env sections

cluster-resources/policies/auth-sidecar-injector.yaml

@@ -208,19 +208,33 @@ spec:
               protocol: TCP
             env:
             - name: AUTH_MODE
-              value: "mcp"
+              value: "oidc"
             - name: AUTH_LISTEN_ADDR
               value: ":8080"
             - name: AUTH_LOG_LEVEL
               value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}"
             - name: AUTH_UPSTREAM_URL
               value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
-            - name: AUTH_MCP_RESOURCE
+            - name: AUTH_OIDC_AUTHORITY
-              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-resource\" }}"
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-authority\" }}"
-            - name: AUTH_MCP_AUTHORIZATION_SERVERS
+            - name: AUTH_OIDC_CLIENT_ID
-              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-authority\" }}"
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-client-id\" }}"
-            - name: AUTH_MCP_SCOPES_SUPPORTED
+            - name: AUTH_OIDC_CALLBACK_URL
-              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-scopes\" || 'read,write'  }}"
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\" }}"
+            - name: AUTH_OIDC_CALLBACK_PATH
+              value: "{{ regex_replace_all('https?://[^/]*', request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\", '') }}"
+            - name: AUTH_OIDC_SCOPES
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email'  }}"
+            - name: AUTH_OIDC_COOKIE_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: auth-oidc
+                  key: cookie-secret
+            - name: AUTH_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: auth-oidc
+                  key: client-secret
             resources:
               limits:
                 cpu: 50m
@@ -282,33 +296,19 @@ spec:
               protocol: TCP
             env:
             - name: AUTH_MODE
-              value: "oidc"
+              value: "mcp"
             - name: AUTH_LISTEN_ADDR
               value: ":8080"
             - name: AUTH_LOG_LEVEL
               value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}"
             - name: AUTH_UPSTREAM_URL
               value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
-            - name: AUTH_OIDC_AUTHORITY
+            - name: AUTH_MCP_RESOURCE
-              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-authority\" }}"
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-resource\" }}"
-            - name: AUTH_OIDC_CLIENT_ID
+            - name: AUTH_MCP_AUTHORIZATION_SERVERS
-              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-client-id\" }}"
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-authority\" }}"
-            - name: AUTH_OIDC_CALLBACK_URL
+            - name: AUTH_MCP_SCOPES_SUPPORTED
-              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\" }}"
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-scopes\" || 'read,write'  }}"
-            - name: AUTH_OIDC_CALLBACK_PATH
-              value: "{{ regex_replace_all('https?://[^/]*', request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\", '') }}"
-            - name: AUTH_OIDC_SCOPES
-              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email'  }}"
-            - name: AUTH_OIDC_COOKIE_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: auth-oidc
-                  key: cookie-secret
-            - name: AUTH_OIDC_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: auth-oidc
-                  key: client-secret
             resources:
               limits:
                 cpu: 50m