From 70afa08190e3465db5c9bed0591ec828cf5ca97c Mon Sep 17 00:00:00 2001 From: Daniel Wood Date: Wed, 16 Jun 2021 13:38:57 -0700 Subject: [PATCH] fix(helm): Set working defaults for google OAuth2 example (#13614) * Rebase and lint * Fix whitespace Co-authored-by: Amit Miran <47772523+amitmiran137@users.noreply.github.com> --- helm/superset/Chart.yaml | 2 +- helm/superset/values.yaml | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml index 7f446525b..1e9e2f438 100644 --- a/helm/superset/Chart.yaml +++ b/helm/superset/Chart.yaml @@ -22,7 +22,7 @@ maintainers: - name: craig-rueda email: craig@craigrueda.com url: https://github.com/craig-rueda -version: 0.1.4 +version: 0.1.5 dependencies: - name: postgresql version: 10.2.0 diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml index 654100216..d357f6d0a 100644 --- a/helm/superset/values.yaml +++ b/helm/superset/values.yaml @@ -51,10 +51,17 @@ extraEnv: {} # Extend timeout to allow long running queries. # GUNICORN_TIMEOUT: 300 + + # OAUTH_HOME_DOMAIN: .. + # # If a whitelist is not set, any address that can use your OAuth2 endpoint will be able to login. + # # this includes any random Gmail address if your OAuth2 Web App is set to External. + # OAUTH_WHITELIST_REGEX: ... + ## Extra environment variables to pass as secrets ## extraSecretEnv: {} # MAPBOX_API_KEY: ... + # # Google API Keys: https://console.cloud.google.com/apis/credentials # GOOGLE_KEY: ... # GOOGLE_SECRET: ... @@ -82,12 +89,13 @@ configOverrides: {} # # Extend timeout to allow long running queries. # SUPERSET_WEBSERVER_TIMEOUT = ... # enable_oauth: | - # from flask_appbuilder.security.manager import AUTH_DB + # from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH) # AUTH_TYPE = AUTH_OAUTH # OAUTH_PROVIDERS = [ # { # "name": "google", + # "whitelist": [ os.getenv("OAUTH_WHITELIST_REGEX", "") ], # "icon": "fa-google", # "token_key": "access_token", # "remote_app": { @@ -98,9 +106,17 @@ configOverrides: {} # "request_token_url": None, # "access_token_url": "https://accounts.google.com/o/oauth2/token", # "authorize_url": "https://accounts.google.com/o/oauth2/auth", - # }, + # "authorize_params": {"hd": os.getenv("OAUTH_HOME_DOMAIN", "")} + # } # } # ] + # # Map Authlib roles to superset roles + # AUTH_ROLE_ADMIN = 'Admin' + # AUTH_ROLE_PUBLIC = 'Public' + # # Will allow user self registration, allowing to create Flask users from Authorized User + # AUTH_USER_REGISTRATION = True + # # The default user self registration role + # AUTH_USER_REGISTRATION_ROLE = "Admin" configMountPath: "/app/pythonpath"