fix: login method naming

README-ENTERPRISE.md

@@ -96,12 +96,12 @@ Configure how the Intelligent Command Center can be accessed
 
 | Name | Description | Default Value | Required |
 | --- | --- | --- | --- |
-| `services.icc.login_methods.google_oauth.enable` | Enable Google OAuth | false | Yes |
-| `services.icc.login_methods.google_oauth.client_id` | Required when Google is enabled | "" | No |
-| `services.icc.login_methods.google_oauth.client_secret` | Required when Google is enabled | "" | No |
-| `services.icc.login_methods.github_oauth.enable` | Enable Github OAuth | false | Yes |
-| `services.icc.login_methods.github_oauth.client_id` | Required when Github is enabled | "" | No |
-| `services.icc.login_methods.github_oauth.client_secret` | Required when Github is enabled | "" | No |
+| `services.icc.login_methods.google.enable` | Enable Google OAuth | false | Yes |
+| `services.icc.login_methods.google.client_id` | Required when Google is enabled | "" | No |
+| `services.icc.login_methods.google.client_secret` | Required when Google is enabled | "" | No |
+| `services.icc.login_methods.github.enable` | Enable Github OAuth | false | Yes |
+| `services.icc.login_methods.github.client_id` | Required when Github is enabled | "" | No |
+| `services.icc.login_methods.github.client_secret` | Required when Github is enabled | "" | No |
 | `services.icc.login_methods.password.enable` | Enable password authentication. **Enterprise-only** | false | No |
 | `services.icc.login_methods.password.password` | Password will be stored in environment variables. **Enterprise-only** | "" | No |
 | `services.icc.login_methods.demo.enable` | Creates a fake super user to browse the dashboard. **Enterprise-only** | false | No |
@@ -147,6 +147,9 @@ variables, and execute the script.
 # Name of the cloud provider being deployed to. Valid values are: aws, gcp, or left empty
 PLT_CLOUD_PROVIDER=""
 
+# Image pull secret token
+DOCKER_TOKEN=""
+
 # Connection string to Postgres cluster
 PLT_DATABASE_URL=""
 
@@ -171,6 +174,8 @@ helm install platformatic oci://ghcr.io/platformatic/helm \
     --create-namespace \
     --namespace platformatic \
     --set "cloud=$PLT_CLOUD_PROVIDER" \
+    --set "imagePullSecret.token=${DOCKER_TOKEN}" \
+    --set "imagePullSecret.user=platformatic" \
     --set "services.icc.database_url=$PLT_DATABASE_URL" \
     --set "services.icc.public_url=$PLT_PUBLIC_URL" \
     --set "services.icc.prometheus.url=$PLT_PROMETHEUS_URL" \
@@ -179,9 +184,9 @@ helm install platformatic oci://ghcr.io/platformatic/helm \
     --set "services.icc.secrets.user_manager_session=$(openssl rand -base64 32)" \
     --set "services.icc.secrets.icc_session=$(openssl rand -hex 32)" \
     --set "services.icc.secrets.control_plane_keys=$(openssl rand -hex 32)" \
-    --set "services.icc.login_methods.github_oauth.enable=true" \
-    --set "services.icc.login_methods.github_oauth.client_id=$GITHUB_OAUTH_CLIENT_ID" \
-    --set "services.icc.login_methods.github_oauth.client_secret=$GITHUB_OAUTH_CLIENT_SECRET"
+    --set "services.icc.login_methods.github.enable=true" \
+    --set "services.icc.login_methods.github.client_id=$GITHUB_OAUTH_CLIENT_ID" \
+    --set "services.icc.login_methods.github.client_secret=$GITHUB_OAUTH_CLIENT_SECRET"
 ```
 
 ## Notes

README.md

@@ -97,12 +97,12 @@ Configure how the Intelligent Command Center can be accessed
 
 | Name | Description | Default Value | Required |
 | --- | --- | --- | --- |
-| `services.icc.login_methods.google_oauth.enable` | Enable Google OAuth | false | Yes |
-| `services.icc.login_methods.google_oauth.client_id` | Required when Google is enabled | "" | No |
-| `services.icc.login_methods.google_oauth.client_secret` | Required when Google is enabled | "" | No |
-| `services.icc.login_methods.github_oauth.enable` | Enable Github OAuth | false | Yes |
-| `services.icc.login_methods.github_oauth.client_id` | Required when Github is enabled | "" | No |
-| `services.icc.login_methods.github_oauth.client_secret` | Required when Github is enabled | "" | No |
+| `services.icc.login_methods.google.enable` | Enable Google OAuth | false | Yes |
+| `services.icc.login_methods.google.client_id` | Required when Google is enabled | "" | No |
+| `services.icc.login_methods.google.client_secret` | Required when Google is enabled | "" | No |
+| `services.icc.login_methods.github.enable` | Enable Github OAuth | false | Yes |
+| `services.icc.login_methods.github.client_id` | Required when Github is enabled | "" | No |
+| `services.icc.login_methods.github.client_secret` | Required when Github is enabled | "" | No |
 
 ### Machinist
 
@@ -174,9 +174,9 @@ helm install platformatic oci://ghcr.io/platformatic/helm \
     --set "services.icc.secrets.user_manager_session=$(openssl rand -base64 32)" \
     --set "services.icc.secrets.icc_session=$(openssl rand -hex 32)" \
     --set "services.icc.secrets.control_plane_keys=$(openssl rand -hex 32)" \
-    --set "services.icc.login_methods.github_oauth.enable=true" \
-    --set "services.icc.login_methods.github_oauth.client_id=$GITHUB_OAUTH_CLIENT_ID" \
-    --set "services.icc.login_methods.github_oauth.client_secret=$GITHUB_OAUTH_CLIENT_SECRET"
+    --set "services.icc.login_methods.github.enable=true" \
+    --set "services.icc.login_methods.github.client_id=$GITHUB_OAUTH_CLIENT_ID" \
+    --set "services.icc.login_methods.github.client_secret=$GITHUB_OAUTH_CLIENT_SECRET"
 ```
 
 ## Notes

chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: helm
-version: 4.0.0-alpha.9
+version: 4.0.0-alpha.11
 kubeVersion: ">= 1.30.0-0"
 description: Platformatic microservices
 type: application

chart/templates/deployment/_icc.yaml

@@ -151,7 +151,7 @@ spec:
             - name: PLT_COMPLIANCE_RULES_DIR
               value: "./rules"
 
-            {{- if .login_methods.github_oauth.enable }}
+            {{- if .login_methods.github.enable }}
             - name: PLT_GITHUB_OAUTH_CLIENT_ID
               valueFrom:
                 secretKeyRef:
@@ -162,9 +162,14 @@ spec:
                 secretKeyRef:
                   name: icc-github-oauth
                   key: client_secret
+            - name: PLT_USER_MANAGER_SUPER_ADMIN_EMAIL
+              valueFrom:
+                secretKeyRef:
+                  name: icc-github-oauth
+                  key: valid_emails
             {{- end }}
 
-            {{- if .login_methods.google_oauth.enable }}
+            {{- if .login_methods.google.enable }}
             - name: PLT_GOOGLE_OAUTH_CLIENT_ID
               valueFrom:
                 secretKeyRef:
@@ -175,6 +180,11 @@ spec:
                 secretKeyRef:
                   name: icc-google-oauth
                   key: client_secret
+            - name: PLT_USER_MANAGER_SUPER_ADMIN_EMAIL
+              valueFrom:
+                secretKeyRef:
+                  name: icc-google-oauth
+                  key: valid_emails
             {{- end }}
 
             - name: PLT_ICC_SESSION_SECRET

chart/templates/secrets.yaml

@@ -31,7 +31,8 @@ data:
 
 {{/* Add all enabled ICC login methods */}}
 
-{{- if .Values.services.icc.login_methods.google_oauth.enable }}
+{{- with .Values.services.icc.login_methods.google }}
+{{- if .enable }}
 ---
 apiVersion: v1
 kind: Secret
@@ -43,11 +44,14 @@ metadata:
     {{- include "application.labels" $ | nindent 4 }}
     {{- include "application.selectorLabels" (merge (dict "name" "icc-google-oauth") $) | nindent 4 }}
 data:
-  client_id: {{ .Values.services.icc.login_methods.google_oauth.client_id | b64enc }}
-  client_secret: {{ .Values.services.icc.login_methods.google_oauth.client_secret | b64enc }}
+  client_id: {{ .client_id | b64enc }}
+  client_secret: {{ .client_secret | b64enc }}
+  valid_emails: {{ join "," .valid_emails | b64enc }}
+{{- end }}
 {{- end }}
 
-{{- if .Values.services.icc.login_methods.github_oauth.enable }}
+{{- with .Values.services.icc.login_methods.github }}
+{{- if .enable }}
 ---
 apiVersion: v1
 kind: Secret
@@ -59,8 +63,10 @@ metadata:
     {{- include "application.labels" $ | nindent 4 }}
     {{- include "application.selectorLabels" (merge (dict "name" "icc-github-oauth") $) | nindent 4 }}
 data:
-  client_id: {{ .Values.services.icc.login_methods.github_oauth.client_id | b64enc }}
-  client_secret: {{ .Values.services.icc.login_methods.github_oauth.client_secret | b64enc }}
+  client_id: {{ .client_id | b64enc }}
+  client_secret: {{ .client_secret | b64enc }}
+  valid_emails: {{ join "," .valid_emails | b64enc }}
+{{- end }}
 {{- end }}
 
 {{/* Setup databases */}}

chart/values.yaml

@@ -77,20 +77,16 @@ services:
     # Change `enable` to `true` to use a method
     # At least one method must be enabled
     login_methods:
-      google_oauth:
+      google:
         enable: false
         #client_id: ""
         #client_secret: ""
-      github_oauth:
+        #valid_emails: []
+      github:
         enable: false
         #client_id: ""
         #client_secret: ""
-      # These login methods are only supported in our Enterprise release
-      #password:
-        #enable: false
-        #password: ""
-      #demo:
-      #  enable: false
+        #valid_emails: []
 
     # The URL that ICC will be accessed from
     # Some examples: