From 645983296bb86de372fddb50416a6a6f3ee75ab9 Mon Sep 17 00:00:00 2001
From: ksrinimba <36603781+ksrinimba@users.noreply.github.com>
Date: Mon, 20 Sep 2021 11:03:27 +0530
Subject: [PATCH] Functionality for SAML RBAC and RBAC in Spinnaker (#195)

* Fix changes for SAML support, tested with OKTA

* Changed gate, sapor and platform CM to secret

* Added a flag to disable sampleapp autoinstall, for use in upgrades

* Added flag for RBAC in spinnaker

* Bump chart version

Co-authored-by: Abhinay Byrisetty <abhinay.byrisetty@hotmail.com>
---
 charts/oes/Chart.yaml               | 2 +-
 charts/oes/config/oes-gate/gate.yml | 9 +++++++++
 charts/oes/values.yaml              | 3 ++-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/charts/oes/Chart.yaml b/charts/oes/Chart.yaml
index 0b4e8611..a38becfc 100644
--- a/charts/oes/Chart.yaml
+++ b/charts/oes/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: oes
-version: 3.9.4
+version: 3.9.5
 appVersion: 3.9.1.2
 description: OES is a non-forked version of OSS spinnaker
 icon: https://raw.githubusercontent.com/OpsMx/enterprise-spinnaker/master/img/opsmx.png
diff --git a/charts/oes/config/oes-gate/gate.yml b/charts/oes/config/oes-gate/gate.yml
index 7cd7dd90..3d1ed373 100644
--- a/charts/oes/config/oes-gate/gate.yml
+++ b/charts/oes/config/oes-gate/gate.yml
@@ -77,7 +77,11 @@ services:
     host: 0.0.0.0
     port: 7003
     baseUrl: http://spin-fiat:7003
+    {{- if .Values.global.commonGate.spinnakerRBAC }}
+    enabled: true
+    {{- else }}
     enabled: false
+    {{- end }}
   front50:
     host: 0.0.0.0
     port: 8080
@@ -136,6 +140,11 @@ ldap:
   managerPassword: {{ .Values.global.ldap.managerPassword }}
 {{- end }}
 {{- if .Values.gate.config.saml.enabled }}
+security:
+  basic:
+    enabled: true
+  user: {}
+
 saml:
 {{ toYaml .Values.gate.config.saml | indent 2 }}
 {{- end }}
diff --git a/charts/oes/values.yaml b/charts/oes/values.yaml
index c0a4f955..7c662adc 100644
--- a/charts/oes/values.yaml
+++ b/charts/oes/values.yaml
@@ -65,6 +65,7 @@ global:
   # common gate for both spin and oes
   commonGate:
     enabled: true
+    spinnakerRBAC: false
 
   customCerts:
     enabled: false
@@ -421,7 +422,7 @@ gate:
     # kubectl create secret generic oessamljks --from-file=oessaml.jks
     # kubectl create secret generic samljks-password --from-literal password=changeit 
     saml:
-      enabled: true
+      enabled: false
       userSource: gate  # Groups will be obtained from SAML
       keyStore: /opt/spinnaker/saml/oessaml.jks  # The key in this secret must be oessaml.jks
       keyStorePassword: changeit