diff --git a/cluster-resources/policies/auth-sidecar-injector.yaml b/cluster-resources/policies/auth-sidecar-injector.yaml index bc59807..222211a 100644 --- a/cluster-resources/policies/auth-sidecar-injector.yaml +++ b/cluster-resources/policies/auth-sidecar-injector.yaml @@ -208,19 +208,33 @@ spec: protocol: TCP env: - name: AUTH_MODE - value: "mcp" + value: "oidc" - name: AUTH_LISTEN_ADDR value: ":8080" - name: AUTH_LOG_LEVEL value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}" - name: AUTH_UPSTREAM_URL value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}" - - name: AUTH_MCP_RESOURCE - value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-resource\" }}" - - name: AUTH_MCP_AUTHORIZATION_SERVERS - value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-authority\" }}" - - name: AUTH_MCP_SCOPES_SUPPORTED - value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-scopes\" || 'read,write' }}" + - name: AUTH_OIDC_AUTHORITY + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-authority\" }}" + - name: AUTH_OIDC_CLIENT_ID + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-client-id\" }}" + - name: AUTH_OIDC_CALLBACK_URL + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\" }}" + - name: AUTH_OIDC_CALLBACK_PATH + value: "{{ regex_replace_all('https?://[^/]*', request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\", '') }}" + - name: AUTH_OIDC_SCOPES + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email' }}" + - name: AUTH_OIDC_COOKIE_SECRET + valueFrom: + secretKeyRef: + name: auth-oidc + key: cookie-secret + - name: AUTH_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: auth-oidc + key: client-secret resources: limits: cpu: 50m @@ -282,33 +296,19 @@ spec: protocol: TCP env: - name: AUTH_MODE - value: "oidc" + value: "mcp" - name: AUTH_LISTEN_ADDR value: ":8080" - name: AUTH_LOG_LEVEL value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}" - name: AUTH_UPSTREAM_URL value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}" - - name: AUTH_OIDC_AUTHORITY - value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-authority\" }}" - - name: AUTH_OIDC_CLIENT_ID - value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-client-id\" }}" - - name: AUTH_OIDC_CALLBACK_URL - value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\" }}" - - name: AUTH_OIDC_CALLBACK_PATH - value: "{{ regex_replace_all('https?://[^/]*', request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\", '') }}" - - name: AUTH_OIDC_SCOPES - value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email' }}" - - name: AUTH_OIDC_COOKIE_SECRET - valueFrom: - secretKeyRef: - name: auth-oidc - key: cookie-secret - - name: AUTH_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: auth-oidc - key: client-secret + - name: AUTH_MCP_RESOURCE + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-resource\" }}" + - name: AUTH_MCP_AUTHORIZATION_SERVERS + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-authority\" }}" + - name: AUTH_MCP_SCOPES_SUPPORTED + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-scopes\" || 'read,write' }}" resources: limits: cpu: 50m