From 4630cc89172782234ce09b129f86e425559d54ac Mon Sep 17 00:00:00 2001
From: rconway <rconway@users.noreply.github.com>
Date: Wed, 3 Apr 2024 08:13:18 +0000
Subject: [PATCH] Commit triggered by a change on the main branch of
 helm-charts-dev

---
 charts/identity-gatekeeper/Chart.yaml             |  2 +-
 charts/identity-gatekeeper/templates/_helpers.tpl |  2 +-
 charts/identity-gatekeeper/values.yaml            | 13 +++++++++++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/charts/identity-gatekeeper/Chart.yaml b/charts/identity-gatekeeper/Chart.yaml
index fcd7613..fddf6e4 100644
--- a/charts/identity-gatekeeper/Chart.yaml
+++ b/charts/identity-gatekeeper/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.11
+version: 1.0.12
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/identity-gatekeeper/templates/_helpers.tpl b/charts/identity-gatekeeper/templates/_helpers.tpl
index d81d860..debd3d0 100644
--- a/charts/identity-gatekeeper/templates/_helpers.tpl
+++ b/charts/identity-gatekeeper/templates/_helpers.tpl
@@ -115,5 +115,5 @@ Ingress server-snippets - merged from constituent parts
 {{- define "identity-gatekeeper.ingressServerSnippet" -}}
 {{ .Values.ingress.serverSnippets.custom }}
 {{ .Values.ingress.serverSnippets.gatekeeper }}
-{{ .Values.ingress.serverSnippets.auth }}
+{{ tpl .Values.ingress.serverSnippets.auth $ }}
 {{- end }}
diff --git a/charts/identity-gatekeeper/values.yaml b/charts/identity-gatekeeper/values.yaml
index 39d1ae9..b855f97 100644
--- a/charts/identity-gatekeeper/values.yaml
+++ b/charts/identity-gatekeeper/values.yaml
@@ -101,9 +101,13 @@ ingress:
       add_header Access-Control-Allow-Headers "Authorization, Origin, Content-Type";
     nginx.ingress.kubernetes.io/server-snippet: |-
       {{ include "identity-gatekeeper.ingressServerSnippet" . }}
+
+  # openUri specifies a set of $request_uri regex to match for open access - i.e. avoiding the auth check
+  openUri: []
+
+  # Server snippets separated into different values, to allow them to be more easily overridden,
+  # and to more easily introduce addition custom locations.
   serverSnippets:
-    # Server snippets separated into different values, to allow them to be more easily overridden,
-    # and to more easily introduce addition custom locations.
     custom: |-
       #----------
       # Custom server snippets
@@ -128,6 +132,11 @@ ingress:
       # Endpoint for the nginx 'auth_request' - which directs to gatekeeper
       location ^~ /auth {
         internal;
+        {{- range .Values.ingress.openUri }}
+        if ($request_uri ~ {{ . }}) {
+          return 200;
+        }
+        {{- end }}
         proxy_pass {{ include "identity-gatekeeper.proxyServiceUrl" . }}$request_uri;
         proxy_pass_request_body off;
         proxy_set_header Content-Length "";