: {{ . | quote }}
+  {{- end }}
+  {{- with .Values.config.oauth.accessRole }}
+  CMD_OAUTH2_ACCESS_ROLE: {{ . | quote }}
+  {{- end }}
   {{- with .Values.config.defaultPermission }}
   CMD_DEFAULT_PERMISSION: {{ . | quote }}
   {{- end }}
\ No newline at end of file
diff --git a/charts/hedgedoc/values.yaml b/charts/hedgedoc/values.yaml
index d26b31b69..cc954dbc4 100644
--- a/charts/hedgedoc/values.yaml
+++ b/charts/hedgedoc/values.yaml
@@ -51,6 +51,8 @@ config:
     userProfileDisplayName: name
     userProfileEmailAttr: email
     scope: openid email profile
+    roleClaim: null
+    accessRole: null
 
 
 postgresql:
-- 
GitLab